Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Problems with Olmarik virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Problems with Olmarik virus

Unread postby Firefox » January 11th, 2010, 11:17 am

I need some help here.My pc has been surely infected by olmarik virus (nod32 says me every time i boot the computer that is impossibile to delete it) and it keeps slowing my navigation in general.
Thanks to who helps.

There is my logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.58.03, on 11/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
E:\Photoshop\PhotoshopElementsFileAgent.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\slserv.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\mHotkey.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\File comuni\Ulead Systems\AutoDetector\monitor.exe
C:\Programmi\MIC\HAWAII\Hawaii.exe
C:\Apps\Softex\OmniPass\scureapp.exe
C:\Apps\Powercinema\PCMService.exe
C:\Programmi\PowerISO\PWRISOVM.EXE
C:\Programmi\Ahead\InCD\InCD.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programmi\Microsoft LifeChat\LifeChat.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe
C:\APPS\SMP\SmpSys.exe
C:\Programmi\DNA\btdna.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/r ... key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\it.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://shell.windows.com/fileassoc/file ... 10&Ext=bak
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: http://www.1441.org Toolbar - {466bb6b6-4e3f-413c-bc0d-8c728c85228d} - C:\Programmi\www.1441.org\tbwww0.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programmi\Orbitdownloader\orbitcth.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmi\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: http://www.1441.org Toolbar - {466bb6b6-4e3f-413c-bc0d-8c728c85228d} - C:\Programmi\www.1441.org\tbwww0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: http://www.1441.org Toolbar - {466bb6b6-4e3f-413c-bc0d-8c728c85228d} - C:\Programmi\www.1441.org\tbwww0.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programmi\Orbitdownloader\GrabPro.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programmi\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NECHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programmi\File comuni\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [MM_MODULE] C:\Programmi\MIC\HAWAII\Hawaii.exe
O4 - HKLM\..\Run: [OmniPass] C:\Apps\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programmi\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LifeChat] "C:\Programmi\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Livestream Procaster] "C:\Programmi\Livestream Procaster\Procaster.exe" -autorun
O4 - HKLM\..\Run: [SpIDerAgent] "C:\Programmi\DrWeb\SpIDerAgent.exe"
O4 - HKLM\..\Run: [SpIDerMail] "C:\Programmi\DrWeb\spiderml.exe"
O4 - HKLM\..\Run: [SpIDerNT] C:\PROGRA~1\DrWeb\spiderui.exe /agent
O4 - HKLM\..\Run: [egui] "C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Steam] "e:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programmi\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKLM\..\Policies\Explorer\Run: [winsys32] C:\WINDOWS\system32\winsys32\winsys32.exe
O4 - HKCU\..\Policies\Explorer\Run: [winsys32] C:\WINDOWS\system32\winsys32\winsys32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVIZIO DI RETE')
O4 - Global Startup: Orbit.lnk = C:\Programmi\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programmi\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\it.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{4901C93B-C1C8-4F2F-B229-A78F054A7AA6}: NameServer = 213.205.32.70 213.205.36.70
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - E:\Photoshop\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Dr.Web Scanning Engine (DrWebEngine) (DrWebEngine) - Doctor Web, Ltd. - C:\Programmi\File comuni\Doctor Web\Scanning Engine\dwengine.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Servizio di Google Update (gupdate1ca69fce432c4d0) (gupdate1ca69fce432c4d0) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SpIDer Guard for Windows (SPIDERNT) - Doctor Web, Ltd. - C:\PROGRA~1\DrWeb\spidernt.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: y6rM2E - CPUID - C:\Programmi\CPUID\PC Wizard 2009\Data\pcwizntl.exe

--
End of file - 12343 bytes

3D Sea Aquarium
7-Zip 4.57
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 7.0
Adobe Reader 9.1 - Italiano
Adobe Shockwave Player
Aggiornamento della protezione per Step by Step Interactive Training (KB898458)
Aggiornamento della protezione per Windows XP (KB890046)
Aggiornamento della protezione per Windows XP (KB893066)
Aggiornamento della protezione per Windows XP (KB893756)
Aggiornamento della protezione per Windows XP (KB896358)
Aggiornamento della protezione per Windows XP (KB896422)
Aggiornamento della protezione per Windows XP (KB896423)
Aggiornamento della protezione per Windows XP (KB896424)
Aggiornamento della protezione per Windows XP (KB896428)
Aggiornamento della protezione per Windows XP (KB899587)
Aggiornamento della protezione per Windows XP (KB899591)
Aggiornamento della protezione per Windows XP (KB900725)
Aggiornamento della protezione per Windows XP (KB901017)
Aggiornamento della protezione per Windows XP (KB901214)
Aggiornamento della protezione per Windows XP (KB902400)
Aggiornamento della protezione per Windows XP (KB904706)
Aggiornamento della protezione per Windows XP (KB905414)
Aggiornamento della protezione per Windows XP (KB905749)
Aggiornamento della protezione per Windows XP (KB905915)
Aggiornamento per Windows XP (KB894391)
Aggiornamento per Windows XP (KB898461)
Aggiornamento per Windows XP (KB910437)
Aggiornamento rapido per Windows XP - KB873339
Aggiornamento rapido per Windows XP - KB885250
Aggiornamento rapido per Windows XP - KB885835
Aggiornamento rapido per Windows XP - KB885836
Aggiornamento rapido per Windows XP - KB886185
Aggiornamento rapido per Windows XP - KB887472
Aggiornamento rapido per Windows XP - KB887742
Aggiornamento rapido per Windows XP - KB888113
Aggiornamento rapido per Windows XP - KB888302
Aggiornamento rapido per Windows XP - KB890859
Aggiornamento rapido per Windows XP - KB891781
Aggiornamento rapido per Windows XP (KB896256)
Aggiornamento rapido per Windows XP (KB942288-v3)
Amazing Aquaworld 3D Screensaver 1.0
ArmA2 Uninstall
ATI - Software Uninstall Utility
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Display Driver
ATI HYDRAVISION
ATI Parental Control & Encoder
ATI Problem Report Wizard
Battlefield 1942
Battlefield 1942: Secret Weapons of WWII
Battlefield 1942: The Road To Rome
Battlefield 2(TM)
Battlefield Heroes
Blockland
Blue Fantasy Screensaver 1.0
Build Your Own Net Dream (remove only)
Call of Combat
Call of Duty(R) 4 - Modern Warfare(TM)
Cassini Sega Saturn Emulator 2.0
Catalyst Control Center - Branding
CCleaner
CDBurnerXP
Codificatore di Windows Media 9 Series
Company of Heroes
DAEMON Tools Toolbar
Defraggler (remove only)
Diskeeper 2009 Pro Premier
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Web Player
D-Link DSL Modem
Dr.Web anti-virus for Windows 5.0 (x86)
Dragon UnPACKer 5
Eternal Silence
Express Burn
Face of Mankind
Falcon 4.0: Allied Force
Fallout 3
Fallout2
Far Cry 2
Football Manager 2009
Francesco's leveled creatures-items mod 4.5b
Francesco's optional new items/creatures 4.5
Fraps (remove only)
GIMP 2.6.7
GKLauncher
Google Chrome
Google Update Helper
GTA San Andreas
GTWIN
GunBound Thor's Hammer
GunBound Thor's Hammer
GXTranscoder
Hamachi 1.0.2.5
Hearts of Iron III
HijackThis 2.0.2
HP USB Disk Storage Format Tool
ImgBurn
In The Depth Screensaver 1.0
InCD
Insurgency
J2SE Runtime Environment 5.0 Update 2
Java(TM) 6 Update 13
K-Lite Mega Codec Pack 4.3.1
Livestream Procaster
Look At The Space 3D Screensaver 1.0
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 1.1 Italian Language Pack
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft LifeChat
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MLBDugoutHeroes
Mother, A Computer Hacking Simulation v1.0
Mount&Blade
Mozilla Firefox (3.5.7)
Mozilla Thunderbird (2.0.0.23)
MSXML 6.0 Parser (KB925673)
NEC Back to School Keyboard 2005
Nero 6 Ultra Edition
Nero Digital
Nero Media Player
Neverwinter Nights 2
Nokia Connectivity Cable Driver
Nokia Lifeblog 2.1
Nokia MTP driver
Nokia N73 highlights
Nokia Nseries Skin for Microsoft Windows Media Player
Nokia PC Connectivity Solution
Nokia PC Suite
Nokia themes for your device
NVIDIA PhysX
Oblivion
Obscure
Omni-Bot 0.71 STABLE
OpenAL
Operation Flashpoint uninstall
Optical illusions
Orbit Downloader
PakkISO 0.4
Panasonic-EW Control FPWIN Pro 6
Pando Media Booster
Pannello di controllo ATI
Parabellum Beta
PC Wizard 2009.1.88
Pcsx2 0.9.1 Watermoose
Pcsx2 0.9.6
PlanetSide: Aftershock
Postal 2 Share The Pain
PowerArchiver 2007 Italian
PowerDVD
PowerISO
PunkBuster for Joint Operations: Typhoon Rising
PunkBuster per Battlefield 1942
PunkBuster Services
Quake Live Mozilla Plugin
REAL SHOES PATCH FOR 2K9
RealPlayer
Realtek AC'97 Audio
Registry Easy v4.9
Return to Castle Wolfenstein
rFactor (remove only)
Riva FLV Player
San Andreas Mod Installer
Screensaver Director Professional Demo
Smashball
Sonic MyDVD
Sonic RecordNow!
Source SDK Base
Source SDK Base - Orange Box
SourceForts
Space Sunrise 3D Screensaver 1.0
SPEED-LINK DUAL SHOCK ADAPTER
Steam(TM)
Tiscali Internet
Total Screen Recorder Gold 1.5
TrackMania Nations Forever
Tropico
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.15
Ventrilo Client
VLC media player 0.9.8a
VTFEdit 1.2.5
Windows Communication Foundation
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Presentation Foundation
Windows Workflow Foundation
WinPcap 4.0.2
WinRAR archiver
World of Warcraft FREE Trial
http://www.1441.org Toolbar
Yahoo! Toolbar
Zombie Panic! Source
Firefox
Active Member
 
Posts: 3
Joined: January 8th, 2010, 2:54 pm
Top
Advertisement
Register to Remove

Re: Problems with Olmarik virus

Unread postby MWR 3 day Mod » January 15th, 2010, 4:30 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am
Top

Re: Problems with Olmarik virus

Unread postby deltalima » January 19th, 2010, 8:16 am

Hi Firefox,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

HijackThis logs can take some time to research, so please be patient with me.

Please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • All of my posts need to be checked by a teacher, so please be patient while I attempt to remove your malware.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Top

Re: Problems with Olmarik virus

Unread postby deltalima » January 19th, 2010, 3:01 pm

Hi Firefox,

Remove P2P Programs

  • I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

    BitTorrent DNA

  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

    Please Remove BitTorrent DNA from your computer before continuing.

    multiple Anti Virus programs

    • It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:
      Dr.Web anti-virus for Windows 5.0
      ESET NOD32
    • Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer.
    • Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

    • Please remove one of them.

    Please download DDS ... by sUBs.
    Save it to your desktop. Alternate download link:here.
    • Double click the tool to run it.
    • A black Screen will open... read the contents but do nothing.
    • When DDS finishes... Notepad will open with 2 reports... DDS.txt and Attach.txt
      Ignore the comments about zipping / attaching any of the report files. The 2 report files are not saved anywhere,
      if you close Notepad, before copying /pasting them... you will need to run DDS again.
    • Copy/paste both DDS.txt and Attach.txt reports in your next reply.
    • Once the reports have been posted, you can delete DDS from your desktop.
    • Even though Attach.txt gives instructions to attach the file please post the contents of the file into your reply

    Please download GMER Rootkit Scanner from here.
    • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
    • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
    • Run Gmer again and click on the Rootkit tab.
    • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
    • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
    • Click on the "Scan" and wait for the scan to finish.
      Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
    • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
    • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with DDS.txt and Attach.txt from the DDS scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Top

Re: Problems with Olmarik virus

Unread postby Elrond » January 24th, 2010, 12:06 am

Due to lack of activity this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Top
Advertisement
Register to Remove
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 422 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index