I got the bug! intervalhehehe

[xrayrollins]

Hey folks,

I downloaded that bad winrar and I'm sick with intervalhehehe. Before I go to the doctor for some major drugs, I thought I'd ask you first.

I can't access Google, Myspace, or Facebook among others.

Here are my logs. Heeelp! Thanks, Chris

Malwarebytes' Anti-Malware 1.30

Database version: 1452

Windows 6.0.6001 Service Pack 1

12/2/2008 7:32:44 PM

mbam-log-2008-12-02 (19-32-44).txt

Scan type: Quick Scan

Objects scanned: 42701

Time elapsed: 1 minute(s), 11 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-12-03 08:07:47

PROTECTIONS: 1

MALWARE: 1

SUSPECTS: 1

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

Norton Internet Security 15.5.0.23 Yes Yes

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

02083437 Generic Malware Virus/Trojan No 0 Yes Yes C:\Users\Chris\Pictures\p\office\Extras\MathType 5.1\mtype_v5_1_keygen.exe

02083437 Generic Malware Virus/Trojan No 0 Yes Yes C:\Users\Chris\Desktop\p\office\Extras\MathType 5.1\mtype_v5_1_keygen.exe

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location h

e

C5

;===============================================================================

================================================================================

=

===================

Yes C:\Users\Chris\AppData\Local\Temp\IXP000.TMP\explore.exe h

e

C5

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description h

e

C5

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:33:16 PM, on 12/2/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\BitComet\BitComet.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Arovax AntiSpyware\ArovaxAntiSpyware.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Users\Chris\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=

O1 - Hosts: 61.157.217.210 www.yahoo.com

O1 - Hosts: 61.157.217.210 www.google.com

O1 - Hosts: 61.157.217.210 www.google.co.uk

O1 - Hosts: 61.157.217.210 www.myspace.com

O1 - Hosts: 61.157.217.210 www.youtube.com

O1 - Hosts: 61.157.217.210 www.facebook.com

O1 - Hosts: 61.157.217.210 www.antispy.com

O1 - Hosts: 61.157.217.210 www.yahoo.com

O1 - Hosts: 61.157.217.210 www.yahoo.co.uk

O1 - Hosts: 61.157.217.210 www.antispyware.com

O1 - Hosts: 61.157.217.210 antispyware.com

O1 - Hosts: 61.157.217.210 antispy.com

O1 - Hosts: 61.157.217.210 www.msn.com

O1 - Hosts: 123.251.143.110 www.asdfasdfd.com

O1 - Hosts: 123.251.143.110 www.gg.com

O1 - Hosts: 123.251.143.110 www.ghfhj.com

O1 - Hosts: 123.251.143.110 www.cvnbcvnb.com

O1 - Hosts: 123.251.143.110 www.1.com

O1 - Hosts: 123.251.143.110 www.3.com

O1 - Hosts: 123.251.143.110 www.asdf4asdfd.com

O1 - Hosts: 123.251.143.110 www.asdfawsdfd.com

O1 - Hosts: 123.251.143.110 www.asdfatsdfd.com

O1 - Hosts: 123.251.143.110 www.asdfasdfd.com

O1 - Hosts: 123.251.143.110 www.asdfadsdfd.com

O1 - Hosts: 123.251.143.110 www.asdfasdfd.com

O1 - Hosts: 123.251.143.110 www.asdfafsdfd.com

O1 - Hosts: 123.251.143.110 www.asdfasdfd.com

O1 - Hosts: 123.251.143.110 www.asdfagsdfd.com

O1 - Hosts: 123.251.143.110 www.asdfasgdfd.com

O1 - Hosts: 123.251.143.110 www.asdfasdhfd.com

O1 - Hosts: 123.251.143.110 www.asdfasdfjd.com

O1 - Hosts: 123.251.143.110 www.asdfasdfkd.com

O1 - Hosts: 123.251.143.110 www.asdfasdfld.com

O1 - Hosts: 123.251.143.110 www.asdfasdf,d.com

O1 - Hosts: 123.251.143.110 www.asxdfasdfd.com

O1 - Hosts: 123.251.143.110 www.asdzfasdfd.com

O1 - Hosts: 123.251.143.110 www.asdcfasdfd.com

O1 - Hosts: 123.251.143.110 www.asdfvasdfd.com

O1 - Hosts: 123.251.143.110 www.asdfabsdfd.com

O1 - Hosts: 123.251.143.110 www.asdfasndfd.com

O1 - Hosts: 123.251.143.110 www.asdfasdmfd.com

O1 - Hosts: 123.251.143.110 www.asdfasdfd.com

O1 - Hosts: 123.251.143.110 www.11asdfasdfd.com

O1 - Hosts: 123.251.143.110 www.as222dfasdfd.com

O1 - Hosts: 123.251.143.110 www.asdfa33sdfd.com

O1 - Hosts: 123.251.143.110 www.asdfasd44fd.com

O1 - Hosts: 123.251.143.110 www.asdfasdfd5.com

O1 - Hosts: 123.251.143.110 www.as66dfasdfd.com

O1 - Hosts: 123.251.143.110 www.asdf77asdfd.com

O1 - Hosts: 123.251.143.110 www.asdf8asdfd.com

O1 - Hosts: 123.251.143.110 www.asdf9asdfd.com

O1 - Hosts: 123.251.143.110 www.asdf0asdfd.com

O1 - Hosts: 123.251.143.110 www.asdf-asdfd.com

O1 - Hosts: 123.251.143.110 www.aqqsdfasdfd.com

O1 - Hosts: 123.251.143.110 www.aswwdfasdfd.com

O1 - Hosts: 123.16.197.121 www.asdhhfasdfdyy.com

O1 - Hosts: 61.157.217.210 www.live.com

O1 - Hosts: 123.251.143.110 www.asdwwwfasdfd.com

O1 - Hosts: 123.251.143.110 www.asdfeasdfd.com

O1 - Hosts: 123.251.143.110 www.asdfrrasdfd.com

O1 - Hosts: 123.251.143.110 www.asdfttasdfd.com

O1 - Hosts: 123.251.143.110 www.asdfyyasdfd.com

O1 - Hosts: 123.251.143.110 www.asdfuuuasdfd.com

O1 - Hosts: 123.251.143.110 www.asdfaiisdfd.com

O1 - Hosts: 123.251.143.110 www.asdfaoosdfd.com

O1 - Hosts: 123.251.143.110 www.asdfappsdfd.com

O1 - Hosts: 123.251.143.110 www.asdfasssdfd.com

O1 - Hosts: 123.251.143.110 www.aswwdfasdfd.com

O1 - Hosts: 123.251.143.110 www.asdeefasdfd.com

O1 - Hosts: 123.251.143.110 www.asdfffasdfd.com

O1 - Hosts: 123.251.143.110 www.asdfavvvsdfd.com

O1 - Hosts: 123.251.143.110 www.asnnndfasdfd.com

O1 - Hosts: 123.251.143.110 www.asdmmmfasdfd.com

O1 - Hosts: 123.251.143.110 www.asdfaffsdfd.com

O1 - Hosts: 123.251.143.110 www.asdhhfasdfd.com

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.2.8.7.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [Arovax AntiSpyware] C:\Program Files (x86)\Arovax AntiSpyware\arovaxantispyware.exe /s

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - (no file)

O13 - Gopher Prefix:

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 13238 bytes

[Hank52]

Sorry to hear you got Infected. This Link should have the Steps to removing the Bugger.

First of all. Uninstall Winrar, then follow the Instructions of Poster #7 using Spybot Search & Destroy in Safe Mode.

http://answers.yahoo.com/question/index?qi...28095501AAo2iun

Spybot Search & Destroy

http://www.safer-networking.org/en/spybotsd/index.html

Good luck.

Ken:

[exile360]

If that doesn't get rid of it an you want to make sure you're not still infected with something else please read the instructions here: http://www.malwarebytes.org/forums/index.php?showtopic=2936 and post your logs in a new topic here: http://www.malwarebytes.org/forums/index.php?showforum=7

Please be sure not to install any software or use any removal/scanning tools exept those that you are instructed to by the expert who will be assisting you as doing so can make their job much more difficult. I hope I was helpful. Good luck and safe surfing.