Posted by: wudz3
« on: 04. October 2009., 09:30:36 »dude try making a bartPE bootable cd, search it in google pebuilder there will be an option for mcafee scangui, its very useful.
Posted by: wudz3« on: 04. October 2009., 09:30:36 »dude try making a bartPE bootable cd, search it in google pebuilder there will be an option for mcafee scangui, its very useful.
Posted by: Samker« on: 16. December 2008., 19:54:19 »No problem C. we are always here...
We need to start from somewhere, please download all this tolls to infected PC and try to run & scan with them, one by one: 1. Kaspersky Virus Removal Tool, McAfee AVERT Stinger & Microsoft Windows Malicious Software Removal Tool from here: http://scforum.info/index.php/topic,4510.0.html 2. SmitfraudFix: http://scforum.info/index.php/topic,1828.0.html Finaly I need new logs: that would be HJT log and if it's possible to connect to internet Kaspersky Online Scan log: http://scforum.info/index.php/topic,734.0.html I'll wait your new reply with (hope so) better results. Regards, Samker Posted by: Country27870« on: 16. December 2008., 18:47:39 »Sorry the delay, but I have been out of town working. I tried running the program last night but the program wont start. What should I do?
Posted by: Samker« on: 03. December 2008., 06:12:38 »Hi Country27870 and welcome to SCF Portal.
I must to be honest with you, this is disaster. But of course I'll try to help you. Please copy & run this tool on infected PC: http://scforum.info/index.php/topic,4510.0.html After that provide me new logs. Regards, Samker Posted by: Country27870« on: 03. December 2008., 01:51:02 »My brother's boss ask me to fix his computer. The avg 2009 that is on the computert is not activated so it will not remove the viruses for me. I need to either find a program to removes these threats or remove them manually. I cannot get the computer to connect to the internet via LAN, I tried releasing and renewing the ip address thru command prompt using ipconfig/release and ipconfig/renew, but it didn't work. I am currently saving virus removal programs to a 128 Mb flash drive and transfering the programs to the sick computer via the flash drive. I have tried using Spybot S&D, HiJack This, and Malwarebytes Anti-Malware. Spybot won't work because I can't connect the computer to the internet and spybot has to be updated before it will allow me to run a scan. The computer won't run long enough for the Malwarebytes to run a full system scan and also I cannot update the Malwarebytes. Below the list of viruses I found is the log that I saved from Hijack This
Is there a way to save the updates to the flash drive? This is some of his computer info. Computer Manufacturer: Compaq Presario 061 Computer Model: PP195AA-ABA SR1 300NX NA510 Operating System: Windows XP Home Edition (service pack 2) These are viruses that I have been able to find thru running AVG 2009: Viruses type Name Run Type Spyware Spyware.IEMonster.d C://windows/system32/iesetup.dll Spyware Win32.PerFiler autorun Spyware Spyware.KnownBadSites autorun Spyware Spyware.IMMonitor autorun Spyware Spyware.007SpySoftware C://windows/system32/ Adware Zlob.PornAdvertiser.ba autorun Adware Adware.eXact.BargainBuddy Registry Trojan Infostealer.Banker autorun Trojan Trojan.Tooso autorun Trojan Trojan.MailGrabber.s C://windows/system32/explorer.exe Trojan Trojan.Alg.t C://windows/system32/alg.exe Trojan Trojan.Win32.Agent.ado hidden autorun Trojan Win32.Outsbot.u autorun Trojan Trojan-Dropper.Win32.Agent.bot autorun Trojan Trojan.BAT.Adduser.t C://windows/system32/ Trojan Trojan.Clicker.EC C://windows/hidden/ Trojan Trojan.Poison.J hidden autorun Trojan Trojan-Dropper.Win32.Agent.bot C://windows/ Trojan Trojan-Downloader.VBS.Small.dc C://windows/ Backdoor Win32.Rbot.fm C://windows/system32/svchost.exe Dialer Dialer.Xpehbam.biz_dialer C://windows/system32/cmdial32.dll Worms Win32.Delbot.AI C://windows/system32/ Worms Win32.Sdbot.ADN C://windows/temp/ Worms Win32.Rbot.CBX C://windows/temp/ Worms Win32.Miewer.a hidden autorun Worms Win32.Peacomm.dam autorun Worms Worm.Bagle.CP C://windows/system/ Worms Win32.BlackMail.xx C://windows/ Worms Win32.Sober.P hidden autorun Worms Win32.Sdbot.ADN C://windows/temp/ Worms Win32.Rbot.CBX C://windows/temp/ Worms Win32.Miewer.a HiJack This log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:36:45 PM, on 12/2/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Common Files\Symantec Shared\ccProxy.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\tinyproxy\tinyproxy.exe c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\VTTimer.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Antivirus 2009\av2009.exe C:\Documents and Settings\Compaq_Owner\Application Data\gadcom\gadcom.exe C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\TrueAssistant\TrueAssistant.exe c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\AIM6\aolsoftware.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myembarq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9090 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local> O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [NAV CfgWiz] "c:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [70cd6b0a] rundll32.exe "C:\WINDOWS\system32\xbshfqfs.dll",b O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [67507670323213620575764765154802] C:\Program Files\Antivirus 2009\av2009.exe O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Compaq_Owner\Application Data\gadcom\gadcom.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\explorer32.exe" O4 - Startup: 360Share On Startup.lnk = C:\Program Files\360Share\Gui\360Share.exe O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - AppInit_DLLs: puviyf.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\tinyproxy\tinyproxy.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- End of file - 8403 bytes Thanks for taking the time to read all of this. I truely appreciate it. |