Nilz Posted April 12, 2009 ID:72593 Share Posted April 12, 2009 HiI'm having trouble with my computer since friday. I've downloaded a program with apperently some virus/malware on it. I've scanned with spybot, mbam, avg. they can delete some files but if I scan moments later they just pop up again (the delete ones).If I try to download something via ie, firefox, ..., it says "Your current security settings do not allow this file to be downloaded"So I can't download or open pages on the internet that aren't direct (ex if you are on a site and it links you to another site)the programs also found virtumonde.sdn, coolWWWsearch, windel, ... and also reader_s.exe which is the biggest one I guess because I can't delete it.How could I get rid of this? I'll post my hjiackthis log, if you need something else just ask.ThanksLogfile of HijackThis v1.99.1Scan saved at 10:02:28, on 12-04-2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\AVG\avgtray.exeC:\PROGRA~1\AVG\avgwdsvc.exeC:\Program Files\Malwarebytes Anti-Malware\mbamservice.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\PnkBstrB.exeC:\PROGRA~1\AVG\avgemc.exeC:\PROGRA~1\AVG\avgrsx.exeC:\PROGRA~1\AVG\avgnsx.exeC:\Program Files\AVG\avgcsrvx.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\TEMP\BN2.tmpC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\hijackthis_199\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.pandora.be:8080R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = KoppelingenO2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dllO4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\avgtray.exeO4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes Anti-Malware\mbamgui.exe" /starttrayO4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\TEMP\BN2.tmpO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dllO11 - Options group: [iNTERNATIONAL] International*O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cabO16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1225915350203O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\avgpp.dllO20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\avgemc.exeO23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\avgwdsvc.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exeO23 - Service: Automatische updates (wuauserv) - Unknown owner - %fystemroot%\system32\svchost.exe (file missing) Link to post Share on other sites More sharing options...
Staff miekiemoes Posted April 13, 2009 Staff ID:72795 Share Posted April 13, 2009 Hi,I have bad news for you I see you're dealing with Virut on top of the other nasty malware you are dealing with. In that case, it's unfortunately a lost case - Game over situation and a format and reinstall is the fastest and especially the safest solution.You may want to read this why:Virut and other File infectors - Throwing in the Towel? So, I suggest you to start backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files...This because these files may be infected as well. If you back them up and replace them afterwards, it will infect your computer again.Read here for instructions how to format and reinstall Windows: http://web.mit.edu/ist/products/winxp/adva...all-format.html Link to post Share on other sites More sharing options...
Staff miekiemoes Posted April 20, 2009 Staff ID:74665 Share Posted April 20, 2009 Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.Everyone else please begin a New Topic. Link to post Share on other sites More sharing options...
Recommended Posts