iworm ...HELP please

Computing.Net > Forums > Security and Virus > iworm ...HELP please

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

iworm ...HELP please

Name: grunnion
Date: April 23, 2006 at 02:40:35 Pacific
OS: windows XP
CPU/Ram: P4
Product: generic

Comment:

I have the iworm virus. I have just run hijack this. Please could someone help me with this?
Thank you

Sponsored Link

Ads by Google

Response Number 1

Name: XpUser4Real
Date: April 23, 2006 at 07:37:53 Pacific

Reply:

Looks like there's a remover on this page
http://www.k7computing.com/newsinfo/Nimda.htm
It's about 1/2 way down the page
Give it a shot and post back
Hopefully my advice will help you...Please post back with your results....thanks

Response Number 2

Name: grunnion
Date: April 23, 2006 at 20:08:27 Pacific

Reply:

I'm not sure if this is the actual worm. I keep getting a message that I have iworm_attck_v122.02a on a pop-up as well as a whole bunch of other popups that are driving me crazy. When I first go to IE Explorer it seems to have configured the home page to about:blank, then it goes to another website called theguardservices.com and I get a smaller window that pops up saying Warning your PC is infected with spyware....browser version....."
Everytime I try to change the hompage back to what I want it goes back to this same theguardservices page.
Thanks for all your help...I'm not sure if I should still download the fix you suggested. I was a bit vague in my previous explanation. Would it help if I posted the reg details from the HIJACk this report out of notepad?

Response Number 3

Name: XpUser4Real
Date: April 23, 2006 at 20:15:07 Pacific

Reply:

Use the usual cleaners:
Spybot S&D
Adaware SE
CCleaner
ATF-Cleaner
Stinger
make sure they are up-dated before you scan.
Then try a free On-line Spyware Scan
and remove all it finds
Then I would try an on-line scan with bitdefender
post back if you still have problems

Hopefully my advice will help you...Please post back with your results....thanks

Response Number 4

Name: jabuck
Date: April 24, 2006 at 03:48:15 Pacific

Reply:

Please post your Hijack This log.

Response Number 5

Name: grunnion
Date: April 25, 2006 at 05:14:18 Pacific

Reply:

Hi guys
Here is the log you wanted.
Thanks,

Logfile of HijackThis v1.99.1
Scan saved at 7:28:43 PM, on 23/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\nvctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Gxwgznm\Bzuusf.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\P2PNET~1\P2PNET~1.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\graham.GRAHAM-2ZY2QRCZ.001\Desktop\Copy of IEXPLORE.exe
C:\DOCUME~1\GRAHAM~1.001\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.telstra.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Telstra BigPond
O2 - BHO: Nothing - {edbf1bc8-39ab-48eb-a0a9-c75078eb7c8e} - C:\WINDOWS\system32\hp7186.tmp
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Program Files\Security Toolbar\Security Toolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [WINSTA~1.EXE] C:\WINDOWS\System\WINSTA~1.exe -b
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EM_EXEC] C:\Program Files\Logitech\MouseWare\System\em_exec.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [efkp] C:\WINDOWS\efkp.exe
O4 - HKLM\..\Run: [Qimoyx] C:\Program Files\Gxwgznm\Bzuusf.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
O4 - HKLM\..\Run: [SpywareQuake] C:\Program Files\SpywareQuake\SpywareQuake.exe /h
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKCU\..\Run: [WinFixer2006] "C:\Program Files\WinFixer_2006\uwfx6.exe" /min
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: LG SyncManager.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.telstra.com
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c9.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095205685685
O17 - HKLM\System\CCS\Services\Tcpip\..\{6FE64589-07F4-4AEA-BB4F-163F649DD6B0}: Domain = nsw.bigpond.net.au
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

Iworm tried to upgrade my windows xp home edition and now my windows won't load i related:club.cdfreaks.com/f91/file-system-error-16389-help-please-151591/	help please. how do i install dat files for mcafee?? fix lsass help please just get a black screen when i run halo help please
See More

Response Number 6

Name: XpUser4Real
Date: April 25, 2006 at 07:59:42 Pacific

Reply:

Lots of nasties in there...see for yourself and then let jabuck direct you:
Hi-Jack This analyzer
Hopefully my advice will help you...Please post back with your results....thanks

Response Number 7

Name: jabuck
Date: April 25, 2006 at 19:47:41 Pacific

Reply:

Temporarlily disable Norton's script blocking before running the following tools or the fixes may not work. Also disable real time protection for any of these anti spyware tools that you may have by following the directions at this link Real Time Protection You can reset Noton's when you are clean along with the others.
Please download http://www.atribune.org/public-beta/VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it. Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click yes.
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click ok.
Turn your computer back on.
Then go throught he spyware quake removal procedure at this link Spyware Quake Removal
please post a copy of the log located at C:\vundofix.txt and a new HiJackThis log. You still have some other baddies to remove.

Sponsored Link

Ads by Google

Counter-Strike problem af...

Spyware removal help

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: iworm ...HELP please

help please!

Summary

www.computing.net/answers/security/help-please/18874.html

Popup plague =Hijack? help please

Summary

www.computing.net/answers/security/popup-plague-hijack-help-please/11772.html

Help please

Summary

www.computing.net/answers/security/help-please/14582.html

From the Geek Dictionary
squealer - A squealer is someone who plays video games who annoyingly sounds and acts ...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 5 Days.
Discuss in The Lounge
Poll History

Recent Posts
Power Button, connection broke

Hyper-V kills all other wireless clients

server busy

internet explorer script error

gaberiel knight 3

All Awaiting Reply

Tom's News
Woman Tracks Down Club Attacker on Facebook

Geolocation Functions Come to Twitter

New Craigslist Trend: Trade Sex for Rent?

Law Firm Investigates MS Over Xbox Live Bans

Amazon Charges $25 for Palm Pixi and $80 for Pre

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE