snuckinsnow Posted January 2, 2010 ID:178737 Share Posted January 2, 2010 I am making and editing films on my computer, films for special projects. (I am not talking about films downloded from Pirate Bay or such)Whatever the case, folders containing complete films with .vob files in TS_VIDEO folders are getting attacked from time to time. When I start up the computer, I find that either the files in the folder containing complete films are deleted, and sometimes it happen that the whole folder is gone. Furthermore, it seems its only folders containing .vob files that are attacked...Anyone having experience of this? Anyone who can give me hints on how to get further with this? I have done a HiJackThis search and I enclose the file here.I would greatly appreciate any help, since this malware has destroyed many work-hours for me!1000 thank in advance, and Happy New Year 2010!-stuckinsnow (we got 30 cm tonight!) Ooops, I was not permitted to upload a .txt file with this post (!) I copy the text from that file here, instead:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:47:04, on 2010-01-02Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\PROGRA~1\AVG\AVG9\avgtray.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\Samsung\PanelMgr\SSMMgr.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\AVG\AVG9\avgnsx.exeC:\Program Files\Common Files\Protexis\License Service\PsiService_2.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgemc.exeC:\Program Files\Skype\Plugin Manager\skypePM.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\dllhost.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\Lavasoft\Ad-Aware\AAWTray.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Java\jre6\bin\java.exeC:\Program Files\PC Inspector File Recovery\filerecovery.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ssf.scout.se/epieditR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dllO2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dllO2 - BHO: Java Link to post Share on other sites More sharing options...
Staff screen317 Posted January 23, 2010 Staff ID:187977 Share Posted January 23, 2010 Hi and welcome to Malwarebytes.Do you still need help? Link to post Share on other sites More sharing options...
Staff screen317 Posted February 3, 2010 Staff ID:193753 Share Posted February 3, 2010 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts