look like ive acquired a good Virus this time

June 16, 2010 at 17:26:15
Specs: xp64 pro sp2, 2.4G athlon x2 dual
i posted a topic here for my virus problem accidentally, can someone please take a look at it, i dont want to double post it.

http://www.computing.net/answers/wi...


See More: look like ive acquired a good Virus this time

Report •

#1
June 17, 2010 at 06:54:45
More info would be cool, the other post was removed!!

Malware Removal How To's


Report •

#2
June 17, 2010 at 19:02:03
what kind of info do you need, i have read the forum, etc... i read your post link as well. keep in mind i have a 64bit system too. i would like to submit a hijack log.

system restore is disabled, things are running much better, i just want to make sure i have any possible infection off the sytem.


Report •

#3
June 17, 2010 at 19:03:08
I will look at your log, no problem!!! Post away!!!

Cheers

Malware Removal How To's


Report •

Related Solutions

#4
June 18, 2010 at 01:53:13
here it is, thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:52:34, on 6/18/2010
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\Java\jre6\bin\jqs.exe
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\WIN64\system32\Rundll32.exe
C:\PROGRA~2\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\WinPatrol\winpatrol.exe
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Data\My Files\My Downloads\security\virus removal\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.flipdummie.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files (x86)\WinPatrol\winpatrol.exe" -expressboot
O4 - HKLM\..\Run: [boincmgr] "C:\Program Files\BOINC\boincmgr.exe" /a /s
O4 - HKLM\..\Run: [boinctray] "C:\Program Files\BOINC\boinctray.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D159DD6-75CE-4396-8E43-AC939F71582D}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{B98EC928-9598-44AC-96FC-866F566654F2}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3E4A342-8B3F-4F6D-B901-50768E23A700}: NameServer = 66.174.92.14 69.78.96.14
O17 - HKLM\System\CS1\Services\Tcpip\..\{1D159DD6-75CE-4396-8E43-AC939F71582D}: NameServer = 156.154.70.22,156.154.71.22
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WIN64\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WIN64\system32\services.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WIN64\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WIN64\system32\imapi.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files (x86)\Java\jre6\bin\jqs.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WIN64\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WIN64\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WIN64\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WIN64\system32\nvsvc64.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WIN64\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WIN64\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WIN64\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WIN64\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WIN64\system32\lsass.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WIN64\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WIN64\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WIN64\system32\wbem\wmiapsrv.exe (file missing)

--
End of file - 5657 bytes


Report •

#5
June 19, 2010 at 13:32:07
ok, do you need more info?

im using AVG free for antivirus, and Comodo for firewall. comodo kept kicking back the avgupdate.exe file, is that known to be malware in the past?

You can see the flipdummie.com link is still there. it was hanging on restarts, and windows update was hanging after the first update. i had to cancel it, and it just hung there. it was runnign relaly slowly until i removed that file mentioned in my other post. ezsidmv.dat i think it was. i used winpatrol for that.
do you think that was even malware?

i was also getting this for a while;
malware buytes update reports error has occurred, MBAM_ERROR_UPDATING (12007, 0, WinHTTPSendRequest)

and i also wondered if this was a problem a file on my old system residing on a backup drive;
d:\windows\nircmd.exe

now its running alot better, and i havent done anything since i posted the log so its an accurate representation of my system to date.



Report •

#6
June 19, 2010 at 14:30:46
Download this program:

http://oldtimer.geekstogo.com/OTL.exe

Double click on the icon to run it. Make sure all other
windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in:

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5


Click the Quick Scan button. Do not change any settings.

The scan will not take long.

When the scan completes, it will open two notepad windows.
OTL.Txt and Extras.Txt.

These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of
these files, one at a time, and post them back here!

Malware Removal How To's


Report •

Ask Question