Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Antivirus 2009

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Antivirus 2009

Unread postby Unexplored Reality » December 31st, 2008, 6:54 am

Hello,

I have a virus, a corrupt virus program wich I can't get rid off. My original virus scan is AVG Anti-Virus Free but it doesn't work against this virus.

The log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:50:00, on 31/12/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINNT\system32\BrmfBAgS.exe
C:\WINNT\system32\Brmfrmps.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\MSN Messenger\msnmsgr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\3.bin\A2SRCHAS.DLL
O2 - BHO: (no name) - {0076C234-2AE1-43E0-BE7F-12C145C36700} - C:\WINNT\system32\nnnllKBs.dll (file missing)
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\3.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {16B435F6-B6CE-4F24-A568-944B27ED919C} - (no file)
O2 - BHO: (no name) - {1dc5ce1a-db1f-42d7-9b70-2dd4893aa153} - C:\WINNT\system32\yuwelete.dll
O2 - BHO: (no name) - {2D6721D4-2853-4883-9553-61FF46D20418} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {A2CFF48B-C0FF-4D47-AAB9-2114F8FEC63A} - (no file)
O2 - BHO: {b6c49986-7c1f-4118-cc14-1db5a977ad3b} - {b3da779a-5bd1-41cc-8114-f1c768994c6b} - C:\WINNT\system32\huwinm.dll (file missing)
O2 - BHO: (no name) - {C8571E9F-984F-4656-81CB-6EF7BB15B0E9} - C:\WINNT\system32\mlJCRjIX.dll (file missing)
O2 - BHO: (no name) - {ED120D76-BF31-412C-A99B-783C6676E128} - (no file)
O2 - BHO: (no name) - {FB4085B0-4DFD-4F47-ACF9-FFFF849132CF} - C:\WINNT\system32\tuvVMfgD.dll (file missing)
O2 - BHO: (no name) - {FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\2.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [60d763e2] rundll32.exe "C:\WINNT\system32\kenamezi.dll",b
O4 - HKLM\..\Run: [malejojepe] Rundll32.exe "C:\WINNT\system32\gizilalu.dll",s
O4 - HKLM\..\Run: [CPM63e4507e] Rundll32.exe "c:\winnt\system32\nimusofa.dll",a
O4 - HKCU\..\Policies\Explorer\Run: [{60D7634D-051C-2067-0319-020314010020}] "C:\Program Files\Common Files\{60D7634D-051C-2067-0319-020314010020}\Update.exe" mc-110-12-0001411
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-U ... E_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplat ... -devel.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {BD4F7A6D-0107-4BDF-B72B-021B717B06CE} - http://scanner.msscanner-online.com/setup/setup.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {E27AFA80-A9FE-4381-9C06-3CC017391DC9} - http://scanner-pwrantivirus.com/setup/setup.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll huwinm.dll c:\winnt\system32\wigimogo.dll c:\winnt\system32\wusosogo.dll c:\winnt\system32\pobojohe.dll,C:\WINNT\system32\kakenere.dll c:\winnt\system32\nimusofa.dll
O20 - Winlogon Notify: iifccyaw - iifccyaw.dll (file missing)
O20 - Winlogon Notify: nnnllKBs - nnnllKBs.dll (file missing)
O20 - Winlogon Notify: xxyyyWOi - xxyyyWOi.dll (file missing)
O20 - Winlogon Notify: yayayax - yayayax.dll (file missing)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\winnt\system32\nimusofa.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\winnt\system32\nimusofa.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINNT\system32\BrmfBAgS.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINNT\system32\Brmfrmps.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 8360 bytes



Thank you,
Danny
Unexplored Reality
Active Member
 
Posts: 5
Joined: December 31st, 2008, 6:48 am
Advertisement
Register to Remove

Re: Antivirus 2009

Unread postby Odd dude » December 31st, 2008, 9:55 am

Hello and welcome to the forums!

I'm Odd dude, pleased to meet you; if it helps, you can call me OD ;). I will be helping you with your infection. However, it is important to take note of the following - quite the wall of text, I know, but please bear with me:

  • Logs from malware removal programs (Hijackthis is one of them) can take some time to analyze. I need you to be patient whilst I analyze any logs you post.
  • Please carefully read any instruction that I give you.
    Reading too lightly will cause you to miss important steps, which could have destructive effects.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • Only YOU must use these instructions, they are not suitable for any other computer, similar issues or not.
  • Do not do things I do not ask for, such as running a spyware scan. The one thing you should always do, though, is making sure that your antivirus definitions are up-to-date!
  • If I tell you to download a tool which you already have, please re-download it and do not use the copy you already have. This is because the tools are updated regularly.
  • In Windows Vista, all tools need to be started by right clicking and selecting Run as administrator!
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you were to do the same. From this point, we're in this together ;)
    Because of this, you must reply within five days
    . I will post a reminder should you seem to fail to do this, however, if you fail to reply within five days then, unless I have been notified of your absence in advance, the topic shall be closed!
  • As I am still in training at the Malware Removal University, anything I do must be checked by an experienced malware fighter. This means there might be a slight delay in my answers.
  • Lastly, I am no magican. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system. Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

I am now analyzing your situation and hope to be back with you soon. While I am reviewing your situation, could you please do the following for me:

Make an Uninstall List
I need you to create an uninstall list so I can further analyze your situation.

  • Start HijackThis.
  • Click Open the Misc Tools section
  • Click Open Uninstall Manager
  • Click Save list...
  • Save the list to your desktop, or any other convenient place.

Please post back:
  • Uninstall list
  • New hijackthis log
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Antivirus 2009

Unread postby Unexplored Reality » December 31st, 2008, 10:46 am

Thank you for the quik reply, because the virus is driving me insane... I have pop-ups every 15 minutes wich makes it hard for me to work on this computer.
I must warn you, I know nothing about computers + I live in Belgium so my English won't be perfect. Also, I work on a Windows 2000 Professional. My computer is pretty much ancient so maybe that will cause problems because you're probably used to working with better computers.

The new log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:41:52, on 31/12/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINNT\system32\BrmfBAgS.exe
C:\WINNT\system32\Brmfrmps.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINNT\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\3.bin\A2SRCHAS.DLL
O2 - BHO: (no name) - {0076C234-2AE1-43E0-BE7F-12C145C36700} - C:\WINNT\system32\nnnllKBs.dll (file missing)
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\3.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {16B435F6-B6CE-4F24-A568-944B27ED919C} - (no file)
O2 - BHO: (no name) - {1dc5ce1a-db1f-42d7-9b70-2dd4893aa153} - C:\WINNT\system32\yuwelete.dll
O2 - BHO: (no name) - {2D6721D4-2853-4883-9553-61FF46D20418} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {A2CFF48B-C0FF-4D47-AAB9-2114F8FEC63A} - (no file)
O2 - BHO: {b6c49986-7c1f-4118-cc14-1db5a977ad3b} - {b3da779a-5bd1-41cc-8114-f1c768994c6b} - C:\WINNT\system32\huwinm.dll (file missing)
O2 - BHO: (no name) - {C8571E9F-984F-4656-81CB-6EF7BB15B0E9} - C:\WINNT\system32\mlJCRjIX.dll (file missing)
O2 - BHO: (no name) - {ED120D76-BF31-412C-A99B-783C6676E128} - (no file)
O2 - BHO: (no name) - {FB4085B0-4DFD-4F47-ACF9-FFFF849132CF} - C:\WINNT\system32\tuvVMfgD.dll (file missing)
O2 - BHO: (no name) - {FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\2.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [60d763e2] rundll32.exe "C:\WINNT\system32\kenamezi.dll",b
O4 - HKLM\..\Run: [malejojepe] Rundll32.exe "C:\WINNT\system32\gizilalu.dll",s
O4 - HKLM\..\Run: [CPM63e4507e] Rundll32.exe "c:\winnt\system32\nimusofa.dll",a
O4 - HKCU\..\Policies\Explorer\Run: [{60D7634D-051C-2067-0319-020314010020}] "C:\Program Files\Common Files\{60D7634D-051C-2067-0319-020314010020}\Update.exe" mc-110-12-0001411
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-U ... E_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplat ... -devel.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {BD4F7A6D-0107-4BDF-B72B-021B717B06CE} - http://scanner.msscanner-online.com/setup/setup.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {E27AFA80-A9FE-4381-9C06-3CC017391DC9} - http://scanner-pwrantivirus.com/setup/setup.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll huwinm.dll c:\winnt\system32\wigimogo.dll c:\winnt\system32\wusosogo.dll c:\winnt\system32\pobojohe.dll,C:\WINNT\system32\kakenere.dll c:\winnt\system32\nimusofa.dll
O20 - Winlogon Notify: iifccyaw - iifccyaw.dll (file missing)
O20 - Winlogon Notify: nnnllKBs - nnnllKBs.dll (file missing)
O20 - Winlogon Notify: xxyyyWOi - xxyyyWOi.dll (file missing)
O20 - Winlogon Notify: yayayax - yayayax.dll (file missing)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\winnt\system32\nimusofa.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\winnt\system32\nimusofa.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINNT\system32\BrmfBAgS.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINNT\system32\Brmfrmps.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 8342 bytes



The uninstall list:

Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Reader 7.0.8 - Nederlands
Adobe Shockwave Player
Ask Toolbar
AVG Free 8.0
Brother Drivers
Brother MFL-Pro Suite
CCleaner (remove only)
EclipseCrossword
FrostWire 4.17.0
GIMP 2.4.5
GTK+ 2.10.13 runtime environment
HijackThis 2.0.2
Hotfix for MDAC 2.53 (KB911562)
HyperCam
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 9
Macromedia Contribute 3.11
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 8
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Macromedia Flash Player 8 Plugin
Microsoft Age of Empires II
Microsoft Office Professional Editie 2003
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.3)
MSN Messenger 7.0
NVIDIA Drivers
PaperPort
Picasa 2
Security Update for Windows 2000 (KB923689)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
SwiftKit
Sygate Personal Firewall
Update Rollup 1 for Windows 2000 SP4
VIA Platform Device Manager
Windows 2000 Hotfix - KB833407
Windows 2000 Hotfix - KB842773
Windows 2000 Hotfix - KB893756
Windows 2000 Hotfix - KB896358
Windows 2000 Hotfix - KB896422
Windows 2000 Hotfix - KB896423
Windows 2000 Hotfix - KB896424
Windows 2000 Hotfix - KB899587
Windows 2000 Hotfix - KB899589
Windows 2000 Hotfix - KB900725
Windows 2000 Hotfix - KB901017
Windows 2000 Hotfix - KB901214
Windows 2000 Hotfix - KB904706
Windows 2000 Hotfix - KB905414
Windows 2000 Hotfix - KB905495
Windows 2000 Hotfix - KB905749
Windows 2000 Hotfix - KB908519
Windows 2000 Hotfix - KB908531
Windows 2000 Hotfix - KB911280
Windows 2000 Hotfix - KB912919
Windows 2000 Hotfix - KB913580
Windows 2000 Hotfix - KB914388
Windows 2000 Hotfix - KB914389
Windows 2000 Hotfix - KB917008
Windows 2000 Hotfix - KB917422
Windows 2000 Hotfix - KB917736
Windows 2000 Hotfix - KB917953
Windows 2000 Hotfix - KB920213
Windows 2000 Hotfix - KB920670
Windows 2000 Hotfix - KB920683
Windows 2000 Hotfix - KB920685
Windows 2000 Hotfix - KB920958
Windows 2000 Hotfix - KB921398
Windows 2000 Hotfix - KB922582
Windows 2000 Hotfix - KB922616
Windows 2000 Hotfix - KB923191
Windows 2000 Hotfix - KB923414
Windows 2000 Hotfix - KB923694
Windows 2000 Hotfix - KB923980
Windows 2000 Hotfix - KB924191
Windows 2000 Hotfix - KB924270
Windows 2000 Hotfix - KB925454
Windows 2000 Hotfix - KB925486
Windows Installer 3.0 (KB884016)
Windows Installer 3.1 (KB893803)
Windows Media Player Hotfix [See Q828026 for more information]
Windows Media Player systeemupdate (9-serie)
Unexplored Reality
Active Member
 
Posts: 5
Joined: December 31st, 2008, 6:48 am

Re: Antivirus 2009

Unread postby Odd dude » January 1st, 2009, 11:12 am

Hi Unexplored Reality.

I am very sorry for making you start 2009 like this, but I have some bad news.

Your computer is infected by a backdoor. A backdoor grants the creator complete access over your computer. Backdoors can monitor every keystroke you type (like keyloggers), and also grant their users administrative remote access over your pc!
This means that, although we can TRY to clean the infection, it is impossible to make 100% sure that the back door remains sealed forever. Sealing a back door is like locking the back door to your house: the door will be locked, but the burglar might have forged a key. This is because backdoors can leave hidden files deeply embedded into the system & they can modify your security settings without you or me ever finding out!
Therefore, the only way to TRULY fix a backdoor is to format your hard drive and reinstall your operating system (= getting a new lock/getting a new door/getting a new house). Most malware experts agree that a reformat/reinstall is the best way to handle backdoors.

Below are some important steps you should take now:
  • Disconnect from the internet NOW!
  • If you have ever handled anything related to money (online banking, online shopping, etc), call your bank company and say that you might be a victim of identity theft due to a computer virus which logs keystrokes.
  • Next, change ALL your passwords from a different computer! Do not use them on this computer again. This computer must now be considered to be fully compromised.
  • Now back up all your data (= not programs!) to a cd-rom.

Next, you have an important decision to make: will you do a R/R (Reformat/Reinstall)? If you choose not to, I will help you clean the PC, but keep in mind that I can NEVER guarantee that you are TRULY clean!
  • Will you use this computer for online banking, online gaming, or anything business related? If yes, the absolute safest option is to R/R. Maybe, one day, the back door will be reopened, and you don't want to find your creditcard stolen, while you thought you were safe.
  • Do you still have the original Windows CD?
  • Is it possible to back up all your data?
  • Do you have the drivers etc ready for a R/R?

In most cases, R/R is the best course of action to take.

THIS is a very good read about what exactly is the dangerous part of backdoors.

The infection we are talking about is Trojan-Lydra.F

Let me know what you decide.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Antivirus 2009

Unread postby Unexplored Reality » January 1st, 2009, 3:25 pm

I have good and bad news :)
The good news: I don't have the virus anymore!
The bad news: My old computers ventilator got broke, overheated the co;puter and it's broken...

I don't think I'll need your help anymore because I can't use it anymore...
Anyway, thank you for taking the time to try and help me. But I zon't be needing it anymore because I use a laptop now (with a qwerty keyboaed, wich is realy annoying and slow).

Thank you,
-Danny
Unexplored Reality
Active Member
 
Posts: 5
Joined: December 31st, 2008, 6:48 am

Re: Antivirus 2009

Unread postby Odd dude » January 1st, 2009, 5:44 pm

If you do not need my help anymore that is more than fine, however you must know that you had A LOT more infections than just the one you were complaining about. So if you ever plan on salvaging that hard disk and using it again without reformatting it first, be sure to drop by here first. The infections present are (were) quite bad.

Here are some tips on how to keep your laptop more secure (no need to follow them all, but one or two should be a good idea):


    • Install WinPatrol from here. Instructions for use are here.


    • Install SpywareBlaster to protect you from bad sites. Download - How to use it

    • Install a custom hosts file. Let's say I have a directory of 640kb's worth of bad sites. Let's say I can make sure you will never be able to access those sites, so you will never get any infection from those sites. It's like blocking a site - without site blocking tools. How would you like to never be able to visit (a lot, but not all of the) malware-infected sites again? Well, now you can!
      First, we must disable a service, as Windows cannot work with a very large hosts file while that service is active. This will not affect anything else.
      The disabling routine:
      1. Click Start, then Run
      2. Copy and paste the following:
        Code: Select all
        sc config dnscache start= disabled
      3. Click OK.
      Next, you can download the custom hosts file from here. Installation instructions can be found there as well.

    • Install Sandboxie. Sandboxie isolates programs into a sandbox. When you get infected, and the program that caused this (i.e. Internet Explorer) is inside the sandbox, the infection will remain trapped inside the sandbox. Then it only takes a few clicks to empty the sandbox and thus kill the virus. Sandboxie is completely free! Download it here.
Note that using Sandboxie does not guarantee that you will never get infected. Some malware can bypass Sandboxie, so don't let your guard down!


Please reply to this thread once more so we know it can be archived.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Antivirus 2009

Unread postby Unexplored Reality » January 1st, 2009, 9:14 pm

I'm not planning on using the hard disc again, I lost some important files wich I'll have to remake but I'm not touching that computer again. Also thank you for the tips, and the old computer was indeed infected with more virusses. I never payed enough attention to the security of my computer. But now, I'll try to keep it safe.

Good luck with your studies at the Malware Removal university and thank you for helping me out.

Greetings,
Danny
Unexplored Reality
Active Member
 
Posts: 5
Joined: December 31st, 2008, 6:48 am

Re: Antivirus 2009

Unread postby NonSuch » January 5th, 2009, 1:51 am

As this issue appears to be resolved, this topic is now closed.

You can help support this site from this link :
Donations For Malware Removal
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27304
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware