Win32Agent/ODG Virus ---- PLEASE HELP!!!!

View previous topic View next topic Go down

Win32Agent/ODG Virus ---- PLEASE HELP!!!!

Post by dilligaf on Fri Apr 17, 2009 9:57 pm

I am currently having issues with a Win32Agent/ODG virus. The symptoms include the blue screen of death upon startup, hanging up my computer after logging in, and/or shutting down with the blue screen of death about 60minutes after a successful log-in. I use ESET NOD32 which identifies the virus, but says it cannot delete it. It also identifies another issue which it deletes and quarantines...but it also seems to contribute to the problems I'm having with my computer. The second virus is called: \globalroot\systemroot\system32\UACmururnkv.dll-Win32/Olmarik.HC trojan.

Here is a copy of my initial HJT scan:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:46:48 PM, on 4/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - [You must be registered and logged in to see this link.]
O18 - Protocol: bwj0s - {1EF1652F-C187-4269-9A35-EAA79D88BDF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {1EF1652F-C187-4269-9A35-EAA79D88BDF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5740 bytes

dilligaf
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-04-17
OS : XP

View user profile

Back to top Go down

Re: Win32Agent/ODG Virus ---- PLEASE HELP!!!!

Post by Belahzur on Fri Apr 17, 2009 11:19 pm

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

2. Now, start The Avenger program by clicking on its icon on your desktop.

  • Leave the script box empty.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
3. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Win32Agent/ODG Virus ---- PLEASE HELP!!!!

Post by dilligaf on Fri Apr 17, 2009 11:38 pm

Here are the results of the Avenger scan:



Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "UACd.sys" found!
ImagePath: \systemroot\system32\drivers\UACyxymeooq.sys
Start Type: 1 (System)

Rootkit scan completed.


Completed script processing.

*******************

Finished! Terminate.

dilligaf
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-04-17
OS : XP

View user profile

Back to top Go down

Re: Win32Agent/ODG Virus ---- PLEASE HELP!!!!

Post by Belahzur on Sat Apr 18, 2009 12:07 am

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Drivers to disable:
UACd.sys

Drivers to delete:
UACd.sys

Files to delete:
C:\WINDOWS\system32\drivers\UACyxymeooq.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Win32Agent/ODG Virus ---- PLEASE HELP!!!!

Post by dilligaf on Sat Apr 18, 2009 12:27 am

Here are the results of the new scan by Avenger:


Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "UACd.sys" found!
ImagePath: \systemroot\system32\drivers\UACyxymeooq.sys
Driver disabled successfully.

Rootkit scan completed.

Driver "UACd.sys" disabled successfully.
Driver "UACd.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\UACyxymeooq.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.



Seeing that file being deleted is exciting. However comma, upon restart of my computer and running another quick scan by ESET NOD32, I received a report of three new viruses of the UAC variety; the pop-up's went by too quickly for me to write down their names. I'm currently doing another full NOD32 scan in between our emails.


Many thanks so far!
Greg.

dilligaf
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-04-17
OS : XP

View user profile

Back to top Go down

Re: Win32Agent/ODG Virus ---- PLEASE HELP!!!!

Post by Belahzur on Sat Apr 18, 2009 1:16 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Win32Agent/ODG Virus ---- PLEASE HELP!!!!

Post by dilligaf on Sat Apr 18, 2009 1:55 am

Here are the results of the MBAM scan:


Malwarebytes' Anti-Malware 1.36
Database version: 1997
Windows 5.1.2600 Service Pack 3

4/17/2009 9:52:55 PM
mbam-log-2009-04-17 (21-52-55).txt

Scan type: Quick Scan
Objects scanned: 82639
Time elapsed: 29 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\WINDOWS\ieocx.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACextstrji.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACxwkbevpv.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\UAC7d24.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACdyypwbhe.log (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACyarmbnru.dat (Trojan.Agent) -> Quarantined and deleted successfully.



Also, my computer has been running for more than an hour now -- previously, it was crashing with the blue screen of death about every 60minutes after restarting.

dilligaf
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-04-17
OS : XP

View user profile

Back to top Go down

Re: Win32Agent/ODG Virus ---- PLEASE HELP!!!!

Post by Belahzur on Sat Apr 18, 2009 1:33 pm


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Win32Agent/ODG Virus ---- PLEASE HELP!!!!

Post by dilligaf on Sat Apr 18, 2009 3:03 pm

Here are the results of the DDS text:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 10:49:50.57 on Sat 04/18/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.151 [GMT -4:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Outdated)
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated)
FW: ZoneAlarm Security Suite Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uSearchAssistant = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn7\yt.dll
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [CHotkey] zHotkey.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Zone Labs Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LMIinit - LMIinit.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\gqw2ocih.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\mozilla firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-4-14 130424]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2008-5-20 15328]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-2-6 93336]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2006-8-28 21605]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2006-8-28 15668]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2006-8-28 114856]
R1 VETMONNT;VET File and Macro Monitor;c:\windows\system32\drivers\vetmonnt.sys [2006-8-28 896472]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-12-22 394872]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-2-6 727720]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2007-6-24 3712]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-4-13 47640]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-4-14 348752]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-4-14 1095560]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\packet.sys [2001-9-18 13203]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2008-8-6 216032]
S4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2008-12-29 603904]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-10 24652]
S4 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]

=============== Created Last 30 ================

2009-04-17 21:19 --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-04-17 21:19 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-17 21:19 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-17 21:19 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-17 21:19 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-17 11:26 --d--r-- c:\program files\Skype
2009-04-14 23:15 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-04-14 23:15 130,424 a------- c:\windows\system32\drivers\PCTCore.sys
2009-04-14 23:15 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-04-14 23:15 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-04-14 23:15 --d----- c:\program files\common files\PC Tools
2009-04-14 23:15 --d----- c:\program files\Spyware Doctor
2009-04-14 23:15 --d----- c:\docume~1\owner\applic~1\PC Tools
2009-04-14 23:15 --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-04-14 20:58 -cd-h--- c:\windows\ie8
2009-04-14 18:10 118 a------- c:\windows\system32\MRT.INI
2009-04-14 15:46 208,744 a------- c:\windows\system32\muweb.dll
2009-04-13 22:51 --d----- c:\program files\ESET
2009-04-13 19:54 --d----- c:\program files\Back2zip
2009-04-13 19:49 --d----- c:\docume~1\alluse~1\applic~1\Macrium
2009-04-13 19:48 --d----- c:\program files\Macrium
2009-04-13 18:58 --d----- c:\program files\TweakNow PowerPack Pro
2009-04-13 18:58 --d----- c:\docume~1\owner\applic~1\TweakNow PowerPack
2009-04-13 18:38 --d----- c:\program files\Trend Micro
2009-04-13 18:21 --d----- c:\docume~1\alluse~1\applic~1\LogMeIn
2009-04-13 18:21 28,984 a------- c:\windows\system32\LMIport.dll
2009-04-13 18:21 83,288 a------- c:\windows\system32\LMIRfsClientNP.dll
2009-04-13 18:21 47,640 a------- c:\windows\system32\drivers\LMIRfsDriver.sys
2009-04-13 18:20 87,352 a------- c:\windows\system32\LMIinit.dll
2009-04-13 18:20 1,024 a------- C:\.rnd
2009-04-13 18:20 --d----- c:\program files\LogMeIn
2009-04-13 13:05 --d----- c:\docume~1\owner\applic~1\Uniblue
2009-04-11 15:52 --d----- c:\windows\system32\NtmsData
2009-04-11 15:51 --dsh--- c:\documents and settings\owner\IECompatCache
2009-04-10 14:23 --dsh--- c:\documents and settings\owner\PrivacIE
2009-04-10 13:05 --d----- c:\program files\iPod
2009-04-10 13:05 --d----- c:\program files\iTunes
2009-04-10 13:05 --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-03-25 20:36 --dsh--- c:\documents and settings\owner\IETldCache
2009-03-23 22:03 --d----- c:\windows\ie8updates
2009-03-23 21:51 105,984 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-03-21 10:06 989,696 -c------ c:\windows\system32\dllcache\kernel32.dll

==================== Find3M ====================

2009-04-17 13:36 90,112 a------- c:\windows\DUMP7f71.tmp
2009-04-17 13:34 90,112 a------- c:\windows\DUMP804b.tmp
2009-04-17 13:30 90,112 a------- c:\windows\DUMP803c.tmp
2009-04-17 13:28 90,112 a------- c:\windows\DUMP832a.tmp
2009-04-13 13:18 4,212 ----h--- c:\windows\system32\zllictbl.dat
2009-03-19 16:32 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-02-09 08:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 08:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 08:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 08:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-07 19:02 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 07:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 07:08 2,189,056 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 06:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-03 15:59 56,832 a------- c:\windows\system32\secur32.dll
2008-08-23 03:43 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082320080824\index.dat

============= FINISH: 10:53:14.43 ===============

dilligaf
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-04-17
OS : XP

View user profile

Back to top Go down

Re: Win32Agent/ODG Virus ---- PLEASE HELP!!!!

Post by Belahzur on Sat Apr 18, 2009 4:44 pm

Hello.
The log looks good, no malware I can see. But, I now need to see what's installed.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Win32Agent/ODG Virus ---- PLEASE HELP!!!!

Post by dilligaf on Sat Apr 18, 2009 4:49 pm

Here are the results for the HJT scan:


Acrobat.com
Ad-Aware SE Personal
Adobe AIR
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.1
AIM 6
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Registration
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Back2zip 2.0
Bonjour
Canon Camera Support Core Library
Canon Camera Window DS for ZoomBrowser EX
Canon Camera Window DVC for ZoomBrowser EX
Canon Camera Window for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX
CDDRV_Installer
CommuniKate 2.0 Video Conferencing
DAEMON Tools
Digital Media Reader
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Dream Manifestation Wizard 2.0
Express Dictate
Express Scribe
FlashFXP v3
Google Desktop
Google Talk (remove only)
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
InfraRecorder
InterActual Player
IPFax
iTunes
KhalSetup
LimeWire PRO 4.18.8
Logitech Desktop Messenger
Logitech SetPoint
LogMeIn
Macrium Reflect - Free Edition
Macromedia Shockwave Player
MailFrontier Desktop
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MobileMe Control Panel
Mozilla Firefox (3.0.8)
MSN Music Assistant
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Multimedia Keyboard Driver
Napster Burn Engine
Nero BurnRights
Nero OEM
OpenSSL 0.9.8a
PowerDVD
Pure Networks Port Magic
QuickTime
RealPlayer
Realtek AC'97 Audio
Rhapsody Player Engine
Safari
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Sid Meier's Civilization 4
Skypeô 4.0
SoftV92 Data Fax Modem with SmartCP
Sonic Encoders
Sony Digital Voice Editor 3
Sony Player Plug-in for Windows Media Player
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Spyware Doctor 6.0
Switch Sound File Converter
Toolbar
TuneUp Utilities 2009
TweakNow PowerPack 2006 Professional
TweakNow PowerPack Professional
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VersionTracker Pro Windows
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar
WavePad Sound Editor
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 8
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinRAR archiver
Wubi
XviD MPEG-4 Video Codec
Yahoo! Browser Services
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Software Update
ZoneAlarm Security Suite

dilligaf
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-04-17
OS : XP

View user profile

Back to top Go down

Re: Win32Agent/ODG Virus ---- PLEASE HELP!!!!

Post by Belahzur on Sat Apr 18, 2009 4:54 pm

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If Limewire is not removed, then I won't help you.

You are also running two AV's, this is a bad idea as they can conflict and cause problems. I see Zonealarm and Nod32.
I would recommend that you remove Zonealarm to avoid conflict and other future problems.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

  • LimeWire PRO 4.18.8
  • Viewpoint Manager (Remove Only)
  • Viewpoint Media Player
  • Viewpoint Toolbar
  • ZoneAlarm Security Suite

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Win32Agent/ODG Virus ---- PLEASE HELP!!!!

Post by dilligaf on Sat Apr 18, 2009 5:08 pm

Okay, I've removed the following programs from my computer:

# LimeWire PRO 4.18.8
# Viewpoint Manager (Remove Only)
# Viewpoint Media Player
# Viewpoint Toolbar
# ZoneAlarm Security Suite

The computer has been running MUCH MUCH better since you've started helping me with it. When I ran a NOD32 scan last night, it showed two GoogleUpdater bugs that it quarantined. Other than that, things are running GREAT!!

Thank you so very much for your help with this!!!!

Are there any other steps I should follow next?

dilligaf
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-04-17
OS : XP

View user profile

Back to top Go down

Re: Win32Agent/ODG Virus ---- PLEASE HELP!!!!

Post by Belahzur on Sat Apr 18, 2009 5:16 pm

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Win32Agent/ODG Virus ---- PLEASE HELP!!!!

Post by dilligaf on Sat Apr 18, 2009 5:47 pm

Thank you VERY VERY MUCH for your help with this!!!!

I've already recommended your site to my friends & family!

For as much fun as this was to clean my computer like this, I hope there is never another reason for me to ask you for help! lol

dilligaf
Novice
Novice

Status :
Online
Offline

Posts : 15
Joined : 2009-04-17
OS : XP

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum