Author Topic: I got loads of viruses! Help me!!!!!!!!  (Read 12730 times)

0 Members and 1 Guest are viewing this topic.

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2220
    • The WAR Against Malware
I got loads of viruses! Help me!!!!!!!!
« on: May 03, 2009, 06:24:12 PM »
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:23:31 PM, on 5/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows SteadyState\SCTSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O4 - HKLM\..\Run: [Bubble] "%ProgramFiles%\Windows SteadyState\Bubble.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\MegaCool\SOMETH~1\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\WEB2~1\Office12\REFIEBAR.DLL
« Last Edit: May 09, 2009, 08:30:08 PM by Donovansrb10 »
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2220
    • The WAR Against Malware
Re: Hijack This Log - Virus?
« Reply #1 on: May 03, 2009, 06:24:37 PM »
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: PackageCab - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193516774250
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193516760546
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\MegaCool\SomethingforU\aswUpdSv.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\MegaCool\SomethingforU\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\MegaCool\SomethingforU\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\MegaCool\SomethingforU\ashWebSv.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: IMSafer (ImSaferService) - Unknown owner - C:\Documents and Settings\Lockeruper22\Desktop\IMSafer\bin\imsc.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10463 bytes
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2220
    • The WAR Against Malware
Re: Hijack This Log - Virus?
« Reply #2 on: May 03, 2009, 06:29:39 PM »
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (file missing)

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)

O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (file missing)

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)

O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (file missing)

O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\MegaCool\SomethingforU\aswUpdSv.exe (file missing)

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\MegaCool\SomethingforU\ashServ.exe (file missing)

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\MegaCool\SomethingforU\ashMaiSv.exe (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\MegaCool\SomethingforU\ashWebSv.exe (file missing)

O23 - Service: IMSafer (ImSaferService) - Unknown owner - C:\Documents and Settings\Lockeruper22\Desktop\IMSafer\bin\imsc.exe (file missing)



Should I delete those entrys?
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2220
    • The WAR Against Malware
Re: Hijack This Log - Virus?
« Reply #3 on: May 03, 2009, 07:29:04 PM »
Virus Total Results for Processes:
C:\WINDOWS\System32\smss.exe - http://www.virustotal.com/analisis/b24b8f58bf601eb7037ad2bc55f80085
C:\WINDOWS\system32\winlogon.exe - http://www.virustotal.com/analisis/395b6a3f9d00ffa42c809a5510319235
C:\WINDOWS\system32\services.exe - http://www.virustotal.com/analisis/601b5dea144d67ed69e5fda4e4373ac6
C:\WINDOWS\system32\lsass.exe - http://www.virustotal.com/analisis/fc19586863415cd7559c4b1675169ace
C:\WINDOWS\system32\svchost.exe - http://www.virustotal.com/analisis/fc19586863415cd7559c4b1675169ace
C:\WINDOWS\System32\svchost.exe - http://www.virustotal.com/analisis/fc19586863415cd7559c4b1675169ace
C:\Program Files\Windows SteadyState\SCTSvc.exe - http://www.virustotal.com/analisis/b0773a5e38dcc5bf38c0b4f837efbddc
C:\WINDOWS\system32\spoolsv.exe - http://www.virustotal.com/analisis/c623353ffecddebb7e2e198d6ab5cfb4
C:\Program Files\Bonjour\mDNSResponder.exe - http://www.virustotal.com/analisis/7332926231e69e758204964789a3397e
C:\WINDOWS\system32\inetsrv\inetinfo.exe - http://www.virustotal.com/analisis/4ed2f6c64e9d253ed11a993638429e59
C:\Program Files\Java\jre6\bin\jqs.exe - http://www.virustotal.com/analisis/9fa146046cfad76ec372850ef26d7def
C:\WINDOWS\system32\LxrJD31s.exe - http://www.virustotal.com/analisis/9848cbac9876686d387857f511c4ab89
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe - http://www.virustotal.com/analisis/369fb8a0a6660b6b10f412955e811ae8
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE - http://www.virustotal.com/analisis/552c095d55eb70cc8c5df511ef0da001
C:\WINDOWS\system32\slserv.exe - http://www.virustotal.com/analisis/191b983dc4c6dc9ee4126a25047f1856
C:\WINDOWS\system32\svchost.exe - http://www.virustotal.com/analisis/fc19586863415cd7559c4b1675169ace
C:\Program Files\UPHClean\uphclean.exe - http://www.virustotal.com/analisis/afc7028f108e4c39d211e2b15f2619e6
C:\Program Files\Viewpoint\Common\ViewpointService.exe - http://www.virustotal.com/analisis/d836cf20daeb7d4431145805282078fe
C:\WINDOWS\system32\SearchIndexer.exe - http://www.virustotal.com/analisis/c7493f695791b1698d2d3c1509c34f6d
C:\WINDOWS\Explorer.EXE - http://www.virustotal.com/analisis/0e7f807f35aa258de7c0c1f1f0d251ee
C:\Program Files\Java\jre6\bin\jusched.exe - http://www.virustotal.com/analisis/fae4af1532239422c98b697df266be28
C:\WINDOWS\system32\ctfmon.exe - http://www.virustotal.com/analisis/af4799590a20932b9142669aabd9995e
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe - http://www.virustotal.com/analisis/11389491dcb671f2ce620803af406029
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe - http://www.virustotal.com/analisis/fc4cd1196ca1231a29e2735a9454787e
C:\Program Files\internet explorer\iexplore.exe - http://www.virustotal.com/analisis/fe14b4c5e930328057bda6ca57a0d712
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe - http://www.virustotal.com/analisis/46cfef33f0f333581da7f9e3dea71b5d
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2220
    • The WAR Against Malware
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab

Why is that there? ???
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Offline CharleyO

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7085
  • Be alert for error code - ID 10T
***

Because you (or someone who used your computer) played some game from Disney ?


***
Self-built desktop (8 years old) - AMD64 3200+_Gigabyte GA-K8NS Ultra-939_4 gb RAM_GeForceFX 5800w/256 ram_XP/SP3_Avast 7_MBAM_ZA Free __and__ Toshiba Satellite Laptop_W7-64bit_ 4 gb Ram_Avast 8_MBAM

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2220
    • The WAR Against Malware
Because you (or someone who used your computer) played some game from Disney ?

 :o

Umm..... Is it ok if I delete it?
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Offline CharleyO

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7085
  • Be alert for error code - ID 10T
***

I am not sure if will effect the Disney games' playability or not.

I would leave it alone.


***
Self-built desktop (8 years old) - AMD64 3200+_Gigabyte GA-K8NS Ultra-939_4 gb RAM_GeForceFX 5800w/256 ram_XP/SP3_Avast 7_MBAM_ZA Free __and__ Toshiba Satellite Laptop_W7-64bit_ 4 gb Ram_Avast 8_MBAM

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2220
    • The WAR Against Malware
What do I do about the malware in the processes like Win32: Banker?
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2220
    • The WAR Against Malware
Did a scan with Spybot. Here is the results:

CouponBar: [SBI $EFE6495E] Class ID (Registry key, fixed)
  HKEY_CLASSES_ROOT\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}

CouponBar: [SBI $CB95FB49] Class ID (Registry key, fixed)
  HKEY_CLASSES_ROOT\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}

CouponBar: [SBI $51FE8B2E] Root class (Registry key, fixed)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cpbrkpie.Coupon6Ctrl.1

CouponBar: [SBI $51FE8B2E] Class ID (Registry key, fixing failed)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}

CouponBar: [SBI $7A5ACBCB] Interface (Registry key, fixed)
  HKEY_CLASSES_ROOT\Interface\{6E780F0B-BCD6-40CB-B2DB-7AF47AB4D4A4}

CouponBar: [SBI $7B15781E] Interface (Registry key, fixed)
  HKEY_CLASSES_ROOT\Interface\{A138BE8B-F051-4802-9A3F-A750A6D862D4}

CouponBar: [SBI $E3788A7B] Type library (Registry key, fixed)
  HKEY_CLASSES_ROOT\TypeLib\{87255C51-CD7D-4506-B9AD-97606DAF53F3}

Right Media: Tracking cookie (Internet Explorer: Donovan) (Cookie, fixed)
 

DoubleClick: Tracking cookie (Flock: Donovan (default)) (Cookie, fixed)
 


--- Spybot - Search & Destroy version: 1.6.2  (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-04-19 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-03-25 Includes\Adware.sbi (*)
2009-05-05 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-03-31 Includes\Dialer.sbi (*)
2009-05-05 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-04-21 Includes\Hijackers.sbi (*)
2009-05-05 Includes\HijackersC.sbi (*)
2009-05-06 Includes\Keyloggers.sbi (*)
2009-05-06 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-05-05 Includes\Malware.sbi (*)
2009-05-05 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-05-05 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-05-05 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-05-05 Includes\SpywareC.sbi (*)
2009-04-07 Includes\Tracks.uti
2009-04-29 Includes\Trojans.sbi (*)
2009-05-06 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2220
    • The WAR Against Malware
Re: A-Squared Found 46 Viruses!
« Reply #10 on: May 09, 2009, 04:45:17 AM »
a-squared Free - Version 4.0
Last update: 5/8/2009 6:29:13 PM

Scan settings:

Objects: Memory, Traces, Cookies, C:\, D:\, G:\
Scan archives: On
Heuristics: Off
ADS Scan: On

Scan start:   5/8/2009 6:30:49 PM

c:\program files\the weather channel fw    detected: Trace.Directory.Desktop Weather!A2
c:\program files\the weather channel fw\desktop weather    detected: Trace.Directory.Desktop Weather!A2
c:\program files\the weather channel fw\framework    detected: Trace.Directory.Desktop Weather!A2
c:\program files\the weather channel fw\desktop weather\eula.html    detected: Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\desktop weather\install.log    detected: Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\desktop weather\theweatherchannelcustomuninstall.exe    detected: Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\framework\install.log    detected: Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\framework\theweatherchannelne.exe    detected: Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\framework\theweatherchannelqc.exe    detected: Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\framework\theweatherchannelqx.exe    detected: Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\framework\theweatherchannelsetup.exe    detected: Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\framework\theweatherchannelslnchr.exe    detected: Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\framework\theweatherchannelupdate.exe    detected: Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\framework\wiseinstallutility.dll    detected: Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\framework\wxfw.cpl    detected: Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\framework\wxfw.dll    detected: Trace.File.Desktop Weather!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\The Weather Channel Desktop --> DisplayName    detected: Trace.Registry.Desktop Weather!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\The Weather Channel Desktop --> UninstallString    detected: Trace.Registry.Desktop Weather!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Freeze.com\Installer --> id    detected: Trace.Registry.EZ Game Cheats!A2
Key: HKEY_USERS\S-1-5-21-484763869-963894560-682003330-1085\software\kazaa    detected: Trace.Registry.KaZaA!A2
C:\Documents and Settings\Donovan\Cookies\donovan@247realmedia[2].txt    detected: Trace.TrackingCookie.247realmedia!A2
C:\Documents and Settings\Donovan\Cookies\donovan@2o7[2].txt    detected: Trace.TrackingCookie.2o7!A2
C:\Documents and Settings\Donovan\Cookies\donovan@bs.serving-sys[1].txt    detected: Trace.TrackingCookie.bs.serving-sys!A2
C:\Documents and Settings\Donovan\Cookies\donovan@com[2].txt    detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\Donovan\Cookies\donovan@questionmarket[2].txt    detected: Trace.TrackingCookie.questionmarket!A2
C:\Documents and Settings\Donovan\Cookies\donovan@realmedia[2].txt    detected: Trace.TrackingCookie.realmedia!A2
C:\Documents and Settings\Donovan\Cookies\donovan@rubiconproject[1].txt    detected: Trace.TrackingCookie.rub!A2
C:\Documents and Settings\Donovan\Cookies\donovan@server.iad.liveperson[2].txt    detected: Trace.TrackingCookie.server.iad.livepers!A2
C:\Documents and Settings\Donovan\Cookies\donovan@server.iad.liveperson[3].txt    detected: Trace.TrackingCookie.server.iad.livepers!A2
C:\Documents and Settings\Donovan\Cookies\donovan@serving-sys[2].txt    detected: Trace.TrackingCookie.serving-sys!A2
C:\Documents and Settings\Donovan\Cookies\donovan@smartadserver[2].txt    detected: Trace.TrackingCookie.smartadserver!A2
C:\Documents and Settings\Donovan\Cookies\donovan@specificclick[2].txt    detected: Trace.TrackingCookie.specificclick!A2
C:\Documents and Settings\Donovan\Cookies\donovan@trafficmp[1].txt    detected: Trace.TrackingCookie.trafficmp!A2
C:\Documents and Settings\Donovan\Cookies\donovan@tribalfusion[2].txt    detected: Trace.TrackingCookie.tribalfusion!A2
C:\Documents and Settings\Donovan\Application Data\Mozilla\Firefox\Profiles\fkcmylez.default\cookies.sqlite:1241658346046875    detected: Trace.TrackingCookie.webtrends!A2
C:\Documents and Settings\DCE REVOLG.DELL.000\Desktop\Make Your Own Rom\Pokemon ROM\BaseEdit.exe    detected: Trojan-Spy.Win32.VB.bs!IK
C:\Documents and Settings\DCE REVOLG.DELL.000\Desktop\Make Your Own Rom\Pokemon ROM\Bewildered.exe    detected: Trojan-Spy.Win32.VB.bs!IK
C:\Documents and Settings\DCE REVOLG.DELL.000\Desktop\Make Your Own Rom\Pokemon ROM\Spread.exe    detected: Trojan-Spy.Win32.VB.bs!IK
C:\Documents and Settings\DCE REVOLG.DELL.000\My Documents\EliteMap\BaseEdit.exe    detected: Trojan-Spy.Win32.VB.bs!IK
C:\Documents and Settings\DCE REVOLG.DELL.000\My Documents\EliteMap\Bewildered.exe    detected: Trojan-Spy.Win32.VB.bs!IK
C:\Documents and Settings\DCE REVOLG.DELL.000\My Documents\EliteMap\Spread.exe    detected: Trojan-Spy.Win32.VB.bs!IK
C:\WINDOWS\CouponPrinter.ocx    detected: Riskware.AdWare.Win32.BHO!IK
C:\_OTMoveIt\MovedFiles\04162009_162802\Program Files\MSN Messenger\msimg32.dll    detected: Riskware.AdWare.Mywebsearch!IK
D:\Pajama Sam\Catalog\demos\backyard\bb2demo.u32    detected: Trojan-Dropper.Agent!IK
D:\ReaderRabbitReading\Donovan\Catalog\demos\backyard\bb2demo.u32    detected: Trojan-Dropper.Agent!IK
G:\Program-Files\SRB2\SRB2Riders Launcher.exe    detected: Hoax.Win32.BadJoke.Formatter.d!A2

Scanned

Files:    254201
Traces:    792086
Cookies:    350
Processes:    38

Found

Files:    11
Traces:    20
Cookies:    15
Processes:    0
Registry keys:    0

Scan end:   5/8/2009 10:39:05 PM
Scan time:   4:08:16

G:\Program-Files\SRB2\SRB2Riders Launcher.exe   Quarantined Hoax.Win32.BadJoke.Formatter.d!A2
D:\Pajama Sam\Catalog\demos\backyard\bb2demo.u32   Quarantined Trojan-Dropper.Agent!IK
D:\ReaderRabbitReading\Donovan\Catalog\demos\backyard\bb2demo.u32   Quarantined Trojan-Dropper.Agent!IK
C:\_OTMoveIt\MovedFiles\04162009_162802\Program Files\MSN Messenger\msimg32.dll   Quarantined Riskware.AdWare.Mywebsearch!IK
C:\WINDOWS\CouponPrinter.ocx   Quarantined Riskware.AdWare.Win32.BHO!IK
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2220
    • The WAR Against Malware
Re: A-Squared Found 46 Viruses!
« Reply #11 on: May 09, 2009, 04:45:48 AM »
C:\Documents and Settings\DCE REVOLG.DELL.000\Desktop\Make Your Own Rom\Pokemon ROM\BaseEdit.exe   Quarantined Trojan-Spy.Win32.VB.bs!IK
C:\Documents and Settings\DCE REVOLG.DELL.000\Desktop\Make Your Own Rom\Pokemon ROM\Bewildered.exe   Quarantined Trojan-Spy.Win32.VB.bs!IK
C:\Documents and Settings\DCE REVOLG.DELL.000\Desktop\Make Your Own Rom\Pokemon ROM\Spread.exe   Quarantined Trojan-Spy.Win32.VB.bs!IK
C:\Documents and Settings\DCE REVOLG.DELL.000\My Documents\EliteMap\BaseEdit.exe   Quarantined Trojan-Spy.Win32.VB.bs!IK
C:\Documents and Settings\DCE REVOLG.DELL.000\My Documents\EliteMap\Bewildered.exe   Quarantined Trojan-Spy.Win32.VB.bs!IK
C:\Documents and Settings\DCE REVOLG.DELL.000\My Documents\EliteMap\Spread.exe   Quarantined Trojan-Spy.Win32.VB.bs!IK
C:\Documents and Settings\Donovan\Application Data\Mozilla\Firefox\Profiles\fkcmylez.default\cookies.sqlite:1241658346046875   Quarantined Trace.TrackingCookie.webtrends!A2
C:\Documents and Settings\Donovan\Cookies\donovan@tribalfusion[2].txt   Quarantined Trace.TrackingCookie.tribalfusion!A2
C:\Documents and Settings\Donovan\Cookies\donovan@trafficmp[1].txt   Quarantined Trace.TrackingCookie.trafficmp!A2
C:\Documents and Settings\Donovan\Cookies\donovan@specificclick[2].txt   Quarantined Trace.TrackingCookie.specificclick!A2
C:\Documents and Settings\Donovan\Cookies\donovan@smartadserver[2].txt   Quarantined Trace.TrackingCookie.smartadserver!A2
C:\Documents and Settings\Donovan\Cookies\donovan@serving-sys[2].txt   Quarantined Trace.TrackingCookie.serving-sys!A2
C:\Documents and Settings\Donovan\Cookies\donovan@server.iad.liveperson[2].txt   Quarantined Trace.TrackingCookie.server.iad.livepers!A2
C:\Documents and Settings\Donovan\Cookies\donovan@server.iad.liveperson[3].txt   Quarantined Trace.TrackingCookie.server.iad.livepers!A2
C:\Documents and Settings\Donovan\Cookies\donovan@rubiconproject[1].txt   Quarantined Trace.TrackingCookie.rub!A2
C:\Documents and Settings\Donovan\Cookies\donovan@realmedia[2].txt   Quarantined Trace.TrackingCookie.realmedia!A2
C:\Documents and Settings\Donovan\Cookies\donovan@questionmarket[2].txt   Quarantined Trace.TrackingCookie.questionmarket!A2
C:\Documents and Settings\Donovan\Cookies\donovan@com[2].txt   Quarantined Trace.TrackingCookie.com!A2
C:\Documents and Settings\Donovan\Cookies\donovan@bs.serving-sys[1].txt   Quarantined Trace.TrackingCookie.bs.serving-sys!A2
C:\Documents and Settings\Donovan\Cookies\donovan@2o7[2].txt   Quarantined Trace.TrackingCookie.2o7!A2
C:\Documents and Settings\Donovan\Cookies\donovan@247realmedia[2].txt   Quarantined Trace.TrackingCookie.247realmedia!A2
Key: HKEY_USERS\S-1-5-21-484763869-963894560-682003330-1085\software\kazaa   Quarantined Trace.Registry.KaZaA!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Freeze.com\Installer --> id   Quarantined Trace.Registry.EZ Game Cheats!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\The Weather Channel Desktop --> DisplayName   Quarantined Trace.Registry.Desktop Weather!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\The Weather Channel Desktop --> UninstallString   Quarantined Trace.Registry.Desktop Weather!A2
c:\program files\the weather channel fw\desktop weather\eula.html   Quarantined Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\desktop weather\install.log   Quarantined Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\desktop weather\theweatherchannelcustomuninstall.exe   Quarantined Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\framework\install.log   Quarantined Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\framework\theweatherchannelne.exe   Quarantined Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\framework\theweatherchannelqc.exe   Quarantined Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\framework\theweatherchannelqx.exe   Quarantined Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\framework\theweatherchannelsetup.exe   Quarantined Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\framework\theweatherchannelslnchr.exe   Quarantined Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\framework\theweatherchannelupdate.exe   Quarantined Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\framework\wiseinstallutility.dll   Quarantined Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\framework\wxfw.cpl   Quarantined Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw\framework\wxfw.dll   Quarantined Trace.File.Desktop Weather!A2
c:\program files\the weather channel fw   Quarantined Trace.Directory.Desktop Weather!A2
c:\program files\the weather channel fw\desktop weather   Quarantined Trace.Directory.Desktop Weather!A2
c:\program files\the weather channel fw\framework   Quarantined Trace.Directory.Desktop Weather!A2

Quarantined

Files:    11
Traces:    20
Cookies:    15
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Offline CharleyO

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7085
  • Be alert for error code - ID 10T
Re: I got loads of viruses! Help me!!!!!!!!
« Reply #12 on: May 09, 2009, 10:18:04 PM »
***

So, after running Spybot & a-squared, is your computer better now?


***
Self-built desktop (8 years old) - AMD64 3200+_Gigabyte GA-K8NS Ultra-939_4 gb RAM_GeForceFX 5800w/256 ram_XP/SP3_Avast 7_MBAM_ZA Free __and__ Toshiba Satellite Laptop_W7-64bit_ 4 gb Ram_Avast 8_MBAM

Offline Mr.Agent

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2769
  • Proud to be an avast! user.
Re: I got loads of viruses! Help me!!!!!!!!
« Reply #13 on: May 09, 2009, 10:22:04 PM »
If you feel no secure you can try SAS/MBAM for check and a Avast! boot time scan.

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2220
    • The WAR Against Malware
Re: I got loads of viruses! Help me!!!!!!!!
« Reply #14 on: May 12, 2009, 01:10:10 AM »
I opened outlook express 2007 today and got this message:
Hello,

many thanks for the delivered file.

*****   false-positive    *****

This file is a so called false-positive according to our analysis.
That means this file was detected in wrong.

Please do not delete this file! The next signature update will fix the detection and the scanner should not alert this file anymore.

If you need additional help please contact the malware experts in our
forum: http://forum.emsisoft.com


Have a nice (malware-free) day!

Your Emsi Software Analysis Team




-------------------

I'm still waiting for all the other emails...
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."