Jump to content
VansFannel

HackTool App/Psexec-Gen and a Bullet Proof Software Spyware

Recommended Posts

Hello.

I have a Windows XP Pro SP3 with several problems:

* I cannot accede to http: // es.mcafee.com from Firefox or Internet Explorer.

* I cannot update the antivirus Mcafee. In addition, before its icon appears close to the clock on the task bar and now it does not appear.

* On having looked for something in google in the Firefox, some links open windows with porn and mobiles. In Internet Explorer it works well.

* The Firefox crushes when you sail with it (version 3.0.8).

* Emulate also crushes on having executed.

* Spyboot Search and destroy does not find anything.

* Mcafee has not found anything (one week ago had the virus of the double tilde that it could erease).

* SuperAntiSpyware does not find anything.

* Malwarebytes ' Anti-Malware does not find anything either.

* WebRoot finds a HackTool App/Psexec-Gen and a Bullet Proof Software Spyware but since I do not have a subscription cannot eliminate them.

I can't open Mcafee's page from the fail-safe mode with network's funtions.

HitJack log is this:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:50:35, on 02/04/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\Archivos de programa\Webroot\WebrootSecurity\WRConsumerService .exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\cisvc.exe

C:\Archivos de programa\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Archivos de programa\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Archivos de programa\CyberLink\Shared files\RichVideo.exe

C:\Archivos de programa\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\Archivos de programa\Webroot\WebrootSecurity\SpySweeper.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Archivos de programa\Creative\SBLive\AudioHQ\AHQTBU.EXE

C:\Archivos de programa\ASUS\AI Suite\AiNap\AiNap.exe

C:\Archivos de programa\Winamp\winampa.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Archivos de programa\Microsoft IntelliType Pro\itype.exe

C:\Archivos de programa\Microsoft IntelliPoint\ipoint.exe

C:\Archivos de programa\Lavasoft\Ad-Aware\AAWTray.exe

C:\Archivos de programa\Webroot\WebrootSecurity\SpySweeperUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Archivos de programa\Archivos comunes\Nero\Lib\NMBgMonitor.exe

C:\Archivos de programa\Microsoft ActiveSync\wcescomm.exe

D:\Programas\Spyware\Spybot - Search & Destroy\TeaTimer.exe

C:\Archivos de programa\Archivos comunes\Nero\Lib\NMIndexingService.exe

C:\ARCHIV~1\MI3AA1~1\rapimgr.exe

C:\Archivos de programa\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

C:\Archivos de programa\Archivos comunes\Nero\Lib\NMIndexStoreSvr.exe

C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\explorer.exe

C:\Archivos de programa\Mozilla Firefox\firefox.exe

C:\Archivos de programa\virus\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = V

Share this post


Link to post
Share on other sites

Hi,

Please ignore Webroots detection - it's detecting a commandline tool which is used in many removal tools.

First of all, please update MalwareBytes.

  • Start MalwareBytes and click the Update tab. There click "Check for updates"
  • Once the updates are downloaded, perform a full scan again.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log, then we'll proceed from there with new steps.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Share this post


Link to post
Share on other sites

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.

If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.