Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

W32.Sasser.ftp found by PandaScan

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

W32.Sasser.ftp found by PandaScan

Unread postby Si_442 » March 24th, 2005, 8:35 am

Spoke to a guy on another forum and said this is to place to get computer sorted - so here is my HijackThis file from this morning. Any suggestions on what needs removing etc. (I use AVG AntiVirus, not Norton)?

Logfile of HijackThis v1.99.1
Scan saved at 12:37:58, on 24/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\AVG AntiVirus\avgamsvr.exe
D:\PROGRA~1\AVG AntiVirus\avgupsvc.exe
C:\WINDOWS\System32\GEARSec.exe
D:\PROGRA~1\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Mouse\mouse32a.exe
D:\Program Files\MSN Messenger\Plus\MsgPlus.exe
D:\Program Files\Firewall\kpf4ss.exe
D:\PROGRA~1\Tray Icons\AllToTray.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Firewall\kpf4gui.exe
D:\Program Files\Notmad Explorer\notmgr.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Winamp\winamp.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Si\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Mouse] D:\Program Files\Mouse\mouse32a.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\MSN Messenger\Plus\MsgPlus.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\Virtual CD\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [Kerio Firewall] D:\Program Files\Firewall\kpf4ss.exe
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Program Files\MSN Messenger\Plus\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [AllToTray] D:\PROGRA~1\Tray Icons\AllToTray.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3147D594-7868-4085-BE24-878A355FD712}: NameServer = 62.241.160.200 158.43.240.4
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\AVG AntiVirus\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\AVG AntiVirus\avgupsvc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.EXE
Si_442
Active Member
 
Posts: 2
Joined: March 24th, 2005, 8:32 am
Advertisement
Register to Remove

Unread postby ChrisRLG » March 24th, 2005, 8:45 am

well apart from Norton (which you say you do not use) the only item I would not have on my systems is the messenger plus 3.

But it looks like you installed without the sponser programs - so your machine looks clean.

You do need to uninstall the norton stuff if it is not in use. Norton does not like other AV's running, it tend to give problems. AVG on the other hand is normally good with workinf with others - but still always only use on for backgroud processes, use the second only for on demand scanning.

So - if you need to remove Norton - visit norton and use thier uninstall instructions. You may be able to use HJT to remove all those Norton lines.
ChrisRLG
Administrator Emeritus
 
Posts: 17759
Joined: December 16th, 2004, 10:04 am
Location: Southend, Essex, UK

Unread postby Si_442 » March 24th, 2005, 8:48 am

Cheers for the speedy response - I installed Norton SystemWorks for the SpeedDisk feature, but it does seem to have started the majority of problems I am having! I will remove it now.
Si_442
Active Member
 
Posts: 2
Joined: March 24th, 2005, 8:32 am

Unread postby ChrisRLG » April 1st, 2005, 8:51 am

Glad we could be of assistance.

This topic is now closed. If you wish it
reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.


You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
ChrisRLG
Administrator Emeritus
 
Posts: 17759
Joined: December 16th, 2004, 10:04 am
Location: Southend, Essex, UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: Vanilla-krypton and 72 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware