Jump to content

Spyware problem


Recommended Posts

  • Staff

OK, looks likere almost done here, just a few more files.

Same instructions as previously done with CF using script below, machine offline:

File::C:\WINDOWS\system32\mbirxekg.dllC:\WINDOWS\system32\wtobxeaa.dllC:\WINDOWS\system32\gyailght.iniC:\WINDOWS\system32\cxrxglax.exeC:\WINDOWS\system32\vturspo.dllC:\WINDOWS\system32\aifsbgrv.ini

Reboot, new CF & HJT.....

Link to post
Share on other sites

ok here the logs

ComboFix 07-11-19.3 - Fujitsu Siemens 2007-11-28 12.41.29.7 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.535 [GMT 1:00]

Executed from: C:\Documents and Settings\Fujitsu Siemens\Desktop\ComboFix(1).exe

Command switches used :: C:\Documents and Settings\Fujitsu Siemens\Desktop\CFScript.txt

* Created new Restore Point

FILE

C:\WINDOWS\system32\aifsbgrv.ini

C:\WINDOWS\system32\cxrxglax.exe

C:\WINDOWS\system32\gyailght.ini

C:\WINDOWS\system32\mbirxekg.dll

C:\WINDOWS\system32\vturspo.dll

C:\WINDOWS\system32\wtobxeaa.dll

.

((((((((((((((((((((((((((((((((((((( Other removals )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\aifsbgrv.ini

C:\WINDOWS\system32\cxrxglax.exe

C:\WINDOWS\system32\gyailght.ini

C:\WINDOWS\system32\mbirxekg.dll

C:\WINDOWS\system32\vturspo.dll

C:\WINDOWS\system32\wtobxeaa.dll

.

((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-28 )))))))))))))))))))))))))))))))))))

.

2007-11-28 11:29 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll

2007-11-26 10:13 <DIR> d-------- C:\NoLopBackups

2007-11-21 11:23 <DIR> d-------- C:\VundoFix Backups

2007-11-21 11:11 <DIR> d-------- C:\Deckard

2007-11-21 10:43 <DIR> d-------- C:\WINDOWS\ERUNT

2007-11-21 10:30 <DIR> d-------- C:\Programmi\Trend Micro

2007-11-21 09:51 403,968 --a------ C:\HijackThis.exe

2007-11-20 18:16 <DIR> d-------- C:\Downloads

2007-11-20 13:48 <DIR> d-------- C:\Programmi\ProtezionefiData

2007-11-20 13:48 <DIR> d-------- C:\Programmi\File comuni\ProtezionefiData

2007-11-20 13:48 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\ProtezionefiData

2007-11-13 00:07 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Nokia Multimedia Player

2007-11-12 22:46 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Phone Browser

2007-11-12 22:46 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Datalayer

2007-11-12 22:39 <DIR> d-------- C:\Programmi\DIFX

2007-11-12 22:38 <DIR> d-------- C:\Programmi\File comuni\Nokia

2007-11-12 22:37 <DIR> d-------- C:\Programmi\Nokia

2007-11-12 22:37 <DIR> d-------- C:\Programmi\File comuni\PCSuite

2007-11-12 22:37 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\PC Suite

2007-11-12 22:37 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\PC Suite

2007-11-12 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Downloaded Installations

2007-11-08 20:44 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy

2007-11-07 14:02 <DIR> d-------- C:\Programmi\File comuni\Application

2007-11-06 15:09 <DIR> d-------- C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\.clamwin

2007-11-06 15:08 <DIR> d-------- C:\Documents and Settings\All Users\.clamwin

2007-10-30 11:36 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Yahoo!

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-28 11:44 --------- d-----w C:\Programmi\RSSoft

2007-11-27 17:32 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\MegauploadToolbar

2007-11-25 23:05 --------- d-----w C:\Programmi\FlashGet

2007-11-24 21:33 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Vso

2007-11-19 22:31 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Metacafe

2007-11-19 22:31 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Metacafe

2007-11-07 19:43 --------- d-----w C:\Programmi\MSN Messenger

2007-11-06 20:10 --------- d--h--w C:\Programmi\InstallShield Installation Information

2007-11-06 20:10 --------- d-----w C:\Programmi\ATI Technologies

2007-11-06 14:10 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\.clamwin

2007-11-06 12:13 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\avg7

2007-11-05 14:35 --------- d-----w C:\Programmi\MediaCoder

2007-10-30 21:14 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Yahoo! Companion

2007-10-30 10:35 --------- d-----w C:\Programmi\Yahoo!

2007-10-25 21:38 --------- d-----w C:\Programmi\SWFPlayer

2007-10-25 14:48 --------- d-----w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\Azureus

2007-10-20 11:26 --------- d-----w C:\Programmi\SuperAVConverter

2007-10-07 11:54 --------- d-----w C:\Programmi\Java

2007-09-21 13:13 43,640 ----a-w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\GDIPFONTCACHEV1.DAT

2007-08-30 21:24 186 ----a-w C:\Documents and Settings\Fujitsu Siemens\Dati applicazioni\wklnhst.dat

2007-06-11 10:41 3,655,608 ----a-w C:\Programmi\FLV PlayerRCATSetup.exe

2007-06-11 10:41 25,990,392 ----a-w C:\Programmi\FLV PlayerRCSetup.exe

2007-02-08 19:31 13,195 ----a-w C:\Documents and Settings\Fujitsu Siemens\zguicfgw.dat

2005-10-07 17:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll

2005-07-14 10:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll

.

((((((((((((((((((((((((((((( snapshot@2007-11-21_23.15.50.92 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-02-22 22:41:12 304,544 ----a-w C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll

+ 2007-02-28 13:21:04 131,472 ----a-w C:\WINDOWS\Downloaded Program Files\msgrchkr.dll

- 2007-03-13 09:57:10 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE

+ 2007-03-13 09:57:10 174,080 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE

- 2007-11-21 22:14:15 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

+ 2007-11-28 11:46:49 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

- 2007-11-21 22:14:15 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat

+ 2007-11-28 11:46:49 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat

- 2007-11-21 22:14:15 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat

+ 2007-11-28 11:46:49 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat

+ 2005-04-07 18:47:16 58,536 ---ha-w C:\WINDOWS\system32\lssas.exe

.

((((((((((((((((((((((((((((((((((((( Points Reg Uploaded ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty values & legitimate / default are not displayed.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{355B9837-EB83-4884-ABE3-ED4384710DF0}]

C:\WINDOWS\system32\geedc.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 13:00]

"NBJ"="C:\Programmi\Ahead\Nero BackItUp\NBJ.exe" []

"FAST Defrag"="" []

"BitTorrent"="C:\Programmi\BitTorrent\bittorrent.exe" [2006-11-01 01:34]

"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 20:22]

"SweetIM"="C:\Programmi\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 15:53]

"StartCCC"="C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35]

"Yahoo! Pager"="~C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" []

"igfxsvc"="C:\WINDOWS\system32\igfxsvc.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]

"ccApp"="C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2005-05-09 16:57]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]

"Easy-PrintToolBox"="C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10]

"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2006-02-23 15:45]

"ShowIcon_The Company_USB Flash HDD Series Driver v1.17r022"="C:\Programmi\PD\shwicon.exe" [2003-01-27 16:20]

"SoundMAXPnP"="C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11]

"SoundMAX"="C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 13:41]

"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2006-12-08 21:41]

"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57]

"LanguageShortcut"="C:\Programmi\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 11:29]

"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-06-03 13:42]

"Red Swoosh"="C:\Programmi\RSSoft\RedSwoosh.exe" [2006-08-14 22:47]

"YeppStudioAgent"="C:\Programmi\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [2005-10-11 11:11]

"DAEMON Tools"="C:\Programmi\DAEMON Tools\daemon.exe" [2005-12-10 15:57]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-04-18 07:48]

"ClamWin"="Z:\Programmi\ClamWin\bin\ClamTray.exe" []

"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05]

"spywarefighterguard"="D:\Programmi\spftray.exe" [2007-06-08 11:52]

"PCSuiteTrayApplication"="D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36]

"Adobe Photo Downloader"="D:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-07 18:41]

"Windows Explorer"="C:\WINDOWS\system32\explorer.exe" []

"405ff918"="C:\WINDOWS\system32\wtobxeaa.dll" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 13:00]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-04-18 07:48]

C:\Documents and Settings\Fujitsu Siemens\Menu Avvio\Programmi\Esecuzione automatica\

Adobe Gamma.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50]

Metacafe.lnk - C:\Programmi\Metacafe\MetacafeAgent.exe [2007-02-22 00:43:46]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\

Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2007-01-20 13:10:36]

Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]

BitDefender for MSN Messenger.lnk - C:\Programmi\Softwin\BitDefender for MSN Messenger\msnmon.exe~ [2007-04-01 08:34:45]

BitDefender_P2P_Startup.lnk - C:\WINDOWS\BitDefender_P2P_Startup.exe [2007-04-01 08:34:45]

Metacafe.lnk - C:\Programmi\Metacafe\MetacafeAgent.exe [2007-02-22 00:43:46]

Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fcuujcjn]

fcuujcjn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igaohzao]

igaohzao.dll

R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe -k NetworkService

R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys

R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys

R3 usbstor;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

S3 cusbohcn;cusbohcn;\??\C:\DOCUME~1\FUJITS~1\IMPOST~1\Temp\cusbohcn.sys

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe

S3 FreshIO;FreshIO;\??\C:\Programmi\FreshDevices\FreshDiagnose\FreshIO.sys

S3 OSCI_DRVNT;OSCI_DRVNT;\??\C:\WINDOWS\System32\Drivers\OSCI_DRVNT.sys

S3 SIVDRIVER;SIV Kernel Driver;\??\C:\WINDOWS\system32\Drivers\SIVX32.sys

S3 SpyFighter;SpyFighter Guard Device;\??\D:\Programmi\spyfighter.sys

S3 tbhsd;Tunebite High-Speed Dubbing;C:\WINDOWS\system32\drivers\tbhsd.sys

S3 Useless;Absolutely Useless LED Keyboard Control;\??\Z:\Programmi\KEngine\Dll\Useless.sys

Start Pending3 SPYWAREfighterRP;SPYWAREfighterRP;"D:\Programmi\spfprc.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\Shell\AutoRun\command - E:\autorun.exe

.

**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-28 12:47:23

Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:

ZwOpenFile

Scanning processes hidden ...

Scanning autostart entries hidden ...

Scanning files hidden ...

Scanning completed successfully

Hidden Files: 0

**************************************************************************

.

End Time scan: 2007-11-28 12:50:00 - machine was rebooted

C:\ComboFix2.txt ... 2007-11-27 19:00

C:\ComboFix3.txt ... 2007-11-26 10:09

.

--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13.01.24, on 28/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programmi\File comuni\Symantec Shared\ccProxy.exe

C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe

C:\Programmi\CyberLink\Shared files\RichVideo.exe

C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe

C:\Programmi\File comuni\Symantec Shared\ccApp.exe

C:\Programmi\iTunes\iTunesHelper.exe

C:\Programmi\PD\shwicon.exe

C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Programmi\Analog Devices\SoundMAX\Smax4.exe

C:\Programmi\File comuni\Real\Update_OB\realsched.exe

C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe

C:\Programmi\RSSoft\RedSwoosh.exe

C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Programmi\iPod\bin\iPodService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\Macrogaming\SweetIM\SweetIM.exe

C:\WINDOWS\system32\wscntfy.exe

D:\Programmi\spfprc.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe

C:\Programmi\Mozilla Firefox\firefox.exe

C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: GigagetIEHelper Class - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll

O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: (no name) - {355B9837-EB83-4884-ABE3-ED4384710DF0} - C:\WINDOWS\system32\geedc.dll (file missing)

O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)

O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programmi\Megaupload\Mega Manager\MegaIEMn.dll

O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [showIcon_The Company_USB Flash HDD Series Driver v1.17r022] C:\Programmi\PD\shwicon.exe -t"The Company\USB Flash HDD Series Driver v1.17r022"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Red Swoosh] C:\Programmi\RSSoft\RedSwoosh.exe /S

O4 - HKLM\..\Run: [YeppStudioAgent] C:\Programmi\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [ClamWin] Z:\Programmi\ClamWin\bin\ClamTray.exe --logon

O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [spywarefighterguard] D:\Programmi\spftray.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\system32\explorer.exe

O4 - HKLM\..\Run: [405ff918] rundll32.exe "C:\WINDOWS\system32\wtobxeaa.dll",b

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [bitTorrent] "C:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [sweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe

O4 - HKCU\..\Run: [startCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [igfxsvc] C:\WINDOWS\system32\igfxsvc.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Metacafe.lnk = C:\Programmi\Metacafe\MetacafeAgent.exe

O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe

O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BitDefender for MSN Messenger.lnk = ?

O4 - Global Startup: BitDefender_P2P_Startup.lnk = C:\WINDOWS\BitDefender_P2P_Startup.exe

O4 - Global Startup: Metacafe.lnk = C:\Programmi\Metacafe\MetacafeAgent.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download All by Gigaget - C:\Programmi\Giganology\Gigaget\getallurl.htm

O8 - Extra context menu item: &Download by Gigaget - C:\Programmi\Giganology\Gigaget\geturl.htm

O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm

O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm

O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Programmi\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm

O8 - Extra context menu item: Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm

O8 - Extra context menu item: Stampa ad alta velocit

Link to post
Share on other sites

  • Staff

OK, we need to get an online scan.

Kaspersky Online Scanner

Click on Kaspersky Online Scanner icon.

Accept the Kaspersky agreement and the program will load.

You will then be prompted to install an ActiveX component from Kaspersky, click Yes

The program will then begin downloading the latest definition files. This will take a good while, even with hi-speed Internet access.

Once the files have been downloaded click on Next

Now click on [Scan Settings] button.

In the scan settings make sure that the following are selected:

  • Scan using the following Anti-Virus database:
  • Extended (if available otherwise Standard)
  • Scan Options:
    Scan Archives
    Scan Mail Bases

Click OK

Now under the Please select a target to scan:

Select My Computer

The program will begin the scanning process.

The scan will take a while so be patient and let it run.

Once the scan is complete it will display if your system has been infected.

Then click on the [Save as Text] button

Save the file to your desktop.

Copy and paste that information in your next post for me to review.

Then Open Hijackthis, select the [Do a system scan only] button and look over the following entries I have listed, check the boxes [] next to them and press the [Fix Checked] button. When you are doing this, make sure you have No IE windows, nor any other browsers open, including this one. Reboot if I have specified below, and post a fresh HijackThis log.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

O2 - BHO: (no name) - {355B9837-EB83-4884-ABE3-ED4384710DF0} - C:\WINDOWS\system32\geedc.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [Red Swoosh] C:\Programmi\RSSoft\RedSwoosh.exe /S

O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\system32\explorer.exe

O4 - HKLM\..\Run: [405ff918] rundll32.exe "C:\WINDOWS\system32\wtobxeaa.dll",b

O20 - Winlogon Notify: fcuujcjn - fcuujcjn.dll (file missing)

O20 - Winlogon Notify: igaohzao - igaohzao.dll (file missing)

Reboot post new HJT log along with KAV scan please.

Link to post
Share on other sites

damn the kaspersky scanner has found 2700 and more infected objects O_O(i'll hosting that because it was very long)however lately my pc works very good with no spyware or pop-ups windows and it's a bit faster than before ^^

the kaspersky.txt is here http://www.fileshost.com/en/file/18980/kaspersky-txt.html

and this is the hijackthis log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13.10.58, on 29/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Programmi\File comuni\Symantec Shared\ccProxy.exe

C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe

C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe

C:\Programmi\CyberLink\Shared files\RichVideo.exe

C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe

C:\Programmi\File comuni\Symantec Shared\ccApp.exe

C:\Programmi\iTunes\iTunesHelper.exe

C:\Programmi\PD\shwicon.exe

C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Programmi\Analog Devices\SoundMAX\Smax4.exe

C:\Programmi\File comuni\Real\Update_OB\realsched.exe

C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe

C:\Programmi\iPod\bin\iPodService.exe

C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\Macrogaming\SweetIM\SweetIM.exe

D:\Programmi\spfprc.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: GigagetIEHelper Class - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll

O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)

O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programmi\Megaupload\Mega Manager\MegaIEMn.dll

O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [showIcon_The Company_USB Flash HDD Series Driver v1.17r022] C:\Programmi\PD\shwicon.exe -t"The Company\USB Flash HDD Series Driver v1.17r022"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [YeppStudioAgent] C:\Programmi\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [ClamWin] Z:\Programmi\ClamWin\bin\ClamTray.exe --logon

O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [spywarefighterguard] D:\Programmi\spftray.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [bitTorrent] "C:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [sweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe

O4 - HKCU\..\Run: [startCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [igfxsvc] C:\WINDOWS\system32\igfxsvc.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Metacafe.lnk = C:\Programmi\Metacafe\MetacafeAgent.exe

O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe

O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BitDefender for MSN Messenger.lnk = ?

O4 - Global Startup: BitDefender_P2P_Startup.lnk = C:\WINDOWS\BitDefender_P2P_Startup.exe

O4 - Global Startup: Metacafe.lnk = C:\Programmi\Metacafe\MetacafeAgent.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download All by Gigaget - C:\Programmi\Giganology\Gigaget\getallurl.htm

O8 - Extra context menu item: &Download by Gigaget - C:\Programmi\Giganology\Gigaget\geturl.htm

O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm

O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm

O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Programmi\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm

O8 - Extra context menu item: Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm

O8 - Extra context menu item: Stampa ad alta velocit

Link to post
Share on other sites

  • Staff

Well my suspicions were well founded.

The infection you have, Virut as identified by KAV is an irremovable\repairable infection. It can also have a backdoor component which can allowed an unknown attacker use your machine for whatever purposes they want.

There is no fix work around or anything you can do to remove it. Your only option is to reformat the drive. You cannot save any programs what so ever as they are all going to be infected. You can only save photos, videos and documents.

You also have file sharing enabled, so anyone else is at risk of being infected if they are not already. I would immediately advise those friends of yours of this problem.

I wish I had better news, especially since you have spent so much time and effort in removing things.

If you need any links to assist with a reformat and re-install let me know.

Link to post
Share on other sites

  • Staff

This infection also hits all drives on the system so anything contained on those other drives is affected and need to be wiped and reformatted as well.

And in looking at some of the files I see a keygen which generally indicates some sort of cracked or pirated software a likely source for your infection.

You would do well to steer clear of these products in the future.

Link to post
Share on other sites

  • Staff

If you're on a home network, where you have other PCs connected and file sharing enabled, those PCs are at risk. Being on the Net will only allow the possible attacker to continue controlling things, if that is what has happened.

Only recourse is reformat, nothing can be saved in the way of programs, only what I mentioned previously

Link to post
Share on other sites

Huge thanks to TeMerc for stepping in here. It is greatly appreciated and welcome anytime.

The fixes used in this topic are for this machine only and should not be applied to yours. If you need assistance open your own topic and someone will be happy to help.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.