Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

System Error"Your Computer Was Infected By An Unknown Virus"

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

System Error"Your Computer Was Infected By An Unknown Virus"

Unread postby santyurou » February 11th, 2008, 2:20 am

Hi guys,

My IE is hijacked by this unknown virus and my google search result would end up getting porn searches.

I tried using HighJackThis, but so far nothing have worked. :bounce:

The following is my combo fix result. Could anyone help me out with this problem? Very Appreciated.

ComboFix 08-02.05.3 - WillHsu 2008-02-10 20:28:06.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.950.1.1028.18.599 [GMT -8:00]
執行位置?: C:\Documents and Settings\WillHsu\桌面\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( 其他遭刪除的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\WillHsu\Local Settings\Application Data\baidu

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_BDGUARD


(((((((((((((((((((((((((((( 2008-01-11 - 2008-02-11 之間建立的檔案 )))))))))))))))))))))))))))))))))
.

2008-02-10 20:14 . 2008-02-10 20:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-10 17:41 . 2008-02-10 17:41 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-02-10 17:27 . 2008-02-10 17:27 <DIR> dr-h----- C:\$VAULT$.AVG
2008-02-10 16:31 . 2008-02-10 16:31 <DIR> d-------- C:\Documents and Settings\WillHsu\Application Data\AVG7
2008-02-10 16:31 . 2008-02-10 16:31 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-10 16:31 . 2008-02-10 16:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-10 14:48 . 2008-02-10 14:48 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-02-10 14:36 . 2008-02-10 14:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-10 14:36 . 2008-02-10 14:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-02-10 14:13 . 2008-02-10 14:13 236,544 --a------ C:\WINDOWS\sysvol32.dll
2008-02-10 14:01 . 2008-02-10 14:13 49 --a------ C:\tmp.bat
2008-02-05 00:26 . 2008-02-05 00:26 <DIR> d-------- C:\Program Files\Common Files\INCA Shared

.
(((((((((((((((((((((((((((((((((((( 近三個月內更動的檔案 )))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 07:11 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-05 07:11 --------- d-----w C:\Program Files\Microsoft Works
2008-01-05 07:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-05 07:03 --------- d-----w C:\Program Files\MagicISO
2007-12-05 00:52 29,856 ----a-w C:\Documents and Settings\WillHsu\Application Data\GDIPFONTCACHEV1.DAT
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2006-01-20 05:53 784 ----a-w C:\Documents and Settings\WillHsu\Application Data\mpauth.dat
2005-08-17 03:47 32,768 ------w C:\Program Files\SymNetDrv
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
.

(((((((((((((((((((((((((((((((((((((((((( 重要登錄檔 )))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*注意* 空白或合法的登錄值將不會顯示

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D70E28A7-AA79-4D62-A59F-87024840BB62}]
2008-02-10 14:13 236544 --a------ C:\WINDOWS\sysvol32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:47 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pdfFactory Pro Dispatcher v2"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2004-08-25 12:33 442368]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 05:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 21:07 7110656]
"ClubBox"="" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16 286720]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-10 16:31 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:47 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-10 16:31 219136]

C:\Documents and Settings\WillHsu\「開始」功能表\程式集\啟動\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Ghp`amfUbrhLds"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Mn@iboddPubswLfov"= 0 (0x0)
"Mn@mlrf"= 0 (0x0)
"MnOndNeg"= 0 (0x0)
"MnQtm"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-10-09 02:18 49152]

S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2005-03-16 18:00]
S3 BTNetFilter;Bluetooth Network Filter;C:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 16:32]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21ad0290-005c-11dc-a0e7-0080c81c92d2}]
\Shell\AutoRun\command - F:\LinksysConnectPC.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79618ce7-055e-11db-9f13-0080c81c92d2}]
\Shell\AutoRun\command - F:\AutoRun.exe

.
排程工作資料夾的內容
"2008-02-11 03:56:02 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-01-28 20:54:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 20:33:29
Windows 5.1.2600 Service Pack 2 FAT NTAPI

掃描隱藏的程序...

掃描隱藏的進程...

掃描隱藏的檔案...

掃描完成
隱藏檔案?: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\conime.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
完成時間?: 2008-02-10 20:35:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-11 04:35:26
.
2008-01-09 07:58:03 --- E O F ---
santyurou
Active Member
 
Posts: 1
Joined: February 11th, 2008, 2:14 am
Advertisement
Register to Remove

Re: System Error"Your Computer Was Infected By An Unknown Virus"

Unread postby random/random » February 14th, 2008, 6:51 pm

  • Open a new notepad window (Start>All programs>accessories>notepad)
  • Highlight the contents of the below codebox and then press ctrl+c to copy it to the clipboard
    Code: Select all
    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D70E28A7-AA79-4D62-A59F-87024840BB62}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ClubBox"=-
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79618ce7-055e-11db-9f13-0080c81c92d2}]
    File::
    C:\WINDOWS\sysvol32.dll
  • Paste the contents of the clipboard into the notepad window by pressing ctrl+v or edit>paste
  • Save it to the desktop as CFscript.txt
  • Now drag and drop CFscript.txt onto combofix.exe as in the picture below and follow the prompts:
    Image
  • When finished, it shall produce a log for you. Post that log and a HiJackThis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm

Re: System Error"Your Computer Was Infected By An Unknown Virus"

Unread postby askey127 » March 1st, 2008, 7:34 am

This topic is now closed due to inactivity. If you wish it to be reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

If it has been 10 days or more since your last post, and the helper assisting you posted a response to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us to reopen this topic if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 21 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware