Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
i got a nasty virus i guess.
in my taskbar (where the clock is) a virus alert pops on. I cant get rid of it...
I ran spybot, adaware, panda, AVG, Cwshredder, nothing works...I got zonealarm and AVG installed.
Any1 know the solution?
Thanks
You will most likely need to post a Hijack This log so that the files associated with the virus can be identified. You can download Hijack This at this link http://www.tomcoyote.org/hjt/ then place it into a folder of it's on, such as C:\HJT, so that back up copies can be made and not clutter your desktop or other folders and the backup copies of deleted items can be easily located if needed.
Once saved double click HijackThis.exe, and press "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, Ctrl-A to Select All, and copy its contents into the text editor.Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.
0 
Hi there
My Hijack This log:
Logfile of HijackThis v1.99.1
Scan saved at 8:40:06, on 9/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
c:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\WINDOWS\Explorer.exe
D:\WINDOWS\SOUNDMAN.exe
D:\WINDOWS\System32\GSICON.exe
D:\WINDOWS\System32\dslagent.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\System32\wuauclt.exe
C:\hijack\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG7_CC] c:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] c:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.exe D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131467596745
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0F0A551-9EF5-42C5-B658-63495993570E}: NameServer = 195.238.2.22 195.238.2.21
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - c:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - c:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exeI already got rid of two virusses named
mssearchnet.exe and nvctrl.exeWhen I click the virus alert my IE gets redirected too spyaxe.
I looked around and found spyware named after Smitfraud, searched it on the web. Did what they say i had too do (smitrem, etc..) Still doesnt work.
Help...
Thanks
0
Download Ewido Security Suite then set it up this way Ewido Setup Instructions reboot into Safe Mode and run Ewido
Please reboot into normal mode and post the ewido log.
0
Hi I've got the same problem, how do the Hijack this log help me? Can I post it here to get help? I've also got Ewido security suite. Shall post the Safe Mode Ewido log to?
Stefan
0
Okay, I ran ewido, I can submit the log if you would like but it found the file mad.dll(in system32) to be the culprit. I have a stand alone bootable CD that can run my operating drive as a slave, but my computer doesnt seem to like bootable CDs. Any ideas on how to get rid of this dll file without taking my HD and slaving into another computer???
0
The solution has been found. Goto my post at #16942 or look for topic title "spyaxe problems" and the solution is in the topic. I have tried it and am now free of the virus alert. Thank you all for your responses.
0
Hi all
Newbie here, and at a 2 year old level comapred to the rest of you for computer knowledge. I have this same Spyaze problem, and am trying to get to the post you mention above (#16942), but can't seem to locate anywhere here how to get to that post! Please help. Thanks.
Greg
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
