security tool virus

View previous topic View next topic Go down

security tool virus

Post by JESSICAB on 23rd December 2009, 5:38 am

I got the security tool virus. Finally after multiple tries i got malware to download and I ran it actually twice. And it seems to have gone away. But I did read that with some people it has came back and there were suggestions to use HiJACK THIS. So I ran it and this was the results can someone please let me know what I need to do now. I have no idea what all that means


Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 9:35:44 AM, on 12/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
O1 - Hosts: 78.159.110.51 [You must be registered and logged in to see this link.]
O1 - Hosts: 78.159.110.51 [You must be registered and logged in to see this link.]
O1 - Hosts: 78.159.110.51 [You must be registered and logged in to see this link.]
O1 - Hosts: 78.159.110.51 [You must be registered and logged in to see this link.]
O1 - Hosts: 78.159.110.51 [You must be registered and logged in to see this link.]
O1 - Hosts: 78.159.110.51 [You must be registered and logged in to see this link.]
O1 - Hosts: 78.159.110.51 [You must be registered and logged in to see this link.]
O1 - Hosts: 78.159.110.51 [You must be registered and logged in to see this link.]
O1 - Hosts: 78.159.110.51 [You must be registered and logged in to see this link.]
O1 - Hosts: 78.159.110.51 [You must be registered and logged in to see this link.]
O1 - Hosts: 78.159.110.51 [You must be registered and logged in to see this link.]
O1 - Hosts: 78.159.110.51 [You must be registered and logged in to see this link.]
O1 - Hosts: 78.159.110.51 [You must be registered and logged in to see this link.]
O1 - Hosts: 78.159.110.51 [You must be registered and logged in to see this link.]
O1 - Hosts: 78.159.110.51 [You must be registered and logged in to see this link.]
O1 - Hosts: 78.159.110.51 [You must be registered and logged in to see this link.]
O1 - Hosts: 78.159.110.51 [You must be registered and logged in to see this link.]
O1 - Hosts: 78.159.110.51 [You must be registered and logged in to see this link.]
O1 - Hosts: 78.159.110.51 [You must be registered and logged in to see this link.]
O1 - Hosts: 78.159.110.51 [You must be registered and logged in to see this link.]
O1 - Hosts: 78.159.110.51 [You must be registered and logged in to see this link.]
O1 - Hosts: 78.159.110.51 search.yahoo.com
O1 - Hosts: 78.159.110.51 us.search.yahoo.com
O1 - Hosts: 78.159.110.51 uk.search.yahoo.com
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Wishpot Button - {9E40F4A8-6896-4b67-91F5-F6F287ECB5D9} - C:\Program Files\Wishpot\ietb.dll
O3 - Toolbar: Wishpot Button - {7DAAFFD0-5A88-447d-96C6-E6CA06AF0758} - C:\Program Files\Wishpot\ietb.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: DW WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6002 bytes

JESSICAB
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-12-19
OS OS : windows xp
Points Points : 25629
# Likes # Likes : 0

View user profile

Back to top Go down

Re: security tool virus

Post by Dr Jay on 23rd December 2009, 5:56 am

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: security tool virus

Post by JESSICAB on 23rd December 2009, 6:40 am

I tried to follow the steps and rename the program. I got a pop up that said these sights where not affilitaed with bleeping computer. So I am downloading it and will try to install it again

JESSICAB
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-12-19
OS OS : windows xp
Points Points : 25629
# Likes # Likes : 0

View user profile

Back to top Go down

Re: security tool virus

Post by JESSICAB on 23rd December 2009, 6:54 am

I tried again and this is the message I get

Disclaimer of warranty on software

the following websites are not in any way affiliated with combofix:

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

If you have purchased anything from them, I suggest you instruct your financiers to cancel the transaction.

Aguide on proper Combofix usage may be found at
[You must be registered and logged in to see this link.]

Combofix is meant for private use. It should nebver be used in an unsupervised enviroment. If infections are found,it will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.

This software is provided 'as is' without warranty of any kind. All implied warranties are expressly disclaimed. If you do not agree to the above tems Exit




Do I need to exit or continue with this

JESSICAB
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-12-19
OS OS : windows xp
Points Points : 25629
# Likes # Likes : 0

View user profile

Back to top Go down

Re: security tool virus

Post by Dr Jay on 23rd December 2009, 9:29 am

You can safely continue.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: security tool virus

Post by Hobbychef on 24th December 2009, 12:27 am

Moderated Message: Hello, your comment has been removed. Please do not post in another member's topic. If you need help, please read [You must be registered and logged in to see this link.] over and [You must be registered and logged in to see this link.] to open a new topic. ~DragonMaster Jay

Hobbychef
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2009-12-23
OS OS : Windows XP
Points Points : 25448
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum