Please help if possible (Anti Virus Pro/Intsecureprof issue)

View previous topic View next topic Go down

Please help if possible (Anti Virus Pro/Intsecureprof issue)

Post by t_jewell on 25th November 2009, 5:43 am

Hello,

I visited a site I didn't recognize (silly me) and intsecureprof2009 got on my system. Now here's why this is a dilly of a pickle. This is a semi new install so I don't have hijack this, and the virus/malware has cut off my ability to use MBAM or CCleaner. Avast has been able to run but didn't find anything and my internet connection has been eaten by this nasty little program. Anyway I'm writing this on a smartphone. I have a Mac OSX laptop but it is dead at the moment.

Is there a fix? I wanted to avoid a reinstall if possible.

EDIT: So last night I restarted my computer and when Windows loaded I quickly started Malwarebytes and CCleaner. Malware ran and detected 7 objects. I deleted them and was asked to restart the computer. CCleaner did it's thing but I can't really tell if it fixed anything or not.

I now (obviously) have internet connection, but only through Firefox. I still cannot download hijack this for some reason. I tried using trendmicro's online scan but it's no longer only online, and requires a download. When I did that it automatically locked the program out so I can't use it. Also since it's been on for a few minutes now, MBAM won't open so I can't update in case there's something it missed. I don't know if it's important but my MSN Messenger can still sign in (though I have it off so as not to infect my friends.)


Last edited by t_jewell on 25th November 2009, 1:54 pm; edited 1 time in total (Reason for editing : Updated (possibly useful) information)

t_jewell
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2009-11-25
OS OS : Windows XP
Points Points : 25748
# Likes # Likes : 0

View user profile

Back to top Go down

Finally!

Post by t_jewell on 25th November 2009, 6:07 pm

Got Hijack This when a friend suggested safe mode with networking. My log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:04:48 PM, on 11/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {4DF1FF09-4B78-4845-9F7B-2FC31AD6BA25} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E61453F-DFC1-4A92-AD53-8EC24B780CED} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {CE021937-5627-4360-8B2E-0F8D855C04CD} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [uxaimtov] C:\Documents and Settings\Liquid\Local Settings\Application Data\dtnurh\pfbnsysguard.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB1758] command /c del "C:\Documents and Settings\Liquid\Application Data\AdwareAlert\Log\2008 Apr 26 - 03_00_00 AM_050.log"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8764] cmd /c del "C:\Documents and Settings\Liquid\Application Data\AdwareAlert\Log\2008 Apr 26 - 03_00_00 AM_050.log"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6414] command /c del "C:\Documents and Settings\Liquid\Application Data\AdwareAlert\Log\2008 Apr 26 - 03_00_00 AM_097.log"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7478] cmd /c del "C:\Documents and Settings\Liquid\Application Data\AdwareAlert\Log\2008 Apr 26 - 03_00_00 AM_097.log"
O4 - HKCU\..\RunOnce: [SpybotDeletingB257] command /c del "C:\Documents and Settings\Liquid\Application Data\AdwareAlert\Settings\ScanResults.pie"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7370] cmd /c del "C:\Documents and Settings\Liquid\Application Data\AdwareAlert\Settings\ScanResults.pie"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5724] command /c del "C:\WINDOWS\system32\qoMgddET.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1400] cmd /c del "C:\WINDOWS\system32\qoMgddET.dll_old"
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: tuvSijJA - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Avast.Professional.v4.8.1229.Incl.Keymaker-CORE\Program\aswUpdSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - F:\Avast.Professional.v4.8.1229.Incl.Keymaker-CORE\Program\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 5104 bytes

t_jewell
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2009-11-25
OS OS : Windows XP
Points Points : 25748
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Please help if possible (Anti Virus Pro/Intsecureprof issue)

Post by Belahzur on 25th November 2009, 7:32 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - AutorunsDisabled - (no file)
    O2 - BHO: (no name) - {4DF1FF09-4B78-4845-9F7B-2FC31AD6BA25} - (no file)
    O2 - BHO: (no name) - {7E61453F-DFC1-4A92-AD53-8EC24B780CED} - (no file)
    O2 - BHO: (no name) - {CE021937-5627-4360-8B2E-0F8D855C04CD} - (no file)
    O4 - HKLM\..\Run: [uxaimtov] C:\Documents and Settings\Liquid\Local Settings\Application Data\dtnurh\pfbnsysguard.exe
    O4 - HKCU\..\RunOnce: [SpybotDeletingB1758] command /c del "C:\Documents and Settings\Liquid\Application Data\AdwareAlert\Log\2008 Apr 26 - 03_00_00 AM_050.log"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD8764] cmd /c del "C:\Documents and Settings\Liquid\Application Data\AdwareAlert\Log\2008 Apr 26 - 03_00_00 AM_050.log"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB6414] command /c del "C:\Documents and Settings\Liquid\Application Data\AdwareAlert\Log\2008 Apr 26 - 03_00_00 AM_097.log"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7478] cmd /c del "C:\Documents and Settings\Liquid\Application Data\AdwareAlert\Log\2008 Apr 26 - 03_00_00 AM_097.log"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB257] command /c del "C:\Documents and Settings\Liquid\Application Data\AdwareAlert\Settings\ScanResults.pie"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7370] cmd /c del "C:\Documents and Settings\Liquid\Application Data\AdwareAlert\Settings\ScanResults.pie"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB5724] command /c del "C:\WINDOWS\system32\qoMgddET.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD1400] cmd /c del "C:\WINDOWS\system32\qoMgddET.dll_old"
    O20 - Winlogon Notify: tuvSijJA - C:\WINDOWS\


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum