Unsure what to do with virus

Computing.Net > Forums > Security and Virus > Unsure what to do with virus

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Unsure what to do with virus

Name: mer
Date: January 12, 2004 at 20:07:07 Pacific
OS: Win XP
CPU/Ram: 256

Comment:

I was hoping someone with a little more knowledge than myself could tell me what to do with these viruses that the online RAV antivirus found. It found this stuff:
Scanning boot sectors...
Scanning files...
C:\RECYCLER\S-1-5-21-2371044960-2285650368-2944542891-1005\Dc1.zip->VerifierBug.class - Java/Bytverify -> Infected
C:\RECYCLER\S-1-5-21-2371044960-2285650368-2944542891-1005\Dc2.zip->VerifierBug.class - Java/Bytverify -> Infected
C:\RECYCLER\S-1-5-21-2371044960-2285650368-2944542891-1005\Dc3.zip->VerifierBug.class - Java/Bytverify -> Infected
C:\RECYCLER\S-1-5-21-2371044960-2285650368-2944542891-1005\Dc4.zip->VerifierBug.class - Java/Bytverify -> Infected
C:\RECYCLER\S-1-5-21-2371044960-2285650368-2944542891-1005\Dc5.zip->VerifierBug.class - Java/Bytverify -> Infected
C:\RECYCLER\S-1-5-21-2371044960-2285650368-2944542891-1005\Dc6.zip->VerifierBug.class - Java/Bytverify -> Infected
C:\WINDOWS\system32\q78kdov0.dll - Tool:PornDialer.CT -> Infected
It found a few others but I deleted them and scanned again, the last one it found previously but I could not delete it. The others it did not find in the first scan, I wonder why that is. By deleting the others should that completely get rid of them? And what do you suggest to get rid of these?

Sponsored Link

Ads by Google

Response Number 1

Name: Tope
Date: January 12, 2004 at 21:34:50 Pacific

Reply:

Those are already in the recycle bin. Empty it.
<><><>Tope<><><>

Response Number 2

Name: iceblue
Date: January 13, 2004 at 03:15:27 Pacific

Reply:

Yep;
when you delete something it goes to the Recycle Bin which has a folder name 'RECYCLERS'. They are rendered inactive there but always best to empty the recycle bin and remove them completely from your system. [Always write down what you find - you can always do a 'search' for it later.]
Java/Byteverify is an exploitable hole in the Windows system that needs patching by installing a security update from windowsupdates. DO this straightaway; please find all the security related updates and install them. You can find them here: windowsupdates
The last one however is still in the system.
C:\WINDOWS\system32\q78kdov0.dll - Tool:PornDialer.CT -> Infected
You could try starting in safe mode and deleting it.
You could try another online scan: Housecall
And we would advise going through this process. Computing.Net Guidelines
Post back a reply for detailed instructions for HijackThis.
PS don�t try to fix anything with it; post a log here for analysis.
iceblue

Response Number 3

Name: mer
Date: January 13, 2004 at 15:01:15 Pacific

Reply:

Ok thanks for the speedy reply, you guys are awesome and really should be commended for helping people like myself dig out of the messes they get into, just wanna say I really appreciate your effort.
Here is what I've done, ran CW Shredder, Spybot, got rid of some stuff with Spybot, and Adwaware 6, I also did the Housecall, Panda, and RAV online scan. As per your instructions I ran my computer in safe mode and was able to delete the virus in the system32 folder as well as two others that were quarantined, thanks for the advice. Im actually doing the Windows security updates now and hope that helps out in the future. As you requested here is my hijack log i will not touch until instructed to, hopefully it looks good and clean.

Logfile of HijackThis v1.97.7
Scan saved at 5:47:03 PM, on 1/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\System32\QCONSVC.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\System32\NWTRAY.exe
C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
D:\profile.cu\Local Settings\Temporary Internet Files\Content.IE5\AT6NORI5\HijackThis[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clemson.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = ,
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.exe
O4 - HKLM\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.exe
O4 - HKLM\..\Run: [ACUMon] "C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Tau Monitor] C:\PROGRA~1\Agnitum\TAUSCA~1.6\taumon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\netware\nwws2nds.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs5b.instantservice.com/jars/customerxsigned35.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37909.7485300926
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
I still think I have some sort of problem onmy system, sometimes my webpages wont let me scroll up or down, and at times when i type a new web address it is very slow. Not sure if this has anything to do with a virus or not but I cannot send mail from my Eudora email, it comes back with an error, have any idea why that is?
Well again I wanna say thanks and best of luck to all of you in 2004!!!
Mer

Sponsored Link

Ads by Google

what to do with .dll files webpage scrolls cisco 350 aironet driver xp what to do with an old mac laptop what to do if internet wont connect mac what to do with broken imac hard disk fried on mac what to do? unix to dos conversion dos pipe boot to dos	booting to dos dos with gui hex to dos dos ramdisk dos search DOS with xp dos menu dos chat dos with vmware dos shredder
See More

Trojan.Startpage virus pr...

Problem with Nav 2003

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Unsure what to do with virus

What to do about hacker attacks

Summary

www.computing.net/answers/security/what-to-do-about-hacker-attacks/5993.html

What to do with Trojan Horses?

Summary

www.computing.net/answers/security/what-to-do-with-trojan-horses/7010.html

im confused , i dont no what to do

Summary

www.computing.net/answers/security/im-confused-i-dont-no-what-to-do/21493.html

From the Geek Dictionary
Microsoft - It is an American-based multinational computer technology corporation that ...

Ask a Question!

Weekly Poll
Did you go shopping on Black Friday?

Poll Finishes In 2 Days.
Discuss in The Lounge
Poll History

Recent Posts
Windows freezes a minute after boot!

Avast giving false positives

What is the fastest laptop for under $1k

Do all wireless routers allow turn off wirele

Antivirus System pro attack

All Awaiting Reply

Tom's News
New Super Mario Bros. Wii Looks Great in 1080p

Parents Pull Girl's Tooth, Scares Cat With RC Car

Xbox Live Marketplace Getting Pets

Snoop Dogg Lends His Voice to GPS Navigation

Roomba Saves Family From Poisonous Snake

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE