Author Topic: virus... help  (Read 6864 times)

0 Members and 1 Guest are viewing this topic.

Offline enen

  • Newbie
  • *
  • Posts: 15
virus... help
« on: November 15, 2008, 09:27:39 AM »
sir ,.. im using avast antivir..unfortunately it has been infected by a vbs. script file...
 wdp-ash-updscript.vbs.... what should i do sir? thank you ... it has change a lot in my computer setting//
thank you very much sir!

Offline Jtaylor83

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1066
Re: virus... help
« Reply #1 on: November 15, 2008, 09:50:50 AM »
Can you run a boot-scan?


I suggest MalwareByte's Anti-Malware.
Avast 6.0, MalwareByte's Anti-Malware, CCleaner, Defraggler, DownloadHelper, WOT, NoScript, KeyScrambler, Thunderbird, Firefox, Windows XP SP3.

Offline enen

  • Newbie
  • *
  • Posts: 15
Re: virus... help
« Reply #2 on: November 15, 2008, 12:42:08 PM »
Sir irs still doesnt work... it only remove some malwares but the wdp-ash-updscript.vbs is'nter  remove from the folder of alwilsoftware or the avast,.. sir i have found a file from internet about this vbs her it is.http://www.avast.com/eng/avast_plus_wdp.html, but i cant understand how to figure this one... and i cant find the windows disk security... i hope that u'll help me sir... thank you!

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: virus... help
« Reply #3 on: November 15, 2008, 12:46:12 PM »
wdp-ash-updscript.vbs is a legitimate avast! file.

Check it out at VirusTotal.
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline enen

  • Newbie
  • *
  • Posts: 15
Re: virus... help
« Reply #4 on: November 15, 2008, 12:58:19 PM »
sir what do u mean a legitemate avast file?

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: virus... help
« Reply #5 on: November 15, 2008, 01:05:45 PM »
I mean it's part of the avast! program.

You can confirm this at VirusTotal.

From your log posted elsewhere, I can see you have avast! and AntiVir installed: this will cause problems. You must uninstall one of them. If you want to keep avast!, I'd recommend a clean install: uninstall both AV's, run the AntiVir removal tool, then reinstall avast!

http://www.pchell.com/virus/uninstallantivir.shtml
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline enen

  • Newbie
  • *
  • Posts: 15
Re: virus... help
« Reply #6 on: November 15, 2008, 02:28:12 PM »
sir ive done what u have said.. sir i also uninstall the avast... should i install it again.. sir some problemss are still occuring on my laptop.. like when i install a program.. another porgram r installing.. here is my new high jack log file.. what should  do sir??? thank you in advance sir!!!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:35:54 PM, on 11/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\knlwrap.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ikernel.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\PDF Converter 3.0\\RegistryController.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [UberIcon] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\PDF Converter 3.0\IEShellExt.dll /100
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://213.196.182.244/activex/AMC.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 5710 bytes

Offline enen

  • Newbie
  • *
  • Posts: 15
Re: virus... help
« Reply #7 on: November 15, 2008, 02:43:14 PM »
sir, r u still der?
.....

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: virus... help
« Reply #8 on: November 15, 2008, 02:44:30 PM »
You need to decide which anti-virus program you want.

If you decide you want avast!, you need to reinstall it.
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline enen

  • Newbie
  • *
  • Posts: 15
Re: virus... help
« Reply #9 on: November 15, 2008, 03:14:29 PM »
thank you sir!!! hope it works fine,,, i appreciate ur kindness!

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: virus... help
« Reply #10 on: November 15, 2008, 03:25:42 PM »
You're welcome.

I can't see anything obviously wrong in the HijackThis! log.

What other program is installing when you install a program? Can you give details?
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline enen

  • Newbie
  • *
  • Posts: 15
Re: virus... help
« Reply #11 on: November 17, 2008, 11:33:40 AM »
sir the logitech webcam software... and in my add remove programs some porgrams have gone and yet they are still installed in my computer...
in short they are installed in my computer, but their names are not in the add and remove programs? how can this be sir? is it ok? or i have been affected by a virus?... thank you sir!!!!