« previous next »
Pages: [1]   Go Down

Author Topic: Help with pos. virus: hectwijk.exe  (Read 2707 times)

0 Members and 1 Guest are viewing this topic.

secretpudding

  • Guest
Help with pos. virus: hectwijk.exe
« on: September 16, 2004, 04:00:06 AM »
Can some one help me with what I think is a virus but avast! doesn't catch it?

I live in Japan and I have an ISDN connection to the internet.  When I connect sometimes none of my internet applications work.  But if I check my connection status I'm receiving about 2KB a second and sending out about 5-10KB a second.
Then if I open the task manager and kill these two processes: hectwijk.exe and hpztsb05.exe
I can get my bandwidth back.  This seems like a virus to me but I don't know anything.  I have avast! 4.1 Home with fully up to date virus database but it says I'm fine.  Please HELP!

Thanks,
Logged

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31072
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:Help with pos. virus: hectwijk.exe
« Reply #1 on: September 16, 2004, 04:13:47 AM »
hpztsb05.exe is the HP (printer) taskbar util. The other is unknow and very suspicious. Please click on the link in my signature, get the HijackThis Log Analyzer (comes with the latest version of HijackThis) and use it. If you still have problems after doing so, post the HJT log here.
Logged

secretpudding

  • Guest
Re:Help with pos. virus: hectwijk.exe
« Reply #2 on: September 16, 2004, 04:27:47 AM »
Thanks for your prompt help.  I ran HijackThis and cleared out hectwijk.exe when it occured in a couple places (mostly Windows Update places) and it hasn't reoccured, but I have been having chronic problems so if you wouldn't mind looking over my new log file to make sure I shouldn't delete any of this stuff, Thanks:

Logfile of HijackThis v1.98.2
Scan saved at 11:25:06 AM, on 9/16/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\CTSvcCDA.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\Audio\PROGRAM\CTMIX32.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\hijackthis.exe

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio\PROGRAM\CTMIX32.EXE /t
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Update] muamgrd.exe
O4 - HKLM\..\Run: [Microsoft WinUpdates] serm32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\RunServices: [Microsoft Update] muamgrd.exe
O4 - HKLM\..\RunServices: [Microsoft WinUpdates] serm32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3F14A11-6CF8-4C18-9B39-3E001B82E6F2}: NameServer = 221.113.139.250 202.234.232.6

Logged

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31072
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:Help with pos. virus: hectwijk.exe
« Reply #3 on: September 16, 2004, 04:37:59 AM »
1] Disable system restore INFO
2] Reboot
3] Run Hijackthis and fix the following lines:
 - O4 - HKLM\..\Run: [Microsoft Update] muamgrd.exe
 - O4 - HKLM\..\Run: [Microsoft WinUpdates] serm32.exe
 - O4 - HKLM\..\RunServices: [Microsoft Update] muamgrd.exe
 - O4 - HKLM\..\RunServices: [Microsoft WinUpdates] serm32.exe
4] Reboot
5] Tell us if you still have problems.
Logged
Pages: [1]   Go Up
« previous next »