malware removal : )

View previous topic View next topic Go down

malware removal : )

Post by jeujeu on 22nd September 2009, 3:51 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:12 PM, on 9/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\V0350Mon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe
C:\Program Files\WMP54GS Wireless Network Monitor\WMP54G.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\jonnny\Desktop\winlogon.scr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SBCONVERT - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0350Mon.exe] C:\WINDOWS\V0350Mon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WMP54GSVC - GEMTEKS - C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe

--
End of file - 6261 bytes

jeujeu
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-09-22
OS OS : XP
Points Points : 26367
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malware removal : )

Post by Dr Jay on 22nd September 2009, 4:23 am

Hi

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14307
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302944
# Likes # Likes : 10

View user profile

Back to top Go down

Re: malware removal : )

Post by jeujeu on 23rd September 2009, 12:04 am

Btw, i already installed Malwarebytes Anti-Malware. It discovered no threats at all. But still, i a cannot browse after a few minutes from opening my computer. The internet is still connected and i can ping, but cant browse or go on msn. Soo in a short summary, no detection of malware, and still losing internet after a few minutes. Heres a log of my scan.

Malwarebytes' Anti-Malware 1.41
Database version: 2839
Windows 5.1.2600 Service Pack 2

9/21/2009 8:01:55 PM
mbam-log-2009-09-21 (20-01-55).txt

Scan type: Full Scan (C:\|J:\|)
Objects scanned: 155098
Time elapsed: 19 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

jeujeu
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-09-22
OS OS : XP
Points Points : 26367
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malware removal : )

Post by Dr Jay on 23rd September 2009, 2:42 am

Hi

Please do a scan with [You must be registered and logged in to see this link.]

Click on the Accept button and install any components it needs.

  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14307
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302944
# Likes # Likes : 10

View user profile

Back to top Go down

Re: malware removal : )

Post by jeujeu on 23rd September 2009, 4:31 am

Heyy.

Wednesday, September 23, 2009
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, September 23, 2009 04:27:19
Records in database: 2870553
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan statistics
Objects scanned 70593
Threats found 2
Infected objects found 3
Suspicious objects found 0
Scan duration 01:23:17

File name Threat Threats count
C:\Documents and Settings\jonnny\Desktop\CabalRider_USA\bin\CabalRider.exe Infected: Trojan.Win32.Vapsup.wbj 1
C:\Documents and Settings\jonnny\Desktop\CabalRider_USA1.0.48.exe Infected: Trojan.Win32.Vapsup.wbj 1
C:\Documents and Settings\jonnny\My Documents\Application\toolbar.exe Infected: not-a-virus:AdWare.Win32.MegaSearch.aj 1
Selected area has been scanned.

Hmmm. Cabalrider is a hack for a game thoughh and im pretty sure its safe cause its commercialized. Not sure about toolbar.exe.

jeujeu
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-09-22
OS OS : XP
Points Points : 26367
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malware removal : )

Post by Dr Jay on 23rd September 2009, 5:32 am

Hi

What is so bad about Cracks, Hacks, Pirated software, warez, or Keygens?

I have been questioned many times on why these things are bad. I will tell you that they are one of the top distributors of malware, and are rarely safe.

Most popular cracks or keygens I see, are for Adobe CS3, a lot of different games, Nero, Kaspersky antivirus, and much more. All of these cracks and keygens have what is called "cloaked malware." Most hacks for games that come in the form of a program or installer, will also be infected. It is the opportunity for attackers to present a seemingly safe situation where the opportunity to steal something is in play, while the malware infects your system in the process. Yes, it will install what you were looking for, but also allow malware to potentially take control of your computer.

Lastly, it is illegal.

==

Download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14307
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302944
# Likes # Likes : 10

View user profile

Back to top Go down

Re: malware removal : )

Post by jeujeu on 23rd September 2009, 9:08 pm

Hello.

Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 2
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Avira AntiVir Premium
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:

HijackThis 2.0.2
Java(TM) 6 Update 16
Adobe Flash Player 10
Adobe Reader 9.1
``````````````````````````````
Process Check:
objlist.exe by Laurent

Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````````````````````````
DNS Vulnerability Check:

Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

`````````End of Log```````````

jeujeu
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-09-22
OS OS : XP
Points Points : 26367
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malware removal : )

Post by Dr Jay on 23rd September 2009, 9:11 pm

Hi

Please upgrade to Windows XP SP3, because it includes all previously released updates. It also includes a small number of new functionalities. Some of the updates that Service Pack 3 provides, you may not have. It is now available via [You must be registered and logged in to see this link.].

==

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

AntiSpyware

  • [You must be registered and logged in to see this link.]
    SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found [You must be registered and logged in to see this link.].
  • [You must be registered and logged in to see this link.].
    Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).


NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
[You must be registered and logged in to see this link.]

Securing your computer

  • [You must be registered and logged in to see this link.] - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • [You must be registered and logged in to see this link.] replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.


Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:


Thank you for choosing GeekPolice. Please see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14307
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302944
# Likes # Likes : 10

View user profile

Back to top Go down

Re: malware removal : )

Post by jeujeu on 24th September 2009, 12:01 am

In your opinion which anti spyware is better.

jeujeu
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-09-22
OS OS : XP
Points Points : 26367
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malware removal : )

Post by Dr Jay on 24th September 2009, 12:12 am

Both of those listed can be used at the same time. Smile


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14307
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302944
# Likes # Likes : 10

View user profile

Back to top Go down

Re: malware removal : )

Post by jeujeu on 24th September 2009, 1:17 am

Thank you very much. This is 5-star support : )

jeujeu
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-09-22
OS OS : XP
Points Points : 26367
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malware removal : )

Post by jeujeu on 24th September 2009, 2:17 am

Ok ive installled all the spyware software. Also, just did a scan of the entire computer with spybot. I'll see if this fixes the problem with the internet. Thanks you very much for your support : )

jeujeu
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-09-22
OS OS : XP
Points Points : 26367
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malware removal : )

Post by jeujeu on 24th September 2009, 10:52 pm

Hey, im still experiencing internet problems
After a while, I still cant connect to a site. It works perfectly fine after i restart computer. What's the problem? Btw, i have done another security check scan. Here are the results:

Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Avira AntiVir Premium
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:

SpywareBlaster 4.2
Spybot - Search & Destroy
HijackThis 2.0.2
Java(TM) 6 Update 16
Adobe Flash Player 10
Adobe Reader 9.1
``````````````````````````````
Process Check:
objlist.exe by Laurent

Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````````````````````````
DNS Vulnerability Check:

Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

`````````End of Log```````````

jeujeu
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-09-22
OS OS : XP
Points Points : 26367
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malware removal : )

Post by Dr Jay on 25th September 2009, 1:25 am

Hi

Rooter Rootkit Detector - [You must be registered and logged in to see this link.]

Download [You must be registered and logged in to see this link.] to your desktop

  1. Double click it to start the tool.
  2. A Notepad file containing the report will open, also found at
    %systemdrive%(usually C:)\Rooter.txt. Post that log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14307
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302944
# Likes # Likes : 10

View user profile

Back to top Go down

Re: malware removal : )

Post by jeujeu on 25th September 2009, 1:41 am

Hello. Here is the scan for Rooter.exe

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 3
[32_bits] - x86 Family 6 Model 15 Stepping 6, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
.
Internet Explorer 7.0.5730.11
.
C:\ [Fixed-NTFS] .. ( Total:232 Go - Free:155 Go )
D:\ [CD_Rom]
E:\ [Removable]
F:\ [Removable]
G:\ [Removable]
H:\ [Removable]
I:\ [CD_Rom]
J:\ [Fixed-NTFS] .. ( Total:149 Go - Free:34 Go )
.
Scan : 21:40.19
Path : C:\Documents and Settings\jonnny\Desktop\Rooter.exe
User : jonnny ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (632)
______ \??\C:\WINDOWS\system32\csrss.exe (688)
______ \??\C:\WINDOWS\system32\winlogon.exe (712)
______ C:\WINDOWS\system32\services.exe (756)
______ C:\WINDOWS\system32\lsass.exe (768)
______ C:\WINDOWS\system32\svchost.exe (960)
______ C:\WINDOWS\system32\svchost.exe (1028)
______ C:\WINDOWS\System32\svchost.exe (1068)
______ C:\WINDOWS\system32\svchost.exe (1208)
______ C:\WINDOWS\system32\svchost.exe (1232)
______ C:\WINDOWS\system32\spoolsv.exe (1636)
______ C:\Program Files\Avira\AntiVir Desktop\sched.exe (1676)
______ C:\Program Files\Avira\AntiVir Desktop\avguard.exe (172)
______ C:\Program Files\Java\jre6\bin\jqs.exe (208)
______ C:\WINDOWS\system32\nvsvc32.exe (240)
______ C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe (284)
______ C:\Program Files\WMP54GS Wireless Network Monitor\WMP54G.exe (352)
______ C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (1464)
______ C:\WINDOWS\System32\alg.exe (1868)
______ C:\WINDOWS\Explorer.EXE (672)
______ C:\WINDOWS\system32\WgaTray.exe (1772)
______ C:\WINDOWS\system32\RUNDLL32.EXE (2324)
______ C:\WINDOWS\RTHDCPL.EXE (2444)
______ C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (2484)
______ C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe (2764)
______ C:\WINDOWS\V0350Mon.exe (2772)
______ C:\Program Files\Java\jre6\bin\jusched.exe (2976)
______ C:\WINDOWS\system32\ctfmon.exe (3120)
______ C:\Program Files\Windows Live\Messenger\msnmsgr.exe (3136)
______ C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe (3272)
______ C:\Program Files\DAEMON Tools Lite\daemon.exe (3284)
______ C:\Program Files\Electronic Arts\EADM\Core.exe (3432)
______ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (3460)
______ C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE (2832)
______ C:\Program Files\Mozilla Firefox\firefox.exe (3648)
______ C:\Program Files\Windows Live\Contacts\wlcomm.exe (3880)
______ C:\Program Files\Windows Media Player\wmplayer.exe (3596)
______ C:\Documents and Settings\jonnny\Desktop\Rooter.exe (2596)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:250048479744)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 21:40.45
.
C:\Rooter$\Rooter_1.txt - (24/09/2009 | 21:40.45)

jeujeu
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-09-22
OS OS : XP
Points Points : 26367
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malware removal : )

Post by Dr Jay on 25th September 2009, 1:53 am

Hi

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14307
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302944
# Likes # Likes : 10

View user profile

Back to top Go down

Re: malware removal : )

Post by jeujeu on 25th September 2009, 2:33 am

Hello again. Here is the Malwarebytes Scan:

Malwarebytes' Anti-Malware 1.41
Database version: 2857
Windows 5.1.2600 Service Pack 3

9/24/2009 10:32:31 PM
mbam-log-2009-09-24 (22-32-31).txt

Scan type: Quick Scan
Objects scanned: 92166
Time elapsed: 4 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\jonnny\Desktop\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

jeujeu
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-09-22
OS OS : XP
Points Points : 26367
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malware removal : )

Post by Dr Jay on 25th September 2009, 2:37 am

Everything is clean. Smile


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14307
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302944
# Likes # Likes : 10

View user profile

Back to top Go down

Re: malware removal : )

Post by jeujeu on 25th September 2009, 2:46 am

So is it just weird that sometimes I cant browse even though its connected?

jeujeu
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-09-22
OS OS : XP
Points Points : 26367
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malware removal : )

Post by Dr Jay on 25th September 2009, 4:57 am


  1. Please download LSPFix from [You must be registered and logged in to see this link.].
  2. Run the LSPFix.exe that you have just finished downloading.
  3. Check the I know what I'm doing box.
  4. In the Keep box you should see one or more instances of XXXXX.dll.
  5. Select every instance of XXXXX.dll and move each one to the Remove box by clicking the >> button.
  6. When you are done click Finish>>.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14307
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302944
# Likes # Likes : 10

View user profile

Back to top Go down

Re: malware removal : )

Post by jeujeu on 25th September 2009, 11:34 pm

Thanks a lot!

jeujeu
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-09-22
OS OS : XP
Points Points : 26367
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malware removal : )

Post by Dr Jay on 26th September 2009, 2:14 am

Hi

Did that fix the issue?

Would you like to know how to prevent malware?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14307
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302944
# Likes # Likes : 10

View user profile

Back to top Go down

Re: malware removal : )

Post by jeujeu on 26th September 2009, 3:20 am

I think it did fix the issue. Ive been connected longer than ever before. And sure, i would like to know how to prevent malware. Btw, i cant seem to open my online game. Are any of the programs yout old me download have a firewall on online games?

jeujeu
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-09-22
OS OS : XP
Points Points : 26367
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malware removal : )

Post by Dr Jay on 26th September 2009, 3:32 am

Hi

Shouldn't be. I will have you do a quick check before I give you prevention tips.

Download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14307
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302944
# Likes # Likes : 10

View user profile

Back to top Go down

Re: malware removal : )

Post by jeujeu on 26th September 2009, 3:48 am

hello there.

Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Avira AntiVir Premium
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:

SpywareBlaster 4.2
Spybot - Search & Destroy
HijackThis 2.0.2
Java(TM) 6 Update 16
Adobe Flash Player 10
Adobe Reader 9.1
``````````````````````````````
Process Check:
objlist.exe by Laurent

Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````````````````````````
DNS Vulnerability Check:

Unknown. This method cannot test your vulnerability to DNS cache poisoning.

`````````End of Log```````````

jeujeu
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-09-22
OS OS : XP
Points Points : 26367
# Likes # Likes : 0

View user profile

Back to top Go down

Re: malware removal : )

Post by Dr Jay on 26th September 2009, 4:41 am

Hi

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Firewall

  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version.
  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  • [You must be registered and logged in to see this link.]: free and excellent firewall.


AntiSpyware

  • [You must be registered and logged in to see this link.]
    SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found [You must be registered and logged in to see this link.].
  • [You must be registered and logged in to see this link.].
    Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).


NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
[You must be registered and logged in to see this link.]

Securing your computer

  • [You must be registered and logged in to see this link.] - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • [You must be registered and logged in to see this link.] replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.


Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:


Thank you for choosing GeekPolice. Please see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14307
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302944
# Likes # Likes : 10

View user profile

Back to top Go down

Re: malware removal : )

Post by jeujeu on 27th September 2009, 1:27 am

thanks a lot !

jeujeu
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-09-22
OS OS : XP
Points Points : 26367
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum