Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Security and Virus > A virus called ADW Tenget.A

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

A virus called ADW Tenget.A

Reply to Message Icon

Name: Nita
Date: August 14, 2003 at 21:53:56 Pacific
OS: WindowsXP
CPU/Ram: Intel Pent.4
Comment:

Hi,
I have this virus called ADW TengetA in my computer and cannot get rid of it. Can anyone help me please? Thanks in advance.



Sponsored Link
Ads by Google

Response Number 1
Name: capt
Date: August 15, 2003 at 03:55:55 Pacific
Reply:

Nita, try using the virus scan at http://housecall.trendmicro.com/ Trend Micro had the most information and best removal instructions for your problem. Take care and all the best!


0

Response Number 2
Name: Nita
Date: August 15, 2003 at 08:00:51 Pacific
Reply:

Thanks Capt,
I went to the site, did the scan, but I didn't find info or removal info. It said the page was unavailable. So I am still stuck. Anymore ideas?


0

Response Number 3
Name: capt
Date: August 15, 2003 at 08:57:25 Pacific
Reply:

The removal instructions are listed in the virus definitions area of the Trend Micro website, so if you do a search you will find removal instructions there. Is the virus listed as a file in SYSTEM RESTORE? If it is you turn off SYSTEM RESTORE, then use your antivirus program scan, and if it is clean, then turn SYSTEM RESTORE back on. I suggest setting the slider to 2% instead of the default 10% to save disk space when you turn it back on. It will work just fine using less memory. You open My Computer by Right Clicking and selecting properties to turn off SYSTEM RESTORE.


0

Response Number 4
Name: Missvenita
Date: August 15, 2003 at 10:42:42 Pacific
Reply:

OK Capt,
That worked. Now my question is when I turn my system restore back on will the virus return also?
Thank you so much for helping me get this far.


0

Response Number 5
Name: JJ_Dynomite
Date: August 15, 2003 at 12:41:29 Pacific
Reply:

Nita,
Maybe this : http://www.computing.net/security/wwwboard/forum/5765.html
will help you.

Been there...unfortunately.

Good luck!


0

Related Posts

See More



Response Number 6
Name: capt
Date: August 15, 2003 at 14:03:07 Pacific
Reply:

The virus will be gone. System Restore files cannot be repaired/cleaned by an antivirus program, that is why you have to turn it off. When you turn off System Restore all the files are dumped. You start clean when you turn it back on. Many people do not use the System Restore function at all, but it can come in handy should you should encounter a problem while downloading/installing/changing a program.


0

Response Number 7
Name: Nita
Date: August 15, 2003 at 17:07:34 Pacific
Reply:

Capt,
Thank you so much for helping me. It is good to know that people like you all are out there.
Thanks Again!!!!


0

Response Number 8
Name: SloanOT
Date: August 18, 2003 at 18:11:20 Pacific
Reply:

Me Too!! Help


Logfile of HijackThis v1.96.1
Scan saved at 8:52:11 PM, on 8/18/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\WINDOWS\SYSTEM\SSDPSRV.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\SYSTEM\RESTORE\STMGR.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.exe
C:\WINDOWS\SYSTEM\PRPCUI.exe
C:\PROGRAM FILES\ONE-TOUCH\CP32NBTN.exe
C:\WINDOWS\SYSTEM\S3TRAYHP.exe
C:\WINDOWS\LOADQM.exe
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.exe
C:\SCNJET5S\HPSJPL32.exe
C:\PROGRAM FILES\TARGUS\USB CHARGE-SYNCCABLE\SETPORT.exe
C:\WINDOWS\SYSTEM\WINSERVN.exe
C:\PROGRAM FILES\ONE-TOUCH\CDROMMNT.exe
C:\PROGRAM FILES\ONE-TOUCH\KBOSDCTL.exe
C:\PROGRAM FILES\ONE-TOUCH\CP32NKCC.exe
C:\PROGRAM FILES\MICROSOFT HOME PUBLISHING\MHPRMIND.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\PROGRAM FILES\AMERICA ONLINE 8.0\WAOL.exe
C:\PROGRAM FILES\AMERICA ONLINE 8.0\SHELLMON.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\WINDOWS\SYSTEM\RNAAPP.exe
C:\WINDOWS\SYSTEM\TAPISRV.exe
C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/go/business-notebook
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com/go/business-notebook
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = iexplore
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O2 - BHO: Natural Language Navigation - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - C:\WINDOWS\SYSTEM\BHO001.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [CP32NOT] C:\PROGRA~1\ONE-TO~1\CP32NBTN.exe
O4 - HKLM\..\Run: [AlogServEXE] C:\Program Files\McAfee\McAfee VirusScan\AlogServ.exe
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\McAfee\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\WebScanX.exe
O4 - HKLM\..\Run: [S3TRAYHP] S3trayhp.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [HPSJ5 Polling Driver] C:\SCNJET5S\hpsjpl32.exe
O4 - HKLM\..\Run: [nsdriver] C:\WINDOWS\SYSTEM\nssys32.exe
O4 - HKLM\..\Run: [WINSTART001.EXE] C:\WINDOWS\System\WINSTART001.exe -b
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\Program Files\McAfee\McAfee VirusScan\VSHWIN32.exe
O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\Program Files\McAfee\McAfee VirusScan\WebScanX.exe
O4 - HKLM\..\RunServices: [VsecomrEXE] C:\Program Files\McAfee\McAfee VirusScan\VSEcomR.exe
O4 - HKLM\..\RunServices: [VsStatEXE] C:\Program Files\McAfee\McAfee VirusScan\VSSTAT.exe /SHOWWARNING
O4 - HKCU\..\Run: [SetPort] C:\Program Files\Targus\USB Charge-SyncCable\SetPort.exe
O4 - HKCU\..\Run: [ContentService] C:\WINDOWS\SYSTEM\winservn.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Startup: Microsoft Greetings Reminders.lnk = C:\Program Files\Microsoft Home Publishing\MHPRMIND.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .qt: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/go/business-notebook
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {A28DAC07-0D34-4A90-A0E6-CEE27208C86D} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw10fd.law10.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.150/1933e35834b603691419/netzip/RdxIE.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt0_x.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003080601/housecall.antivirus.com/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net


0

Response Number 9
Name: liekie
Date: August 20, 2003 at 15:45:03 Pacific
Reply:

HI I have the same problem. I run the HijackThis.


Logfile of HijackThis v1.96.1
Scan saved at 0:35:46, on 21-8-2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\WINDOWS\SYSTEM\SSDPSRV.exe
C:\WINDOWS\SYSTEM\DEVLDR16.exe
C:\PROGRAM FILES\WINROUTE LITE\WRLITE.exe
C:\WINDOWS\SYSTEM\STIMON.exe
C:\PROGRAM FILES\MESSENGER PLUS! 2\MSGPLUS.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\SYSTEM\RESTORE\STMGR.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.exe
C:\WINDOWS\LOADQM.exe
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\PROGRAM FILES\CREATIVE\WEBCAM GO CONTROL\CAMTRAY.exe
C:\WINDOWS\SYSTEM\U2PCMH02.exe
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.exe
C:\PROGRAM FILES\NETPUMPER\NETPUMPERIEPROXY.exe
C:\WINDOWS\SYSTEM\QTTASK.exe
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.exe
C:\PROGRAM FILES\ACCELERATION SOFTWARE\ANTI-VIRUS\DEFSCANGUI.exe
C:\PROGRAM FILES\RVP\BPC.exe
C:\PROGRAM FILES\BARGAIN BUDDY\BIN2\BARGAINS.exe
C:\WINDOWS\SYSTEM\HBINST.exe
C:\PROGRAM FILES\WINROUTE LITE\WRLADMIN.exe
C:\PROGRAM FILES\BABYLON\BABYLON.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\PROGRAM FILES\WINZIP\WZQKPICK.exe
C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.exe
C:\PROGRAM FILES\LOGITECH\WINGMAN SOFTWARE\LWEMON.exe
C:\PROGRAM FILES\BABYLON\utils\shlhook.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\PROGRAM FILES\MSN GAMING ZONE\ZPROXY.exe
C:\PROGRAM FILES\MSN GAMING ZONE\ZONE.exe
C:\WINDOWS\SYSTEM\PSTORES.exe
C:\PROGRAM FILES\NETPUMPER\NETPUMPER.exe
D:\DOWNLOAD PROGRAMMA'S\NETPUMPER\HIJACKTHIS.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.hotsearchbox.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.hotsearchbox.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.hotsearchbox.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.hotsearchbox.com/ie/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.nl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.hotsearchbox.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.hotsearchbox.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.shopnav.com/apps/epa/epa?cid=shnv9885&s=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.hotsearchbox.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = iexplore
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {00000EF1-34E3-4633-87C6-1AA7A44296DA} - C:\WINDOWS\SYSTEM\MPZ300.DLL
O2 - BHO: (no name) - {000004CC-E4FF-4F2C-BC30-DBEF0B983BC9} - C:\WINDOWS\IPINSIGT.DLL
O2 - BHO: (no name) - {6ACD11BD-4CA0-4283-A8D8-872B9BA289B6} - C:\PROGRAM FILES\ACCELERATION SOFTWARE\STOPSIGN\WEBCBROWSE.DLL
O2 - BHO: (no name) - {14b3d246-6274-40b5-8d50-6c2ade2ab29b} - (no file)
O2 - BHO: (no name) - {00000580-C637-11D5-831C-00105AD6ACF0} - C:\WINDOWS\MSVIEW.DLL
O2 - BHO: Natural Language Navigation - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - C:\WINDOWS\SYSTEM\BHO001.DLL
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRA~1\BARGAI~1\BIN2\APUC.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [WebCam Go Plus Sti Service Application] Wcgopsvc
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\WebCam Go Control\CAMTRAY.exe
O4 - HKLM\..\Run: [U2PCMH02.EXE] C:\WINDOWS\SYSTEM\U2PCMH02.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.exe
O4 - HKLM\..\Run: [NetPumper] "C:\Program Files\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.exe" -atboottime
O4 - HKLM\..\Run: [WebScan] C:\PROGRAM FILES\ACCELERATION SOFTWARE\ANTI-VIRUS\DEFSCANGUI.exe -k
O4 - HKLM\..\Run: [RVP] "C:\Program Files\RVP\bpc.exe"
O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin2\bargains.exe
O4 - HKLM\..\Run: [msbb] C:\WINDOWS\SYSTEM\MSBB.exe
O4 - HKLM\..\Run: [WINSTART001.EXE] C:\WINDOWS\System\WINSTART001.exe -b
O4 - HKLM\..\Run: [CFIMPSVZ] C:\WINDOWS\CFIMPSVZ.exe
O4 - HKLM\..\Run: [spp] regedit -s C:\spp.reg
O4 - HKLM\..\Run: [Hotbar] C:\WINDOWS\SYSTEM\HBINST.exe /Upgrade
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Devldr16] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [WRLite] "C:\Program Files\WinRoute Lite\wrlite.exe" /hide
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKCU\..\Run: [WRLiteAdm] "C:\Program Files\WinRoute Lite\wrladmin.exe" /hide
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\WingMan Software\lwtest.exe" /detect /quiet /launch "C:\Program Files\Logitech\WingMan Software\lwemon.exe /noui"
O4 - HKCU\..\Run: [ContentService] C:\WINDOWS\SYSTEM\winservn.exe
O4 - HKCU\..\Run: [li-speed00147] c:\program files\Webdialer\li-speed00147.exe -m
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Babylon Translator] C:\Program Files\Babylon\Babylon.exe
O4 - HKCU\..\RunServices: [WRLiteAdm] "C:\Program Files\WinRoute Lite\wrladmin.exe" /hide
O4 - HKCU\..\RunServices: [Start WingMan Profiler] "C:\Program Files\Logitech\WingMan Software\lwtest.exe" /detect /quiet /launch "C:\Program Files\Logitech\WingMan Software\lwemon.exe /noui"
O4 - HKCU\..\RunServices: [ContentService] C:\WINDOWS\SYSTEM\winservn.exe
O4 - HKCU\..\RunServices: [li-speed00147] c:\program files\Webdialer\li-speed00147.exe -m
O4 - HKCU\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\RunServices: [Babylon Translator] C:\Program Files\Babylon\Babylon.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
O8 - Extra context menu item: Ebates - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra 'Tools' menuitem: Block This Page (HKLM)
O9 - Extra button: Ebates (HKCU)
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://home.wanadoo.nl/music-place2be/freemp3s.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {FE8287E9-5F43-11D3-ABCA-00105A5C1F46} (HouseCall Control) - http://www.housecall.nl/housecall/xscan4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2002112001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clients/y/at0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potb_x.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_7.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {AB1E62EB-3DE3-428F-A417-64AB3C9B6CF0} (eConn Class) - http://econnect.libereco.net/econnect.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://64.146.72.210:8111/AxisCamControl.cab



0

Response Number 10
Name: scott
Date: August 22, 2003 at 06:39:29 Pacific
Reply:

adw.tenget.a on my computer....cannot figure this out. have two files quarantined by pc-cillin, but deleting does nothing as these files come back in the form of viruses at a later time. cannot figure out. found this forum with google. please email me an answer. thanks.

Logfile of HijackThis v1.96.1
Scan saved at 9:35:00 AM, on 8/22/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe
C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.exe
C:\Program Files\Norton Utilities\SYSDOC32.exe
C:\Program Files\Trend Micro\PC-cillin 2000\PNTIOMON.exe
C:\Program Files\AnalogX\POW\pow.exe
C:\Program Files\Trend Micro\PC-cillin 2000\pccntupd.exe
C:\Program Files\Norton Utilities\NPROTECT.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.usa-swimming.org/
O2 - BHO: (no name) - {000000DA-0786-4633-87C6-1AA7A4429EF1} - C:\WINDOWS\System32\emesx.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C2-5297EF71F44A} - C:\WINDOWS\System32\stlbupdt.DLL
O2 - BHO: (no name) - {80672997-D58C-4190-9843-C6C61AF8FE97} - C:\WINDOWS\rundll16.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar_en_2.0.95-big.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C2-5297EF71F44B} - C:\WINDOWS\System32\stlbupdt.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar_en_2.0.95-big.dll
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [Rundll16] C:\WINDOWS\rundll16.exe
O4 - HKLM\..\Run: [Windows explore] lexplore.exe
O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C2-5297EF71F44B}] rundll32.exe C:\WINDOWS\System32\stlbupdt.DLL,DllRunMain
O4 - HKLM\..\RunServices: [Windows explore] lexplore.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background
O4 - Startup: POW!.lnk = C:\Program Files\AnalogX\POW\pow.exe
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.exe
O4 - Global Startup: Real-time Monitor.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmtrans.html
O9 - Extra button: Browser Pal Toolbar (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37631.4282175926
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab


0

Response Number 11
Name: June
Date: August 22, 2003 at 17:25:22 Pacific
Reply:

I am new to the computer and I would like to know what the Hijack this is and how do you run it? I also have the ADW Tenget.A and I don't know how I got it. McAfee does not pick it up but Trend did pick it up. When I tried to delete it, it just came back as a recycled\Dc 71.exe and recycled\Dc72.dat. What will this virus do to your computer?


0

Sponsored Link
Ads by Google
Reply to Message Icon



Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Security and Virus Forum Home


Sponsored links
Ads by Google


Results for: A virus called ADW Tenget.A
ADW.Tenget.A virus? www.computing.net/answers/security/adwtengeta-virus/5765.html

WORM.AUTOMAT.AHB and adw tenget.a www.computing.net/answers/security/wormautomatahb-and-adw-tengeta-/6559.html

adw.tenget.a - trouble www.computing.net/answers/security/adwtengeta-trouble/6140.html