Antivirus Sys Pro really got me, can't open Hijach This

View previous topic View next topic Go down

Antivirus Sys Pro really got me, can't open Hijach This

Post by snafu22 on 20th September 2009, 8:15 pm

I'm hoping one of savvy folks can assist me. I have not had a virus for years but somehow the
Antivirus Sys Pro got me good today. I have been searching the net for removal information which lead me here. I am experiencing the following. I.E. staring on it's own with porn sites.
Antivirus Pro pop-ups, windows security alerts ect. I ran Malwarebytes which only found one file -(stupid me didn't write it down) which it fixed. After a re-boot it seemed as nothing had changed. The longer the pop-ups run the worse it seemed to be getting. I can not open Malwarebytes, HiJackThis, AVG. nor outlook express. Where do I go from here ?

Regards
Snafu22

snafu22
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-09-20
OS OS : xp pro
Points Points : 26390
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Sys Pro really got me, can't open Hijach This

Post by Belahzur on 20th September 2009, 9:17 pm

Hello.
Do you get an error message that says permission is denied/can't find the file/bad path?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus Sys Pro really got me, can't open Hijach This

Post by snafu22 on 20th September 2009, 9:36 pm

No Sir- No errors at all

snafu22
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-09-20
OS OS : xp pro
Points Points : 26390
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Sys Pro really got me, can't open Hijach This

Post by snafu22 on 20th September 2009, 9:48 pm

With repeated tries- I got Hijackthis open and have a log file.
May I post it ?

Regards
Snafu22

snafu22
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-09-20
OS OS : xp pro
Points Points : 26390
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Sys Pro really got me, can't open Hijach This

Post by snafu22 on 20th September 2009, 10:18 pm

I managed to open Malwarebytes and ran it again. Both log file only found one problem - from log file

"Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully."

These pop-ups are very boring--- and opening anything is difficult.

THX -

snafu22
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-09-20
OS OS : xp pro
Points Points : 26390
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Sys Pro really got me, can't open Hijach This

Post by Belahzur on 20th September 2009, 11:44 pm

Hello.
Can you post the Hijack This log please?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus Sys Pro really got me, can't open Hijach This

Post by snafu22 on 21st September 2009, 12:15 am

I really appreciate your assistance

Snafu
_________________________________________

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\HPOVDX05.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\ymfkcx\nekusysguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.226 windows-shield.microsoft.com
O1 - Hosts: 91.212.127.226 windows-shield.com
O1 - Hosts: 91.212.127.226 [You must be registered and logged in to see this link.]
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [STARTRIGHT] "C:\Program Files\StartRight\StartRight.exe" -go
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [STARTRIGHT] "C:\Program Files\StartRight\StartRight.exe" -pre
O4 - Global Startup: Shortcut to HPOstr05.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\Bin\HPOstr05.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - [You must be registered and logged in to see this link.]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Update Service (gupdate1c921a737ef0a7c) (gupdate1c921a737ef0a7c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 5384 bytes

snafu22
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-09-20
OS OS : xp pro
Points Points : 26390
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Sys Pro really got me, can't open Hijach This

Post by snafu22 on 21st September 2009, 1:41 am

I ran Trend Micro's free scan prior to making the above log file. - it found a couple bugs which were fixed . I see C:\Program Files\ymfkcx\nekusysguard.exe in the log and found it running in Task manager. I stopped it and now I don't get the error message every time a exe file tries to open. How do I get rid of this nekusysguard.exe and all it's little tentacles ?

All this started when I was looking for the Packer game streamed. ;-(

Regards
snafu

snafu22
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-09-20
OS OS : xp pro
Points Points : 26390
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Sys Pro really got me, can't open Hijach This

Post by Belahzur on 21st September 2009, 8:24 am

Hello.

  • Open HijackThis.
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O1 - Hosts: ::1 localhost
    O1 - Hosts: 91.212.127.226 windows-shield.microsoft.com
    O1 - Hosts: 91.212.127.226 windows-shield.com
    O1 - Hosts: 91.212.127.226 [You must be registered and logged in to see this link.]


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus Sys Pro really got me, can't open Hijach This

Post by snafu22 on 22nd September 2009, 1:26 am

Balahzar- I think we have it. "No malicious items detected" Ya-Hooo.
I still have that C:\Program Files\ymfkcx\nekusysguard.exe folder/file but once it was taken from the start menu all the nags are gone. May I just delete it ?
Best Regards
snAfu
___________________________________________________________
Malwarebytes' Anti-Malware 1.41
Database version: 2839
Windows 5.1.2600 Service Pack 2

9/21/2009 6:16:08 PM
mbam-log-2009-09-21 (18-16-08).txt

Scan type: Quick Scan
Objects scanned: 121934
Time elapsed: 11 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

snafu22
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-09-20
OS OS : xp pro
Points Points : 26390
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus Sys Pro really got me, can't open Hijach This

Post by Belahzur on 22nd September 2009, 7:28 pm

Hello.
Yes, just delete this folder in bold::

C:\Program Files\ymfkcx

This should be fine now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus Sys Pro really got me, can't open Hijach This

Post by snafu22 on 23rd September 2009, 12:17 am

Thanks a bunch Belahzur - a donation coming your way.

Regards
Snafu22

snafu22
Novice
Novice

Posts Posts : 8
Joined Joined : 2009-09-20
OS OS : xp pro
Points Points : 26390
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum