Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Some virus messages appear in my computer. Some icon apppear in my tray telling me that my computer is infected with a worm call worm_attack_v22.02. when i click it,it direct me to spyware removal site telling me to buy from it. How can i remove this virus? I also download hijackthis and save log file. what can i do with it?
Htun Lynn Thaw
Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified.
Please download HJTsetup.exe from this link http://www.thespykiller.co.uk/files/HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click "next" in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
Put a check by "Create a desktop icon" then click "Next" again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click "Finish" and it will launch Hijack This.
Click on the "Do a system scan and save a logfile" button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log and post it in this thread.Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.
0 
This is my hijack this log.....
Logfile of HijackThis v1.99.1
Scan saved at 1:31:50 PM, on 7/23/2006
Platform: Windows 2003 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 (6.00.3790.0000)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\chatterbox\chatserver.exe
C:\PROGRA~1\SAV\DefWatch.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe
C:\PROGRA~1\SAV\Rtvscan.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\wins.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\CNAB4RPK.exe
C:\PROGRA~1\SAV\vptray.exe
C:\CCProxy\CCProxy.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\Program Files\WinZip\WZQKPICK.exe
C:\WINDOWS\System32\MsgSys.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CafeSuite\CafeStation.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\{5C4D2656-03E4-1033-0816-009809230001}\Update.exe
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\ismon.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\isnotify.exe
C:\Program Files\Avant Browser\avant.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\PROGRA~1\Java\JRE15~1.0_0\bin\javaw.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\mstsc.exe
D:\hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lavasoft.de/news/product/info/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.254:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\system32\ixt0.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SAV\vptray.exe
O4 - HKLM\..\Run: [CCProxy] C:\CCProxy\CCProxy.exe
O4 - HKLM\..\Run: [defender] c:\\dfndrdd_6.exe
O4 - HKLM\..\Run: [keyboard] c:\\kybrddd_6.exe
O4 - HKLM\..\Run: [newname] c:\\nwnmdd_6.exe
O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKLM\..\RunOnce: [MyWebSearch bar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Tencent QQ.lnk = C:\Program Files\Tencent\QQ\QQ.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.exe
O8 - Extra context menu item: &Create sURL - C:\Program Files\Avant Browser\Extensions\Misc\lusURL.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Add to QQ Customized Panel - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: Add to QQ Emoticons - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Add to Restricted sites - C:\Program Files\Avant Browser\Extensions\Misc\msZones_R.htm
O8 - Extra context menu item: Add to Trusted sites - C:\Program Files\Avant Browser\Extensions\Misc\msZones_T.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Copy as HTML - C:\Program Files\Avant Browser\Extensions\Misc\msCopyAsHTML.htm
O8 - Extra context menu item: Copy Image URL - C:\Program Files\Avant Browser\Extensions\Misc\msCopyImageURL.htm
O8 - Extra context menu item: Create sURL - C:\Program Files\Avant Browser\Extensions\Misc\lusURL_text.htm
O8 - Extra context menu item: Dictionary Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luDictionary.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE12\EXCEL.EXE/3000
O8 - Extra context menu item: Encarta Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luEncarta.htm
O8 - Extra context menu item: Exalead (Beta) Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luExalead.htm
O8 - Extra context menu item: Gada Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luGada.htm
O8 - Extra context menu item: Get The Referer! - C:\Program Files\Avant Browser\Extensions\Misc\Get The Referer!.url
O8 - Extra context menu item: Google Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luGoogle.htm
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Hyperdictionary Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luHyperdictionary.htm
O8 - Extra context menu item: Info Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luInfo.htm
O8 - Extra context menu item: Is this domain HOST'ed? - C:\Program Files\Avant Browser\Extensions\Lookup\luHPHO.htm
O8 - Extra context menu item: Is this link HOST'ed? - C:\Program Files\Avant Browser\Extensions\Lookup\luHPHO_link.htm
O8 - Extra context menu item: Is this site HOST'ed? - C:\Program Files\Avant Browser\Extensions\Lookup\luHPHO_text.htm
O8 - Extra context menu item: Lookup link on SiteAdvisor - C:\Program Files\Avant Browser\Extensions\Lookup\luSA_link.htm
O8 - Extra context menu item: Lookup site on SiteAdvisor - C:\Program Files\Avant Browser\Extensions\Lookup\luSA_text.htm
O8 - Extra context menu item: Merriam-Webster Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luMWeb.htm
O8 - Extra context menu item: Microsoft Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luMicrosoft.htm
O8 - Extra context menu item: MSN Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luMSN.htm
O8 - Extra context menu item: MultiSearch - C:\Program Files\Avant Browser\Extensions\Lookup\MultiSearch.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open frame in new window - C:\Program Files\Avant Browser\Extensions\Misc\msBOOF.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Open URL - C:\Program Files\Avant Browser\Extensions\Misc\OpenURL.htm
O8 - Extra context menu item: Save Open Browser Windows - C:\Program Files\Avant Browser\Extensions\Misc\mSaveOpenWindows.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Search AB Forums - C:\Program Files\Avant Browser\Extensions\Lookup\luABF.htm
O8 - Extra context menu item: Send picture by MMS - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Send the Picture by QQ MMS - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: Send To Notepad - C:\Program Files\Avant Browser\Extensions\Misc\SendToNotepad.htm
O8 - Extra context menu item: SiteAdvisor Lookup - C:\Program Files\Avant Browser\Extensions\Lookup\luSA.htm
O8 - Extra context menu item: Translate page with Babelfish - C:\Program Files\Avant Browser\Extensions\Translators\tBFish.htm
O8 - Extra context menu item: Translate selected text with Babelfish - C:\Program Files\Avant Browser\Extensions\Translators\tBFish_text.htm
O8 - Extra context menu item: Translate selected text with Google - C:\Program Files\Avant Browser\Extensions\Translators\tGoogle_text.htm
O8 - Extra context menu item: Translate URL with Babelfish - C:\Program Files\Avant Browser\Extensions\Translators\tBFish_URL.htm
O8 - Extra context menu item: Translate URL with Google - C:\Program Files\Avant Browser\Extensions\Translators\tGoogle_URL.htm
O8 - Extra context menu item: Translate with Google - C:\Program Files\Avant Browser\Extensions\Translators\tGoogle.htm
O8 - Extra context menu item: Verify Webpage Location - C:\Program Files\Avant Browser\Extensions\Misc\Verify Webpage Location.url
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.exe
O9 - Extra 'Tools' menuitem: Tencent QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQìŲʹ¤¾ßÌõÉèÖà - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.exe
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.exe
O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.jcash.biz/l/00f0ac4c9b7549a7738cb473ce8a9cc6_13.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/promocache/3436342D2D2D.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152529015328
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4774/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{74730AB1-66CB-468B-852A-6AECFE2C8761}: NameServer = 203.81.71.69,203.81.71.73
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2605394-FF03-4A19-A794-705BCEE6A183}: NameServer = 203.81.71.69,203.81.71.73
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\\NavLogon.dll
O20 - Winlogon Notify: winjrs32 - C:\WINDOWS\SYSTEM32\winjrs32.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\system32\vbsys2.dll
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - C:\WINDOWS\system32\pmnqguh.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Chat Server (ChatServer) - Unknown owner - c:\chatterbox\chatserver.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SAV\DefWatch.exe
O23 - Service: Symantec AntiVirus Server (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SAV\Rtvscan.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exeHtun Lynn Thaw
0
Download SmitRem.exe and save the file to your desktop.
Doubleclick it and choose install. This will create a new folder on your desktop with the name smitrem.Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
Reboot back into Windows normal mode.Do a search for "smitfiles.txt" usually found a C:\smitfiles.txt and post the results of the scan.
Post a new Hijack This log please.
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
