Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Problems with my computer might have virus?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Problems with my computer might have virus?

Unread postby mum7778 » October 30th, 2009, 1:07 pm

My computer has adds that pop up on it and sometimes virus scans will happen whe I try to go to a web site and the scan wont let me do anything unless I download the program to fix the viruses. A lot of times trying to go to a web site I get redirected to another. I can only use firefox web browser. Here is my hijack log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:13:10 AM, on 2/8/2004
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\Program Files\Clearwire\CSS\App\syssvcnt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Clearwire\CSS\app\Console.exe
C:\Program Files\Cricket\Cricket Broadband\Cricket Broadband.exe
C:\Program Files\Cricket\Cricket Broadband\bmctl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: (no name) - MRI_DISABLED - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AuthPopupBHO01.cBHO - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - C:\Program Files\Clearwire\CSS\App\popupbho01.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Clearwire Security Suite Popup Blocker - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - C:\Program Files\Clearwire\CSS\App\popupbho01.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ESP] C:\Program Files\Clearwire\CSS\app\start.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\Temp\_ex-08.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/servle ... f.00000148
O4 - HKUS\S-1-5-21-2828333730-2108269864-390977868-501\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Guest')
O4 - HKUS\S-1-5-21-2828333730-2108269864-390977868-501\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Guest')
O4 - HKUS\S-1-5-21-2828333730-2108269864-390977868-501\..\Run: [userinit] C:\Documents and Settings\Guest\Application Data\sdra64.exe (User 'Guest')
O4 - HKUS\S-1-5-21-2828333730-2108269864-390977868-501\..\Run: [PromoReg] C:\WINDOWS\Temp\_ex-08.exe (User 'Guest')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MRI_DISABLED
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E926CC4-2949-4551-9847-D16B2C8ACA9B}: NameServer = 172.28.221.53 172.28.221.54
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E926CC4-2949-4551-9847-D16B2C8ACA9B}: NameServer = 172.28.221.53 172.28.221.54
O23 - Service: Clearwire Security Suite System Service (AuthSysSvc) - Authentium, Inc. - C:\Program Files\Clearwire\CSS\App\syssvcnt.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O24 - Desktop Component 0: (no name) - http://by101fd.bay101.hotmail.msn.com/c ... otmail.com

--
End of file - 9186 bytes
mum7778
Active Member
 
Posts: 2
Joined: October 30th, 2009, 12:59 pm
Advertisement
Register to Remove

Re: Problems with my computer might have virus?

Unread postby askey127 » November 3rd, 2009, 7:30 am

Hi mum7778,
In addition to infection items, some of the registry entries here relate to Adobe Acrobat 7.
This is an older version that can allow infections on your machine.
This is mostly a side issue not directly related to your present problem.
Only new versions of Adobe Reader should be used to open Internet PDF files.
We will download a new Adobe Reader later.
-----------------------------------------------------------
Remove Registry items with HighjackThis. Start HijackThis.
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: (no name) - MRI_DISABLED - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\Temp\_ex-08.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/servle ... f.00000148
O4 - HKUS\S-1-5-21-2828333730-2108269864-390977868-501\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Guest')
O4 - HKUS\S-1-5-21-2828333730-2108269864-390977868-501\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Guest')
O4 - HKUS\S-1-5-21-2828333730-2108269864-390977868-501\..\Run: [userinit] C:\Documents and Settings\Guest\Application Data\sdra64.exe (User 'Guest')
O4 - HKUS\S-1-5-21-2828333730-2108269864-390977868-501\..\Run: [PromoReg] C:\WINDOWS\Temp\_ex-08.exe (User 'Guest')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MRI_DISABLED
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
-----------------------------------------------------------
REBOOT Your Machine
----------------------------------------------------------------------------------
Download and Run MalwareBytes' Anti-Malware
Please go here to the Download Location, click on Download.
  • After clicking on the download and choosing Save, the "Save to location" dialog will come up.
  • Choose Desktop as the location to save the installer and click Save again.
  • You should now have a desktop icon named mbam-setup.exe. Double-click it.
  • Let it install the program where it wants to, with the default settings, and click Finish.
  • If an update is found, it will download and install the latest version.
  • If necessary, start Malwarebytes Anti-Malware again.
  • Once the program is running, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • If it found any malware items. Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
  • The log can also be found using the "Logs" tab in the program. You can click any log listed to open its contents.
  • Recent logs are named by time/date stamp in this format : mbam-log-2009-mm-dd(hour-min-sec).txt
  • You can now delete the installer icon, named mbam-setup.exe from your desktop.
-----------------------------------------------------------
REBOOT Your Machine
-----------------------------------------------------------
Post a New HiJackThis Log
Start HijackThis
Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply.

So we are looking for the log from Malwarebytes Anti-Malware and a fresh HiJackThis log. Separate posts are fine.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Problems with my computer might have virus?

Unread postby mum7778 » November 5th, 2009, 4:40 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:06:46 AM, on 2/14/2004
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Clearwire\CSS\App\syssvcnt.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexmark 3300 Series\lxccmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\lxcccoms.exe
C:\Program Files\Clearwire\CSS\app\Console.exe
C:\Program Files\Cricket\Cricket Broadband\Cricket Broadband.exe
C:\Program Files\Cricket\Cricket Broadband\bmctl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AuthPopupBHO01.cBHO - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - C:\Program Files\Clearwire\CSS\App\popupbho01.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Clearwire Security Suite Popup Blocker - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - C:\Program Files\Clearwire\CSS\App\popupbho01.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ESP] C:\Program Files\Clearwire\CSS\app\start.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E926CC4-2949-4551-9847-D16B2C8ACA9B}: NameServer = 172.28.221.53 172.28.221.54
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E926CC4-2949-4551-9847-D16B2C8ACA9B}: NameServer = 172.28.221.53 172.28.221.54
O23 - Service: Clearwire Security Suite System Service (AuthSysSvc) - Authentium, Inc. - C:\Program Files\Clearwire\CSS\App\syssvcnt.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O24 - Desktop Component 0: (no name) - http://by101fd.bay101.hotmail.msn.com/c ... otmail.com

--
End of file - 7911 bytes





Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

2/14/2004 10:55:08 AM
mbam-log-2004-02-14 (10-55-08).txt

Scan type: Quick Scan
Objects scanned: 106858
Time elapsed: 2 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 3
Registry Data Items Infected: 6
Folders Infected: 2
Files Infected: 126

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{c48635ad-d6b5-3ee4-aaa2-540d5a173658} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{c48635ad-d6b5-3ee4-aaa2-540d5a173658} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RList (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\MyID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux2 (Trojan.JSRedir.H) -> Bad: (C:\WINDOWS\system32\..\iemeyw.tlq) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\14118284 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.

Files Infected:
C:\WINDOWS\iemeyw.tlq (Trojan.JSRedir.H) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\FA.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\FB.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\42C.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\436.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\446.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\447.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\448.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\461.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\462.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\463.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\464.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\465.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\48D.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\4BB.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\4C3.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\4EB.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\51F.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\527.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\200.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\201.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\205.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\206.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\20C.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\22.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\225.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\226.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\227.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\228.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\229.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\242.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\243.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\244.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\245.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\246.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\25D.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\282.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\28C.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\28D.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\28E.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\290.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\29B.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\29C.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\29D.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\29E.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\29F.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\2A9.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\2AA.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\2AB.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\2B8.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\2B9.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\2BA.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\2BB.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\2BC.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\2D5.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\2D6.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\2D7.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\2D8.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\2DC.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\2DD.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\2F2.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\2F8.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\2FB.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\32A.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\343.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\344.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\345.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\346.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\347.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\360.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\361.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\362.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\363.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\391.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\3B9.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\3BA.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\3BB.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\3BC.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\3BD.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\3D6.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\3D7.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\3F0.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\3FA.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\3FB.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\1E6.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\28F.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\2F1.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BC.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BD.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BE.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BF.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\C0.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\C1.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\C2.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\DB.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\DC.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\DD.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\DE.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\11E.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\14C.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\14D.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\14E.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\167.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\168.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\169.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\182.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\1B0.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\1B1.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\1B2.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\1B4.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\1DC.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\1E2.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\1E4.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\1E5.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Local Settings\Temp\52.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Local Settings\Temp\TMP24.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Local Settings\Temp\41.tmp (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\p2flb78a.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\TMP2.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\2L9W52WF\win[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\14118284\14118284.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\sdra64.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\Temp\_ex-08.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\_ex-68.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
mum7778
Active Member
 
Posts: 2
Joined: October 30th, 2009, 12:59 pm

Re: Problems with my computer might have virus?

Unread postby askey127 » November 5th, 2009, 5:06 pm

mum7778,
-----------------------------------------------------------
Unfortunately, you have had a number of very dangerous infections, with "backdoor" capabilities.
This can give remote intruders complete control of your computer, which can include logging key strokes, stealing information, etc.
The SAFEST advice is to do the following :
  • Call your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
  • From a clean computer, change *ALL* of your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
  • Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.
Because of the infection's backdoor functionality(i.e., remote control capability), the basic security of your PC is very likely compromised, and there is no way to be sure it can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action is to reformat the hard drive and reinstall the Windows Operating System. The reason for this is that the infection can make undetectable changes to your security settings, which may enable a re-installation of the infection after the machine is "cleaned". (This infection can, in effect, leave a "cellar door" unlocked so it can come back later and gain entry).

These infections are serious enough that removing them without damaging the Windows System is no sure thing. This is your choice to make.
The following articles may be of assistance in your decision: Should you have any questions, please feel free to ask.

If you read the above, and still decide you want to proceed with cleaning it, please do as follows:
-----------------------------------------------------------
REBOOT Your Machine
-----------------------------------------------------------
Retrieve the List of Installed programs Using HJT
Open HijackThis, click Open The Misc Tools Section. Then scroll down the list if you need to, click Open Uninstall Manager and Save List...
The List of installed programs will automatically be saved as uninstall_list.txt in your HiJackThis folder.
In addition, the list opens in Notepad so you can also save as another name in another location if you wish.
Please paste the contents into your next reply.
------------------------------------------------------------
Download the latest version of Java Runtime Environment here : http://java.sun.com/javase/downloads/index.jsp, and install it to your computer.
Scroll down - It is currently the 5th item on the page (the page changes often), called JRE 6 Update 17
Select Windows and multi-language, and check to agree to the license.
Choose Windows Offline installation version.
Download it, choose Save, and save it to your desktop.
Then doubleclick it, and it will install the newest version of Java for you to use.
You can then remove the Installer from your desktop.
-----------------------------------------------------
Run an Online Kaspersky WebScan
  • Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the Program and Database downloads have finished, (may take a while), Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post the contents of this log in your next reply.

So please post the Installed Programs List from HiJackThis, and the log from the Kaspersky scan.
Use separate posts if you prefer.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Problems with my computer might have virus?

Unread postby NonSuch » November 8th, 2009, 8:42 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 482 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware