|
|
|
taskbar virus
|
Original Message
|
Name: glennos
Date: November 8, 2005 at 09:14:18 Pacific
Subject: taskbar virusOS: XP proCPU/Ram: AMD 2ghz 768RAM |
Comment: i got a nasty virus i guess. in my taskbar (where the clock is) a virus alert pops on. I cant get rid of it... I ran spybot, adaware, panda, AVG, Cwshredder, nothing works... I got zonealarm and AVG installed. Any1 know the solution? Thanks
Report Offensive Message For Removal
|
|
Response Number 1
|
Name: jabuck
Date: November 8, 2005 at 09:46:57 Pacific
Subject: taskbar virus |
Reply: (edit)You will most likely need to post a Hijack This log so that the files associated with the virus can be identified. You can download Hijack This at this link http://www.tomcoyote.org/hjt/ then place it into a folder of it's on, such as C:\HJT, so that back up copies can be made and not clutter your desktop or other folders and the backup copies of deleted items can be easily located if needed. Once saved double click HijackThis.exe, and press "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that, save the log, Ctrl-A to Select All, and copy its contents into the text editor. Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.
Report Offensive Follow Up For Removal
|
|
Response Number 3
|
Name: glennos
Date: November 8, 2005 at 23:44:10 Pacific
Subject: taskbar virus |
Reply: (edit)Hi there My Hijack This log: Logfile of HijackThis v1.99.1 Scan saved at 8:40:06, on 9/11/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe c:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe c:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe D:\Program Files\ewido\security suite\ewidoctrl.exe D:\WINDOWS\System32\nvsvc32.exe D:\WINDOWS\system32\ZoneLabs\vsmon.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\SOUNDMAN.EXE D:\WINDOWS\System32\GSICON.EXE D:\WINDOWS\System32\dslagent.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe D:\Program Files\Internet Explorer\iexplore.exe D:\WINDOWS\System32\wuauclt.exe C:\hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [AVG7_CC] c:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] c:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131467596745 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C0F0A551-9EF5-42C5-B658-63495993570E}: NameServer = 195.238.2.22 195.238.2.21 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - c:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - c:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe I already got rid of two virusses named mssearchnet.exe and nvctrl.exe When I click the virus alert my IE gets redirected too spyaxe. I looked around and found spyware named after Smitfraud, searched it on the web. Did what they say i had too do (smitrem, etc..) Still doesnt work. Help... Thanks
Report Offensive Follow Up For Removal
|
|
Response Number 5
|
Name: steffo5
Date: November 10, 2005 at 00:18:51 Pacific
Subject: taskbar virus |
Reply: (edit)Hi I've got the same problem, how do the Hijack this log help me? Can I post it here to get help? I've also got Ewido security suite. Shall post the Safe Mode Ewido log to? Stefan
Report Offensive Follow Up For Removal
|
|
Response Number 6
|
Name: landahoy
Date: November 11, 2005 at 17:43:01 Pacific
Subject: taskbar virus |
Reply: (edit)Okay, I ran ewido, I can submit the log if you would like but it found the file mad.dll(in system32) to be the culprit. I have a stand alone bootable CD that can run my operating drive as a slave, but my computer doesnt seem to like bootable CDs. Any ideas on how to get rid of this dll file without taking my HD and slaving into another computer???
Report Offensive Follow Up For Removal
|
|
Response Number 8
|
Name: landahoy
Date: November 12, 2005 at 09:23:08 Pacific
Subject: taskbar virus |
Reply: (edit)The solution has been found. Goto my post at #16942 or look for topic title "spyaxe problems" and the solution is in the topic. I have tried it and am now free of the virus alert. Thank you all for your responses.
Report Offensive Follow Up For Removal
|
|
Response Number 9
|
Name: zr1owner
Date: December 4, 2005 at 00:36:43 Pacific
Subject: taskbar virus |
Reply: (edit)Hi all Newbie here, and at a 2 year old level comapred to the rest of you for computer knowledge. I have this same Spyaze problem, and am trying to get to the post you mention above (#16942), but can't seem to locate anywhere here how to get to that post! Please help. Thanks. Greg
Report Offensive Follow Up For Removal
|
Use following form to reply to current message:
|
|

|