Free Malware Removal Forum

[angelica_ong]

ive been infected with the brought to you by TQ! virus.. so pls help me remove this... ive installed avira anti virus and though it deleted hundred of worms, my ie still displayed the brought to you by tq! title and i still cant access the task manager saying the admin disabled it... also, i the folder options have been disabled and the automatic homepage is blogtq.blosgspot.com which i cant change... pls do help me!

Logfile of HijackThis v1.99.1
Scan saved at 2:36:45 PM, on 8/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://blogtq.blogspot.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://us.rd.yahoo.com/customize/ie/def ... arch/searc

h.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Brought to you by TQ!
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - È=S
497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - ø=S
8ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio

10\uvPL.exe
O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\RavMonE.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony

Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [WindowNT] c:\WINDOWS\system32\exiplorer.exe
O4 - HKLM\..\Run: [winconfig] C:\WINDOWS\winconfig.dll.vbs
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony

Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool)

- http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -

http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program

Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) -

http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -

http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) -

http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) -

http://angelicaong.multiply.com/photos/uploader.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) -

http://update.videoegg.com/Install/Wind ... lisher.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH -

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH -

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity

Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program

Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


pls help me... anz_9@yahoo.com is my email address if you want to email me or pls do reply to this post.. thanks!

[curlylad]

Hello angelica_ong and welcome to The Malware Removal Forums.

My name is curlylad and I will be helping you to remove any infection(s) that you may have.

I have to let experts check the content of my fixes before I post them so be patient.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess , simply post back with your query and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.


I will be back as soon as possible with your first instructions !

[angelica_ong]

thank you very much for replying to my post curlylad! anyway, ill just wait for your instructions and see what happens.. thanks again and good day..

[curlylad]

angelica_ong

Please read all the following statement carefully

Unfortunately your log shows me that the system has a bad infection.
The infection - a Trojan - has what is known as a Backdoor.

These types of Trojans allow attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data. These processes are a security risk and should be removed from your system.
Please read this article for more information http://malektips.com/spyware_adware_0022.html

I offer you really only one safe, realistic and appropriate option and that is that you need to format your system and reinstall Microsoft Windows.

However should you decide that you wish for me to clean your system I will gladly help you do this but I will never really know whether there is still a backdoor trojan or keylogger running silently in the background.
The reason for this is that the infection can make undetectable changes to your security settings, which may enable a re-installation of the infection after the machine is "cleaned" and reconnected to the internet.
(This infection can, in effect, leave a "cellar door" unlocked so it can come back later and gain entry).
Should you choose the option to format I will of course provide instructions if you require me to.

• At this point I advise you to disconnect immediately from the Internet
• Get to a known clean computer and change all your passwords where applicable
• Also contact all of your financial institutions and inform them that you may be a victim of identity fraud.
• Many experts in the security community believe that the only real safe option is to reinstall your operating system.

Please consider whether you wish to format your system and reinstall Microsoft Windows or whether you would like me to attempt to clean your system.

When you have decided please post back.

To help you make your decision please read through the following articles

How do I handle possible identity theft, Internet fraud and credit card fraud ?

When should I format, how should I reinstall ?

When you have decided which option you wish to take please post back informing me of this.

[angelica_ong]

sorry for the delayed reply curlylad... anyway, ive thought about the options i had and i think that the only real option i have is to reformat my computer.. can i do this on my own or do i need a computer technician to do this? if it is possible to do it manually, pleas help me darn those viruses! additional info regarding the computer is that you it has 3 user profiles.. thank you very much and good day!

[curlylad]

angelica_ong

I think that the best option here is definately the format and reinstallation.

Since that is the route we are going to take then here's what you will need to do.

Firstly your original HijackThis log showed me that you had 2 Anti Virus programs installed and running on your system at the same time.

AVG Free Edition and also AntiVir Personal Edition Classic

Running 2 Anti Virus programs will definately do more harm than good and create all sorts of problems so this needs to be kept in mind for when you have formatted your system and reinstalled Microsoft Windows.
What you therefore need to do before you format the system is to download the installer for just 1 Anti Virus program onto removable media such as a blank CD.
When you boot up the newly formatted/reinstalled system for the first time and before connecting to the Internet, install the Anti Virus program from the CD.
Then connect to the Internet and immediately update Microsoft Windows, then update your Anti Virus program.

OK, those were the important things to remind you of, below you will see some points outlined to remind you of the important steps and also a very informative tutorial to read.

• Please read through this document thoroughly http://spyware-free.us/tutorials/reformat/
• When you have read through it please then print out a copy of it for your reference
• Make sure that you haven't accidently cut off the bottom or side of the document whilst printing it out
• Next familiarise yourself with the individual steps it is asking you to perform - if you are unsure of one minute detail please post back and ask me and I will go through it with you
• When you have read and understood the entire document and there are no questions, make sure you have all the tools/programs etc downloaded onto removable media (eg CD)
• Also make sure any important data not in My Documents Folder such as Quicken and/or MS Money have been backed up to removable media.
• Remember to back up any films and or music to removable media too.
• Also make sure you have ready your Microsoft Windows Installation CD and the unique product key (25 digit alpha-numeric code), plus the drivers CD for your system.
• Finally have to hand all the CDs for any other programs that you wish to install, most imprtantly a Firewall and Anti Virus program.
  If you do not have a CD with a Firewall and Anti Virus program on then I suggest that you download one of each to a CD or other removable media before you move on.
• OK, you should now be ready to begin the format and reinstallation
• If however at this point you are still unsure of anything then post back with any query you may have no matter how trivial you may think it is and we will go over it
• Make sure to take your time and perform each step as described, if you do that then you will soon have a newly installed operating system free from any malware or other unnecesaries.

Good luck and make sure to post any queries before you start the procedure, I am sure you may have a few questions so don't be afraid to ask.

[curlylad]

angelica_ong


How are you getting on with my instructions ?
It has been nearly 2 weeks since I have heard from you.
If you no longer require my help that is fine, but I must ask that you post back informing me of this.
If you still require my help then please post back to let me know how things are going.
Please be aware
If you have not replied to this message within a further 48 hours I will request an Administrator archives this thread.

[angelica_ong]

sorry curlylad for the delayed reply.. i was out of town and i wasn't able to check my mail until now. anyway, i think that i would hire a technician to reboot my computer because this computer is i think 4 years old already and i have lost some of the cds and drivers and i htink that if i do it on my own, i would do more damage than the virus... anyway, thank you very much for your help. i now mroe aware of the safety precautions in using hte computer. again thank you and god bless

[askey127]

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.
If you are the topic starter, you will need a valid, working link to the closed topic, along with the user name used.
The user name must match the one in the linked thread linked to avoid having the email deleted.

You can help support this site from this link :
Donations For Malware Removal