Author Topic: ispiqq.dll Trojan-gen {other} (SOLVED)  (Read 10968 times)

0 Members and 1 Guest are viewing this topic.

ratchetclan4

  • Guest
Re: ispiqq.dll Trojan-gen {other} (22/40) virus total scan
« Reply #15 on: March 25, 2009, 06:36:44 PM »
ok there we go..deleted out of chest and then deleted the one in suspect to the recycle bin then its virus alert came up and i deleted it out of the recycle bin... so all is well :P

Thanks For The Help...knowing me i would have just clicked restore...

also how can i go about removing this registry entry i mentioned

F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\oembios.exe,

i deleted oembios.exe with avast.. but that entry still is in my hi-jack this
i think thats what downloaded ispiqq.dll... as a result of me deleteing it
« Last Edit: March 25, 2009, 09:03:14 PM by ratchetclan4 »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: ispiqq.dll Trojan-gen {other} (22/40) virus total scan
« Reply #16 on: March 25, 2009, 08:13:49 PM »
You fix it in HJT

If the file is gone the registry entry (which is what HJT shows) is redundant so couldn't download anything, but you should still remove it using HJT.

Run HJT again (close any other windows except HJT), tick the box to the left of the suspect entry you wish to fix, click the Fix Selected Button.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

ratchetclan4

  • Guest
Re: ispiqq.dll Trojan-gen {other} (22/40) virus total scan
« Reply #17 on: March 25, 2009, 08:26:30 PM »
thanks that did it :)
guess my pc is totally clean now

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\cisvc.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Kontiki\KService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\TortoiseSVN\bin\TSVNCache.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\PowerISO\PWRISOVM.EXE
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Kontiki\KHost.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\program files\steam\steam.exe
D:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
D:\Program Files\Electronic Arts\EADM\Core.exe
D:\Program Files\Paltalk Messenger\paltalk.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\RALINK\Common\RaUI.exe
D:\Program Files\Xfire\xfire.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\cidaemon.exe
D:\Program Files\Opera\opera.exe
D:\Documents and Settings\Ryan\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - D:\Program Files\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - D:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [kdx] D:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Steam] "d:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [EA Core] "D:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - Startup: Xfire.lnk = D:\Program Files\Xfire\xfire.exe
O4 - Global Startup: PalTalk.lnk = D:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = D:\Program Files\RALINK\Common\RaUI.exe
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - D:\Program Files\IEPro\iepro.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - D:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: @D:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @D:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199300685734
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - D:\Program Files\Kontiki\KService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - D:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - D:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8259 bytes

Mr.Agent

  • Guest
Re: ispiqq.dll Trojan-gen {other} (22/40) virus total scan
« Reply #18 on: March 25, 2009, 08:28:09 PM »
i just looking fast at it i think its look good ask another guy i just looked fast like that :)

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: ispiqq.dll Trojan-gen {other} (22/40) virus total scan
« Reply #19 on: March 25, 2009, 08:38:22 PM »
That looks much better nothing obvious.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

ratchetclan4

  • Guest
Re: ispiqq.dll Trojan-gen {other} (22/40) virus total scan
« Reply #20 on: March 25, 2009, 08:45:06 PM »
thats good :D

also the last thing ill add so i dont have to start a new thread elsewhere :p is i have a file on my desktop called p16 thats been there for a good 5months+ that i cant find out how to get rid of


the type of file is file and its 0 bytes

now this file is a pain... it cant be shredded... if i delete it it says cannot read from source or disk.. it just will not go and i have no idea what it is or how it got there also it cant be moved..

its just a real real pain i was wondering if you know how to get rid of files like that?
 
« Last Edit: March 25, 2009, 08:52:48 PM by ratchetclan4 »

Offline scythe944

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2913
    • My Tech Blog
Re: ispiqq.dll Trojan-gen {other} (22/40) virus total scan
« Reply #21 on: March 25, 2009, 08:54:42 PM »
Quote
now this file is a pain... it cant be shredded... if i delete it it says cannot read from source or disk.. it just will not go and i have no idea what it is or how it got there also it cant be moved..

its just a real real pain i was wondering if you know how to get rid of files like that?

Try this file called "Unlocker" - http://majorgeeks.com/download.php?det=4660
For generic computer (not avast) problems, you can also visit my forum for help: http://www.jacobytech.net/forum

ratchetclan4

  • Guest
Re: ispiqq.dll Trojan-gen {other} (22/40) virus total scan
« Reply #22 on: March 25, 2009, 08:58:56 PM »
ah fianlly it got rid of it so glad that ugly sight is gone...

anyway i wont ask anymore questions :P already a 20 post thread

Thanks For the help

Offline scythe944

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2913
    • My Tech Blog
Re: ispiqq.dll Trojan-gen {other} (22/40) virus total scan
« Reply #23 on: March 25, 2009, 08:59:45 PM »
No problem.  ;D
For generic computer (not avast) problems, you can also visit my forum for help: http://www.jacobytech.net/forum

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: ispiqq.dll Trojan-gen {other} (22/40) virus total scan
« Reply #24 on: March 25, 2009, 09:00:27 PM »
Well 0 bytes in theory shouldn't be an issue, but you can hide huge amounts of data in the files Alternative Data Stream if your hard disks format is NTFS.

It is strange that is can't be shredded, what errors are displayed ?

If you right click on it and select Properties what information is there ?
Anything like what might own it, if it is actually a file (e.g. file type) or a shortcut to a file, etc.

If a shortcut what is it a shortcut too, file name and location, etc. ?

You really have to be a little more circumspect about deletion, you should 'never' delete anything until you have fully investigated what it is and if it is required, etc. and then if there is no negative side remove it.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

ratchetclan4

  • Guest
Re: ispiqq.dll Trojan-gen {other} (SOLVED)
« Reply #25 on: March 25, 2009, 09:02:51 PM »
oh well i kind of just deleted it there.. well remembering back there was no errors it just basically would remain there normally i would just drag it so far off my desktop only a little bit could be seen...

*shredded with tuneup utilities*

properties contains nothing except its file type... and size of 0 bytes..

ive read somewhere that its from a printer or something but thats impossible as i have no printer...

is there anyway i can recover that file scythe? i clicked the delete option using unlocker

« Last Edit: March 25, 2009, 09:12:36 PM by ratchetclan4 »

Offline scythe944

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2913
    • My Tech Blog
Re: ispiqq.dll Trojan-gen {other} (SOLVED)
« Reply #26 on: March 26, 2009, 02:44:08 PM »
It's possible, although unlikely.  Try this utility called, "Restoration" located here: http://www.snapfiles.com/get/restoration.HTML

You might be able to salvage it.

I doubt it was useful though.
For generic computer (not avast) problems, you can also visit my forum for help: http://www.jacobytech.net/forum

YoKenny

  • Guest
Re: ispiqq.dll Trojan-gen {other} (22/40) virus total scan
« Reply #27 on: March 26, 2009, 04:20:21 PM »
That looks much better nothing obvious.

Have they updated to SP3?

I can't see it from the HijackThis header.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: ispiqq.dll Trojan-gen {other} (SOLVED)
« Reply #28 on: March 26, 2009, 04:44:42 PM »
I don't know (but in the time frame I doubt it), I pointed it out on my first reply in Reply #3 of this topic, now it is down to them.

You could ask them.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

ratchetclan4

  • Guest
Re: ispiqq.dll Trojan-gen {other} (SOLVED)
« Reply #29 on: March 28, 2009, 05:31:55 PM »
nope sp3 isn't installed i have sp2...
when i got this pc it came with the dodgey pirated windows used to test it with
it has loads of programs,auto updates turned off ect...so when i got them it bluescreened the pc

so i had to install windows off this disk with the serial on the back i found lying about that i got off someone who bought it from a guy at work who sells dvds and loads of cds...

but ive kept automatic updates off right from when i installed windows xp pro just in case it happens again..



« Last Edit: March 28, 2009, 05:33:51 PM by ratchetclan4 »