Virus on Windows 7

View previous topic View next topic Go down

Virus on Windows 7

Post by shockz13 on 23rd July 2009, 12:31 am

Hey, today i was trying to crack bullguard and got a virus Goofy anyone I'm running Windows 7 beta 7100

log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:29:56 PM, on 22/07/2009
Platform: Unknown Windows (WinNT 6.01.3004)
MSIE: Internet Explorer v8.00 (8.00.7100.0000)
Boot mode: Normal

Running processes:
F:\Windows\system32\Dwm.exe
F:\Windows\system32\taskhost.exe
F:\Windows\Explorer.EXE
F:\Program Files\Java\jre6\bin\jusched.exe
F:\Program Files\Windows Sidebar\sidebar.exe
F:\Windows\system32\wuauclt.exe
F:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
C:\Program Files\Steam\Steam.exe
F:\Program Files\BullGuard Ltd\BullGuard\BGScan.exe
F:\Windows\system32\DeviceDisplayObjectProvider.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Internet Explorer\IELowutil.exe
F:\Windows\system32\SearchFilterHost.exe
F:\Windows\explorer.exe
F:\Users\Taylor\Downloads\winlogon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BullGuard] "F:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot
O4 - HKCU\..\Run: [BullGuard] "F:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: [Sidebar] F:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] F:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] F:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O10 - Unknown file in Winsock LSP: f:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\bglsp.dll
O13 - Gopher Prefix:
O23 - Service: AMD External Events Utility - AMD - F:\Windows\system32\atiesrxx.exe
O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - F:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: Steam Client Service - Valve Corporation - F:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 4509 bytes

shockz13
Intermediate
Intermediate

Posts Posts : 57
Joined Joined : 2009-01-18
OS OS : Windows 7 Ultimate SP1
Points Points : 29212
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus on Windows 7

Post by shockz13 on 24th July 2009, 7:31 am

bump

shockz13
Intermediate
Intermediate

Posts Posts : 57
Joined Joined : 2009-01-18
OS OS : Windows 7 Ultimate SP1
Points Points : 29212
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus on Windows 7

Post by shockz13 on 25th July 2009, 8:02 am

bump

shockz13
Intermediate
Intermediate

Posts Posts : 57
Joined Joined : 2009-01-18
OS OS : Windows 7 Ultimate SP1
Points Points : 29212
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus on Windows 7

Post by Belahzur on 25th July 2009, 7:07 pm

Sorry for the delay. Your topic probably got pushed back because there isn't much we can do here.
Your log shows the problem, but not many use Windows 7 right now and our tools aren't designed for Windows 7 yet.

Further more, you should know using illegal software like cracks will get you infected, since you posted here once before.

The worst part is, that the malware is using your LSP chain as somewhere to hide. If I was to kick the file out of your machine, it would likely break your LSP chain and you'll lose internet access.

What build of Windows 7 is this? you may need to start over again if our tools won't run.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum