Members
  • Total Members: 12811
  • Latest: nodrog
Stats
  • Total Posts: 28506
  • Total Topics: 8238
  • Online Today: 849
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: HELP!!!!!!!!!  (Read 7098 times)

0 Members and 1 Guest are viewing this topic.

Country27870

  • SCF Newbie
  • *
  • Posts: 2
  • KARMA: 0
HELP!!!!!!!!!
« on: 03. December 2008., 01:51:02 »
My brother's boss ask me to fix his computer. The avg 2009 that is on the computert is not activated so it will not remove the viruses for me. I need to either find a program to removes these threats or remove them manually. I cannot get the computer to connect to the internet via LAN, I tried releasing and renewing the ip address thru command prompt using ipconfig/release and ipconfig/renew, but it didn't work. I am currently saving virus removal programs to a 128 Mb flash drive and transfering the programs to the sick computer via the flash drive. I have tried using Spybot S&D, HiJack This, and Malwarebytes Anti-Malware. Spybot won't work because I can't connect the computer to the internet and spybot has to be updated before it will allow me to run a scan. The computer won't run long enough for the Malwarebytes to run a full system scan and also I cannot update the Malwarebytes. Below the list of viruses I found is the log that I saved from Hijack This

Is there a way to save the updates to the flash drive?

This is some of his computer info.
Computer Manufacturer: Compaq Presario 061
Computer Model: PP195AA-ABA SR1 300NX NA510
Operating System: Windows XP Home Edition (service pack 2)

These are viruses that I have been able to find thru running AVG 2009:
Viruses type       Name                                      Run Type
Spyware            Spyware.IEMonster.d                 C://windows/system32/iesetup.dll
Spyware            Win32.PerFiler                           autorun
Spyware            Spyware.KnownBadSites             autorun
Spyware            Spyware.IMMonitor                    autorun
Spyware            Spyware.007SpySoftware           C://windows/system32/
Adware              Zlob.PornAdvertiser.ba               autorun
Adware              Adware.eXact.BargainBuddy        Registry
Trojan               Infostealer.Banker                      autorun
Trojan               Trojan.Tooso                             autorun
Trojan               Trojan.MailGrabber.s                   C://windows/system32/explorer.exe
Trojan               Trojan.Alg.t                               C://windows/system32/alg.exe
Trojan               Trojan.Win32.Agent.ado               hidden autorun
Trojan               Win32.Outsbot.u                         autorun
Trojan               Trojan-Dropper.Win32.Agent.bot    autorun
Trojan               Trojan.BAT.Adduser.t                   C://windows/system32/
Trojan               Trojan.Clicker.EC                         C://windows/hidden/
Trojan               Trojan.Poison.J                           hidden autorun
Trojan               Trojan-Dropper.Win32.Agent.bot    C://windows/
Trojan               Trojan-Downloader.VBS.Small.dc    C://windows/
Backdoor            Win32.Rbot.fm                            C://windows/system32/svchost.exe
Dialer                 Dialer.Xpehbam.biz_dialer             C://windows/system32/cmdial32.dll
Worms               Win32.Delbot.AI                          C://windows/system32/
Worms               Win32.Sdbot.ADN                        C://windows/temp/
Worms               Win32.Rbot.CBX                          C://windows/temp/
Worms               Win32.Miewer.a                           hidden autorun
Worms               Win32.Peacomm.dam                    autorun
Worms               Worm.Bagle.CP                            C://windows/system/
Worms               Win32.BlackMail.xx                       C://windows/
Worms               Win32.Sober.P                             hidden autorun
Worms               Win32.Sdbot.ADN                         C://windows/temp/
Worms               Win32.Rbot.CBX                           C://windows/temp/
Worms               Win32.Miewer.a                           

HiJack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:36:45 PM, on 12/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\tinyproxy\tinyproxy.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Antivirus 2009\av2009.exe
C:\Documents and Settings\Compaq_Owner\Application Data\gadcom\gadcom.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myembarq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9090
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NAV CfgWiz] "c:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [70cd6b0a] rundll32.exe "C:\WINDOWS\system32\xbshfqfs.dll",b
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [67507670323213620575764765154802] C:\Program Files\Antivirus 2009\av2009.exe
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Compaq_Owner\Application Data\gadcom\gadcom.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\explorer32.exe"
O4 - Startup: 360Share On Startup.lnk = C:\Program Files\360Share\Gui\360Share.exe
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: puviyf.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc)  - Unknown owner - C:\Program Files\tinyproxy\tinyproxy.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 8403 bytes

Thanks for taking the time to read all of this. I truely appreciate it.

Samker's Computer Forum - SCforum.info

HELP!!!!!!!!!
« on: 03. December 2008., 01:51:02 »




Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Re: HELP!!!!!!!!!
« Reply #1 on: 03. December 2008., 06:12:38 »
Hi Country27870 and welcome to SCF Portal.

I must to be honest with you, this is disaster.

But of course I'll try to help you.

Please copy & run this tool on infected PC:

http://scforum.info/index.php/topic,4510.0.html


After that provide me new logs.

Regards,

Samker

Country27870

  • SCF Newbie
  • *
  • Posts: 2
  • KARMA: 0
Re: HELP!!!!!!!!!
« Reply #2 on: 16. December 2008., 18:47:39 »
Sorry the delay, but I have been out of town working. I tried running the program last night but the program wont start. What should I do?

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
No problem C. we are always here... :police:

We need to start from somewhere, please download all this tolls to infected PC and try to run & scan with them, one by one:

1. Kaspersky Virus Removal Tool, McAfee AVERT Stinger & Microsoft Windows Malicious Software Removal Tool from here:  http://scforum.info/index.php/topic,4510.0.html 


2. SmitfraudFix: http://scforum.info/index.php/topic,1828.0.html




Finaly I need new logs: that would be HJT log and if it's possible to connect to internet Kaspersky Online Scan log: http://scforum.info/index.php/topic,734.0.html


I'll wait your new reply with (hope so) better results.

Regards,

Samker

wudz3

  • SCF Member
  • **
  • Posts: 37
  • KARMA: 3
Re: HELP!!!!!!!!!
« Reply #4 on: 04. October 2009., 09:30:36 »
dude try making a bartPE bootable cd, search it in google pebuilder there will be an option for mcafee scangui, its very useful.

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising