Virus antispyware cant locate

View previous topic View next topic Go down

Virus antispyware cant locate

Post by Pinkella on 4th January 2010, 7:59 pm

Hi I'm new here. I know a little about computers but not all the technical language. I am trying to help a friend. She had a trojan on her computer, we thought it had been got rid of but no. I have run avg and spybot in normal and safe mode, neither found anything, however when you enter anything in the homepage search bar the tab at the top of the page seems to flash through alot of web address totally unrelated to the search and the web page you asked for doesnt appear. . . she first realised she had a problem when she went on Ebay and couldnt open the sign in page. I have run windows malicious software removal tool as well. If this makes sense to anyone any advice would be very much appreciated (we did consider taking a lump hammer to it) and in fairly plain english please.
Thanks

Pinkella
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-01-04
OS OS : Windows Vista
Points Points : 25356
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus antispyware cant locate

Post by Belahzur on 4th January 2010, 11:05 pm

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus antispyware cant locate

Post by Pinkella on 9th January 2010, 9:40 am

Ok thanks i will have to visit her sometime today .... and will get back to you.

Pinkella
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-01-04
OS OS : Windows Vista
Points Points : 25356
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus antispyware cant locate

Post by Belahzur on 9th January 2010, 6:55 pm

Okay, standing by.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus antispyware cant locate

Post by Pinkella on 12th January 2010, 10:03 am

Here it is !

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 10:00:29, on 12/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\vsnpstd3.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 abbeyinternational.com
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 www99.americanexpress.com
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 bankcardservices.co.uk
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 bcol.barclaycard.co.uk
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 businesscreditcardsonline.co.uk
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 cahoot.com
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 capitaloneonline.co.uk
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 cardservicing.mint.co.uk
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 egg.com
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 firstdirect.com
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 halifax-online.co.uk
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 ibank.cahoot.com
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 mbna.co.uk
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 mbna.ie
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 mybank.alliance-leicester.co.uk
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 mybusinessbank.co.uk
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 myonlineaccounts2.abbeynational.co.uk
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 myonlineaccounts3.abbeynational.co.uk
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 new.egg.com
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 olb2.nationet.com
O1 - Hosts: 92.63.106.206 myonlineaccounts2.abbeynational.co.uk
O1 - Hosts: 92.63.106.206 service.citicards.co.uk
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 signin.ebay.co.uk
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 your.egg.com
O1 - Hosts: 92.63.106.206 abbeyinternational.com
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 www99.americanexpress.com
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 bankcardservices.co.uk
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 bcol.barclaycard.co.uk
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 businesscreditcardsonline.co.uk
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 cahoot.com
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 capitaloneonline.co.uk
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 cardservicing.mint.co.uk
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 egg.com
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 firstdirect.com
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 halifax-online.co.uk
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 ibank.cahoot.com
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 mbna.co.uk
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 mbna.ie
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 mybank.alliance-leicester.co.uk
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 mybusinessbank.co.uk
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 myonlineaccounts2.abbeynational.co.uk
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 myonlineaccounts3.abbeynational.co.uk
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 new.egg.com
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 olb2.nationet.com
O1 - Hosts: 92.63.106.206 myonlineaccounts2.abbeynational.co.uk
O1 - Hosts: 92.63.106.206 service.citicards.co.uk
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 signin.ebay.co.uk
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 your.egg.com
O1 - Hosts: 92.63.106.206 abbeyinternational.com
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 www99.americanexpress.com
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 bankcardservices.co.uk
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 bcol.barclaycard.co.uk
O1 - Hosts: 92.63.106.206 [You must be registered and logged in to see this link.]
O1 - Hosts: 92.63.106.206 businesscreditcardsonline.co.uk
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: BHO - {B7B7C9E7-4AAC-467c-9BAE-76112D413A58} - C:\WINDOWS\system32\winbchs.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SIMBAR={788F5F5E-DFC8-401A-8A68-0D6C21EE0FDB}; InfoPath.1; .NET CLR 2.0.50727; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.girlgames1.com/play-11512-ultimateraceway.html"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - [You must be registered and logged in to see this link.]
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [You must be registered and logged in to see this link.]
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - [You must be registered and logged in to see this link.]
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

--
End of file - 11869 bytes

Pinkella
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-01-04
OS OS : Windows Vista
Points Points : 25356
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus antispyware cant locate

Post by Pinkella on 12th January 2010, 4:02 pm

Since posting the above my mates computer has a pc security tool appeared which blocks all internet sites.

Pinkella
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-01-04
OS OS : Windows Vista
Points Points : 25356
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus antispyware cant locate

Post by Belahzur on 12th January 2010, 6:59 pm

Hello.
Download HostsXpert from [You must be registered and logged in to see this link.]

  • Unzip it and start the program.
  • If "Make writeable?" is shown in red at the top, click it to make writeable.
  • Press "Restore MS Hosts File"
  • OK the prompt.
  • Then click on "Make read only"
  • Exit HostXpert.

Next,

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: BHO - {B7B7C9E7-4AAC-467c-9BAE-76112D413A58} - C:\WINDOWS\system32\winbchs.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [You must be registered and logged in to see this link.]
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Virus antispyware cant locate

Post by Pinkella on 12th January 2010, 8:13 pm

I will try this tomorrow... she is pretty impatient and i told her not to touch it till i heard from you assuming she hasnt gone and deleted everything i will do all the above and get back to you. W
Many thanks Big Grin

Pinkella
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-01-04
OS OS : Windows Vista
Points Points : 25356
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus antispyware cant locate

Post by Belahzur on 13th January 2010, 12:14 am

While your at it, let me know if HostXpert throws up an error about not being able to create the host file, the infection here is somewhat similar to another infection where the host file is completely locked down after being hijacked, but the hijack in the other infection is different to this one.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum