Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware problem, random MJ songs...really annoying

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware problem, random MJ songs...really annoying

Unread postby redsennacy2189 » July 15th, 2009, 10:40 pm

So I know exactly what happened, I just don't know how to get rid of it. I have a wireless mouse, and my connection was kinda skipping around...a "Click here for a free virus scan!" popped up, and i meant to click behind the window (I know better than to click on it) but unfortunately, my mouse moved slower than I thought it was. I clicked, it ended up opening and downloading some trojans and malware. I have run several Trend Micro scans, I have found 5 trojans that I cannot delete however, even after revealing all hidden files and going in looking for them myself. Ever since, I'm too afraid to go on to any of my regular sites that involve passwords, and there is a constant Michael Jackson playing the background with no known origin. Trend Micro does not recognize the trojans in safe mode, only during regular boot up. Their names are:
TROJ_AGENT.AXNB
TROJ_TDSS.WQ
TROJ_SUDIET.AK
TROJ_TDSS.XK
TROJ_ALUREON.B... (i wasn't able to catch the end of this.

Here is my Hijack_this file from regular start up.

Thank you so much for the help in advance!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:13 PM, on 7/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\DOCUME~1\ANASTA~1\LOCALS~1\Temp\b.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\msa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\TEMP\XE8200.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\WINDOWS\system32\wuauclt.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\ANASTA~1\LOCALS~1\Temp\b.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6013 bytes
redsennacy2189
Active Member
 
Posts: 5
Joined: July 13th, 2009, 11:15 am
Advertisement
Register to Remove

Re: Malware problem, random MJ songs...really annoying

Unread postby MWR 3 day Mod » July 19th, 2009, 3:09 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Malware problem, random MJ songs...really annoying

Unread postby Dakeyras » July 20th, 2009, 7:51 am

Hi :)

Is this either a business machine or used for personal use only?

Reason inquiring is that the Anti-Virus in use, namely:

Trend Micro OfficeScan

Is not normally used in a home/personal environment.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Malware problem, random MJ songs...really annoying

Unread postby redsennacy2189 » July 20th, 2009, 6:19 pm

Hi! :P

My PC was purchased through the University of South Carolina, and to be on campus and access the internet, I was required to download certain software. Trend Micro was one program, along with Cisco Clean Access Agent.

It is for personal use, occasionally some school work (heh) and I run my virus scans often.

I have a Dell Latitude D830, with Windows XP
redsennacy2189
Active Member
 
Posts: 5
Joined: July 13th, 2009, 11:15 am

Re: Malware problem, random MJ songs...really annoying

Unread postby Dakeyras » July 20th, 2009, 7:24 pm

Hi :)
redsennacy2189 wrote:Hi! :P

My PC was purchased through the University of South Carolina, and to be on campus and access the internet, I was required to download certain software. Trend Micro was one program, along with Cisco Clean Access Agent.

It is for personal use, occasionally some school work (heh) and I run my virus scans often.

I have a Dell Latitude D830, with Windows XP

This is a acceptable explanation for myself :thumbup:

I will post a suitable course of action in due course, thank you.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Malware problem, random MJ songs...really annoying

Unread postby Dakeyras » July 20th, 2009, 10:10 pm

Hi,

I have bad news I'm afraid :(

One or more of the identified infections is a Backdoor Trojan.

OK since we are dealing with the aforementioned infection(s) I would be providing your good self with a disservice if I did not make you aware of the ramifications below:

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Although an attempt could be made to clean this machine, it could never be considered to be truly clean, secure, or trustworthy. We could not say definitively that unknown and unseen malware will have been removed, nor will your system be restored to its pre-infection state. We cannot remedy unknown changes the malware may likely have made in order to allow itself access, nor can we repair the damage it may possibly have caused to vital system files. Additionally, it is quite possible that changes made to the system by the malware may impact negatively on your computer during the removal process. In short, your system may never regain its former stability or its full functionality without a reformat. Therefore, your best and safest course of action is a reformat and reinstallation of the Windows operating system, and that is the course we strongly recommend.

Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

I can attempt to clean this machine but I can't guarantee that it will be at all secure afterwords.

Should you have any questions, please feel free to ask.

Please let myself know what you have decided to do in your next post.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Malware problem, random MJ songs...really annoying

Unread postby redsennacy2189 » July 20th, 2009, 11:01 pm

I was worried about this. I had a feeling I would need to reformat.

I know how to do this, but before I do so, I have a quick question. Will any files I save to a flash drive also be infected? My last backup is quite shoddy and doesn't have some of the things I wish to keep (word files, pictures...)
redsennacy2189
Active Member
 
Posts: 5
Joined: July 13th, 2009, 11:15 am

Re: Malware problem, random MJ songs...really annoying

Unread postby Dakeyras » July 21st, 2009, 5:59 am

Hi :)

I was worried about this. I had a feeling I would need to reformat.
Aye not the most favorable of results I'm afraid but by advice is the most prudent course of action I assure you.

I know how to do this, but before I do so, I have a quick question. Will any files I save to a flash drive also be infected? My last backup is quite shoddy and doesn't have some of the things I wish to keep (word files, pictures...)
OK we can disinfect your flash drive so it in itself does not become compromised.

Also am I correct in thinking you will need to re-install the specific software you mentioned before reconnecting you computer to the campus LAN?

If not let myself know and I will provide a list of what is advisable security wise to install after a reformat and reinstallation of the Windows operating system.

Flash_Disinfector FOR XP:

  • Please download Flash_Disinfector and save it to your desktop.
  • Double click to run it.
  • You will be prompted to plug in your flash drive. Plug it in.
  • Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime.
  • When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager.
  • Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Malware problem, random MJ songs...really annoying

Unread postby redsennacy2189 » July 21st, 2009, 12:20 pm

Should I perform this on my own computer or the (clean) one I am using to message you? And I do it before or after I transfer the files to the flash?

I will probably have to redownload the University's software. I am not returning to USC this fall, but my boyfriend and friends live there, and they always have LAN parties. If I want to join in, I will have to redownload most of the programs for when I am on campus. I would love to hear what you suggest, though, for post-formatting.

I'm currently searching for the drivers and XP service pack three that Dell sent me once before (I've reformatted before :) different reasons though).

Thank you so much for your help by the way.
redsennacy2189
Active Member
 
Posts: 5
Joined: July 13th, 2009, 11:15 am

Re: Malware problem, random MJ songs...really annoying

Unread postby Dakeyras » July 21st, 2009, 3:58 pm

Hi :)

Should I perform this on my own computer or the (clean) one I am using to message you?
Aye this would be a prudent move.

And I do it before or after I transfer the files to the flash?
Aye again as part of the disinfection process will leave a small hidden file on the flash drive that helps prevent it from ever becoming infected when attached to a suspect machine.

I would love to hear what you suggest, though, for post-formatting.
By all means but when you install the Trend Micro software make sure to remember to uninstall what ever Anti-Virus and Firewall software you opted to install. Otherwise a system conflict will occur and it actually lessons overall online protection.

Thank you so much for your help by the way.
You are very welcome!

Reformat and Reinstallation Advice:

  • Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
    Here are some free Anti Virus programs which I recommend to use:
    • Antivir PersonalEditionClassic
      • Free anti-virus software for Windows.
      • Detects and removes more than 50,000 viruses. Free support.
    • avast! 4 Home Edition
        • Anti-virus program for Windows.
        • The home edition is freeware for noncommercial users.
    • Update your Anti Virus Software - It is imperative that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.
    • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.
      Here are some free Firewalls which I recommend to use:
      (Use only one, and disable your Windows Firewall)
    Note: Only ever have installed/use one Anti-Virus application and Software Firewall. Otherwise a system conflict will occur and this also lessens overall online protection!
  • Keep your system updated-Microsoft releases patches for Windows and other products regularly:
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialise and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Malwarebytes' Anti-Malware - Download it from here
    The tutorial on how to use MBAM is located here
  • Install WinPatrol - Download it from here
    You can find information about how WinPatrol works here
  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
    Download it from here
    The tutorial on how to use Spyware Blaster is located here
  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for your computer becoming infected again will reduce dramatically. Any questions feel free to ask OK!
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Malware problem, random MJ songs...really annoying

Unread postby NonSuch » July 22nd, 2009, 7:40 pm

As this issue appears to be resolved, this topic is now closed.

You can help support this site from this link :
Donations For Malware Removal
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 36 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware