System Security 2009 Virus

View previous topic View next topic Go down

System Security 2009 Virus

Post by buzzyboy on 26th June 2009, 10:14 pm

I can't install anything, run any programs, every time I try to it tells me it's infected. I'm not sure what I can do. :/

buzzyboy
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2009-06-26
OS OS : Windows XP SP2
Points Points : 27216
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 Virus

Post by Belahzur on 27th June 2009, 1:33 am

Hello.
Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • First, right click the installer and rename it.
  • The file should be called HJTInstall.exe on your Desktop, so remove HJTInstall and type Winlogon and see if it will run now it's renamed.
  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security 2009 Virus

Post by buzzyboy on 27th June 2009, 9:40 am

[You must be registered and logged in to see this link.] wrote:Hello.
Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • First, right click the installer and rename it.
  • The file should be called HJTInstall.exe on your Desktop, so remove HJTInstall and type Winlogon and see if it will run now it's renamed.
  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.

I was able to install it. But I'm not able to run it. :/
I couldn't even get to the user agreement thing. It just tells me "HiJackThis.exe" is infected on the System Security virus.

buzzyboy
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2009-06-26
OS OS : Windows XP SP2
Points Points : 27216
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 Virus

Post by buzzyboy on 27th June 2009, 10:06 am

I was able to run it on a different user account, not sure if it'll help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:04:42 AM, on 6/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
H:\WINDOWS\Explorer.EXE
H:\Program Files\TortoiseSVN\bin\TSVNCache.exe
H:\Program Files\AIM6\aim6.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\AIM6\aolsoftware.exe
H:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
H:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
H:\Program Files\Trend Micro\HijackThis\Winlogon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - H:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: (no name) - {3708018c-322e-be0b-21e4-67d87ba64cf4} - (no file)
O2 - BHO: bignetdaddy - {75df2afd-67cb-1e07-92d9-2e8af02f18bf} - H:\WINDOWS\system32\nsg34DA.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - H:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - H:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - H:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - H:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [System Driver] C:\windows\system\programas\two.bat
O4 - HKLM\..\Run: [17298674] H:\Documents and Settings\All Users\Application Data\17298674\17298674.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] H:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - Global Startup: HP Digital Imaging Monitor.lnk = H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Linksys EasyLink Advisor.lnk = H:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - H:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - H:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - H:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - H:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: h:\windows\system32\nwprovau.dll
O11 - Options group: [java_sun] Java (Sun)
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - H:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{49A0329B-F518-42C8-A172-95BFEC732CAE}: NameServer = 68.238.64.12,68.238.96.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{49A0329B-F518-42C8-A172-95BFEC732CAE}: NameServer = 68.105.28.12,68.105.29.12
O17 - HKLM\System\CS2\Services\Tcpip\..\{49A0329B-F518-42C8-A172-95BFEC732CAE}: NameServer = 68.238.64.12,68.238.96.12
O17 - HKLM\System\CS3\Services\Tcpip\..\{49A0329B-F518-42C8-A172-95BFEC732CAE}: NameServer = 68.238.64.12,68.238.96.12
O17 - HKLM\System\CS4\Services\Tcpip\..\{49A0329B-F518-42C8-A172-95BFEC732CAE}: NameServer = 68.238.64.12,68.238.96.12
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - H:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O18 - Protocol: x-wpexpert - {382E05AF-964B-41CE-B2B5-ED0BF48013C0} - (no file)
O20 - AppInit_DLLs: c:\progra~1\Manson\liser.dll
O20 - Winlogon Notify: !SABWinLogon - H:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O20 - Winlogon Notify: Antiwpa - H:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Norton 2009 Reset (.norton2009Reset) - Unknown owner - H:\Documents and Settings\All Users\Application Data\Norton\Norton2009Reset.exe
O23 - Service: Adobe Active File Monitor V7 (adobeactivefilemonitor7.0) - Adobe Systems Incorporated - H:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apache2.2 - Apache Software Foundation - H:\xampp\apache\bin\apache.exe
O23 - Service: Apple Mobile Device - Apple Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DNSexit - Unknown owner - H:\Program Files\DNSexit IP Updater\dnsexit_srv.exe
O23 - Service: FLEXnet Licensing Service (flexnet licensing service) - Macrovision Europe Ltd. - H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - H:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: id6rjs4r64j6a7io8jkswhvv80 - Unknown owner - H:\WINDOWS\id6rjs4r64j6a7io8jkswhvv81.exe
O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - H:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - H:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: Macromedia Licensing Service (macromedia licensing service) - Unknown owner - H:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Ms-java - Unknown owner - H:\WINDOWS\system32\system\ms-java.exe (file missing)
O23 - Service: mysql - Unknown owner - H:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - H:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Norton Internet Security - Symantec Corporation - H:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - H:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: sopidkc Service (sopidkc) - Elecard Lt - H:\WINDOWS\system32\sopidkc.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - H:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - H:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - H:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 8522 bytes

buzzyboy
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2009-06-26
OS OS : Windows XP SP2
Points Points : 27216
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 Virus

Post by buzzyboy on 27th June 2009, 10:33 am

Seems I managed to get it working. Here it is on the admin account:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:27:33 AM, on 6/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\svchost.exe
H:\Documents and Settings\All Users\Application Data\17298674\17298674.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\Trend Micro\HijackThis\Winlogon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - H:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - H:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: (no name) - {3708018c-322e-be0b-21e4-67d87ba64cf4} - (no file)
O2 - BHO: bignetdaddy - {75df2afd-67cb-1e07-92d9-2e8af02f18bf} - H:\WINDOWS\system32\nsg34DA.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - H:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - H:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - H:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - H:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [System Driver] C:\windows\system\programas\two.bat
O4 - HKLM\..\Run: [17298674] H:\Documents and Settings\All Users\Application Data\17298674\17298674.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "H:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "H:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ProxyWay] H:\Program Files\ProxyWay\proxyway.exe
O4 - HKCU\..\Run: [Google Update] "H:\Documents and Settings\Buzzy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [GetModule33] H:\Program Files\GetModule\GetModule33.exe
O4 - HKCU\..\Run: [jsf8uiw3jnjgffght] H:\WINDOWS\TEMP\winlognn.exe
O4 - HKCU\..\Run: [SuperAdBlocker] H:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Linksys EasyLink Advisor.lnk = H:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
O8 - Extra context menu item: &AIM Toolbar Search - H:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - H:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - H:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - H:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - H:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: h:\windows\system32\nwprovau.dll
O11 - Options group: [java_sun] Java (Sun)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - H:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{49A0329B-F518-42C8-A172-95BFEC732CAE}: NameServer = 68.238.64.12,68.238.96.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{49A0329B-F518-42C8-A172-95BFEC732CAE}: NameServer = 68.105.28.12,68.105.29.12
O17 - HKLM\System\CS2\Services\Tcpip\..\{49A0329B-F518-42C8-A172-95BFEC732CAE}: NameServer = 68.238.64.12,68.238.96.12
O17 - HKLM\System\CS3\Services\Tcpip\..\{49A0329B-F518-42C8-A172-95BFEC732CAE}: NameServer = 68.238.64.12,68.238.96.12
O17 - HKLM\System\CS4\Services\Tcpip\..\{49A0329B-F518-42C8-A172-95BFEC732CAE}: NameServer = 68.238.64.12,68.238.96.12
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - H:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O18 - Protocol: x-wpexpert - {382E05AF-964B-41CE-B2B5-ED0BF48013C0} - (no file)
O20 - AppInit_DLLs: c:\progra~1\Manson\liser.dll
O20 - Winlogon Notify: !SABWinLogon - H:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O20 - Winlogon Notify: Antiwpa - H:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Norton 2009 Reset (.norton2009Reset) - Unknown owner - H:\Documents and Settings\All Users\Application Data\Norton\Norton2009Reset.exe
O23 - Service: Adobe Active File Monitor V7 (adobeactivefilemonitor7.0) - Adobe Systems Incorporated - H:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apache2.2 - Apache Software Foundation - H:\xampp\apache\bin\apache.exe
O23 - Service: Apple Mobile Device - Apple Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - H:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DNSexit - Unknown owner - H:\Program Files\DNSexit IP Updater\dnsexit_srv.exe
O23 - Service: FLEXnet Licensing Service (flexnet licensing service) - Macrovision Europe Ltd. - H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - H:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - H:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - H:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: Macromedia Licensing Service (macromedia licensing service) - Unknown owner - H:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Ms-java - Unknown owner - H:\WINDOWS\system32\system\ms-java.exe (file missing)
O23 - Service: mysql - Unknown owner - H:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - H:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Norton Internet Security - Symantec Corporation - H:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - H:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: sopidkc Service (sopidkc) - Elecard Lt - H:\WINDOWS\system32\sopidkc.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - H:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - H:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - H:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 9548 bytes

buzzyboy
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2009-06-26
OS OS : Windows XP SP2
Points Points : 27216
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security 2009 Virus

Post by Belahzur on 27th June 2009, 5:35 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O2 - BHO: (no name) - {3708018c-322e-be0b-21e4-67d87ba64cf4} - (no file)
    O2 - BHO: bignetdaddy - {75df2afd-67cb-1e07-92d9-2e8af02f18bf} - H:\WINDOWS\system32\nsg34DA.dll
    O4 - HKLM\..\Run: [System Driver] C:\windows\system\programas\two.bat
    O4 - HKLM\..\Run: [17298674] H:\Documents and Settings\All Users\Application Data\17298674\17298674.exe
    O4 - HKCU\..\Run: [GetModule33] H:\Program Files\GetModule\GetModule33.exe
    O4 - HKCU\..\Run: [jsf8uiw3jnjgffght] H:\WINDOWS\TEMP\winlognn.exe
    O18 - Protocol: x-wpexpert - {382E05AF-964B-41CE-B2B5-ED0BF48013C0} - (no file)
    O20 - AppInit_DLLs: c:\progra~1\Manson\liser.dll


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum