antivirus system pro

View previous topic View next topic Go down

antivirus system pro

Post by gruffnuts on 15th November 2009, 11:39 pm

Hi, really hope you can help as this horrible little thing has wasted most of my weekend...

basically, i got the virus - foudn two different walthroughs of houw to get rid of it - have followed those through twice, foudn the bits they mention, though the majority dont appear where the guides suggested they would.

i cant find any sign of it in add/removed programs - or anywhere in fact - just that horrible red box that keeps popping up ever 30 seconds...

after a while i came across your malware suggestion and got all excited as it seemd that people were having success...sadly after downloading it, the virus, sneaky monkey that it is, wouldnt let me open malware to do a scan and hunt it down...also not in safe mode...so then i came across somehting called hijack this - and that is about where we are up to now...

i probably cant explain quite how much you would be saving my bacon ifyou can help me out...

anything you can do would be much appreciated,

Michael

below is the saved log file - hopefully i have done that bit right, though for ages the virus wasnt letting me get into notepad...

lastly - you guys are legends!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:19:31, on 15/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\DNA\btdna.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\rigbqw\kvgosysguard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\winlogon.scr
C:\WINDOWS\system32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.227 esysprotector2009.microsoft.com
O1 - Hosts: 91.212.127.227 esysprotector2009.com
O1 - Hosts: 91.212.127.227 [You must be registered and logged in to see this link.]
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [tgyydwtv] C:\Documents and Settings\Administrator\Local Settings\Application Data\rigbqw\kvgosysguard.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [tgyydwtv] C:\Documents and Settings\Administrator\Local Settings\Application Data\rigbqw\kvgosysguard.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Google Update Service (gupdate1ca30bd6b4a5f0e) (gupdate1ca30bd6b4a5f0e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 5023 bytes

gruffnuts
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-11-15
OS OS : XP
Points Points : 25797
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirus system pro

Post by Dr Jay on 15th November 2009, 11:47 pm

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

Re: antivirus system pro

Post by gruffnuts on 16th November 2009, 12:06 am

firstly - many thanks for such a speedy reply!

after initially being about to post that i'd tried this to no avail, somehow i got a way through the various error messages and got malware going, so its currently scanning while i get some sleep...

will post my progress in the morning...

as previously mentioned - much like a certain mr william smith - you are legend!

Michael

gruffnuts
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-11-15
OS OS : XP
Points Points : 25797
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirus system pro

Post by Dr Jay on 16th November 2009, 12:10 am

Ok. Post when ready.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

Re: antivirus system pro

Post by gruffnuts on 16th November 2009, 5:39 pm

hi again, this the log that i got back - having removed the threats not much, if anything has changed - perhaps the frequency of popups is down slightly, but still cant get rid of this pesky thing...

thanks

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 2

16/11/2009 08:57:01
mbam-log-2009-11-16 (08-57-01).txt

Scan type: Full Scan (C:\|)
Objects scanned: 128658
Time elapsed: 38 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\System32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\System32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Administrator\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Desktop\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

gruffnuts
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-11-15
OS OS : XP
Points Points : 25797
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirus system pro

Post by Dr Jay on 16th November 2009, 7:17 pm

Please run [You must be registered and logged in to see this link.] online scan.

  • Click the big green Scan now button
  • If it wants to install an ActiveX component or Firefox add-on - allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Once the scan is completed, please hit the notepad icon next to the text Export to:
  • Save it to a convenient location such as your Desktop
  • Post the contents of the ActiveScan.txt in your next reply


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

Re: antivirus system pro

Post by gruffnuts on 16th November 2009, 8:20 pm

hi - i'm able to download it initially but cant download update 2.0 - tried in normal and safe mode but to no avail...

gruffnuts
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-11-15
OS OS : XP
Points Points : 25797
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirus system pro

Post by Dr Jay on 17th November 2009, 4:46 am

Please use Internet Explorer and run a [You must be registered and logged in to see this link.]

  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan
Please post the results in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

Re: antivirus system pro

Post by gruffnuts on 17th November 2009, 7:34 pm

hi again,

so here is the scan....i'll give it a restart and see how it goes....cheers




BitDefender Online Scanner







Scan report generated at: Tue, Nov 17, 2009 - 19:17:39









Scan path: C:\;D:\;















Statistics

Time


00:54:35

Files


125987

Folders


4580

Boot Sectors


0

Archives


1037

Packed Files


5510







Results

Identified Viruses


4

Infected Files


4

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


4







Engines Info

Virus Definitions


4553605

Engine build


AVCORE v2.1 Windows/i386 11.0.0.26 (Oct 20 2009)

Scan plugins


17

Archive plugins


44

Unpack plugins


8

E-mail plugins


6

System plugins


4







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\Documents and Settings\Administrator\Local Settings\Temp\Acr1F3.tmp


Infected with: Trojan.Script.231856

C:\Documents and Settings\Administrator\Local Settings\Temp\Acr1F3.tmp


Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\jar_cache5065949814244660123.tmp=>myf/y/AppletX.class


Infected with: Trojan.Generic.IS.614610

C:\Documents and Settings\Administrator\Local Settings\Temp\jar_cache5065949814244660123.tmp=>myf/y/AppletX.class


Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\jar_cache5065949814244660123.tmp


Updated

C:\Documents and Settings\Administrator\Local Settings\Temp\jar_cache5065949814244660123.tmp=>myf/y/LoaderX.class


Infected with: Trojan.Generic.IS.617631

C:\Documents and Settings\Administrator\Local Settings\Temp\jar_cache5065949814244660123.tmp=>myf/y/LoaderX.class


Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\jar_cache5065949814244660123.tmp


Updated

C:\Documents and Settings\Administrator\Local Settings\Temp\jar_cache5065949814244660123.tmp=>myf/y/PayloadX.class


Infected with: Trojan.Generic.IS.616012

C:\Documents and Settings\Administrator\Local Settings\Temp\jar_cache5065949814244660123.tmp=>myf/y/PayloadX.class


Deleted

C:\Documents and Settings\Administrator\Local Settings\Temp\jar_cache5065949814244660123.tmp


Updated

gruffnuts
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-11-15
OS OS : XP
Points Points : 25797
# Likes # Likes : 0

View user profile

Back to top Go down

Re: antivirus system pro

Post by Dr Jay on 17th November 2009, 8:30 pm

Please re-open Malwarebytes, click the Update and and select the button Check for Updates. Then, click the scanner tab, select Quick Scan, and click the Scan button. Remove selected, then post the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13743
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302211
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum