Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Hey, is this really you? Virus

  • 18-03-2008 11:45pm
    #1
    colm_mcm
    Registered Users, Registered Users 2 Posts: 73,523 ✭✭✭✭


    Sorry if this has been posted before, but anyhoo.

    I got a message from a friend on MSN saying

    Hey, is this really you? and a link to http://msn-images.atwebpages.com/image.php?=XXXXXXXX@hotmail.com

    Stupidly opened it and ran an exe file (dunno what I was thinking!)

    I googled the message and haven't found one with the exact text "
    Hey, is this really you?"

    Any ideas?


Comments

  • #2
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Hello

    Please download MsnCleaner.zip and Save it to your Desktop.
    • Unzip it to the Desktop.
    • Now reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit Enter.
    • Double-click MsnCleaner.exe to run it.
    • Click the Analyze button.
    • A report will be created once after you finish scan.
    • If it finds an infection, click the Deleted button.
    • Now, please reboot back to normal mode.
    • Please post the contents of C:\MsnCleaner.txt in a reply to this post



    Please download Deckard's System Scanner (DSS) and save it to your Desktop.
    • Close all other windows before proceeding.
    • Double-click on dss.exe and follow the prompts.
    • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
    • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


  • #3
    zilog_jones
    Registered Users, Registered Users 2 Posts: 6,638 ✭✭✭zilog_jones


    I got that too a while back. You need to check your HOSTS file (in C:\Windows\system32\drivers\etc) hasn't been changed - in my case it made loads of anti-virus websites redirect to localhost (i.e. nothing).

    Windows Defender noticed that and fixed it, and Avira AntiVir found the virus (unlike AVG which noticed feck all).


  • #4
    colm_mcm
    Registered Users, Registered Users 2 Posts: 73,523 ✭✭✭✭colm_mcm


    Forgot to mention, I'm using Vista.


  • #5
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Go ahead and run the tools I suggested


  • #6
    colm_mcm
    Registered Users, Registered Users 2 Posts: 73,523 ✭✭✭✭colm_mcm


    Deckard's System Scanner v20071014.68
    Run by Colm on 2008-03-30 19:55:55
    Computer is in Normal Mode.

    -- Last 5 Restore Point(s) --
    14: 2008-03-27 20:17:54 UTC - RP174 - Windows Update
    13: 2008-03-26 22:09:46 UTC - RP173 - Scheduled Checkpoint
    12: 2008-03-25 18:25:16 UTC - RP172 - Windows Update
    11: 2008-03-21 13:54:37 UTC - RP171 - Windows Update
    10: 2008-03-19 18:32:26 UTC - RP170 - Windows Update


    -- First Restore Point --
    1: 2008-03-03 08:16:53 UTC - RP161 - Windows Update


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis Clone


    Emulating logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2008-03-30 20:01:47
    Platform: Windows Vista (6.00.6000)
    MSIE: Internet Explorer (7.00.6000.16386)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\dwm.exe
    C:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe
    C:\Windows\System32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Napster\napster.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\Apoint2K\ApntEx.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\BitTorrent\bittorrent.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\System32\igfxsrvc.exe
    C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\OpenOffice.org 2.2\program\soffice.bin
    C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    C:\Program Files\Real\RealPlayer\realplay.exe
    C:\Windows\explorer.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Users\Colm Mc\Desktop\dss.exe
    C:\Windows\System32\conime.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_IE&c=73&bd=Pavilion&pf=laptop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
    O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [IS CfgWiz] "c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
    O4 - Global Startup: Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
    O9 - Extra button: (no name) - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
    O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
    O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
    O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
    O20 - AppInit_DLLs: APSHook.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\System32\drivers\XAudio.exe


    --
    End of file - 13301 bytes

    -- File Associations

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

    All drivers whitelisted.


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

    R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
    R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\program files\hp\quickplay\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>
    R2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\program files\hp\quickplay\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>

    S3 Com4Qlb - "c:\program files\hewlett-packard\hp quick launch buttons\com4qlb.exe" <Not Verified; Hewlett-Packard Development Company, L.P.; HP Quick Launch Buttons>


    -- Device Manager: Disabled

    No disabled devices found.


    -- Scheduled Tasks

    2008-03-29 23:48:28 432 --ah
    C:\Windows\Tasks\User_Feed_Synchronization-{C94FF756-BBED-48C0-BC06-B1EE9740DB1C}.job


    -- Files created between 2008-02-29 and 2008-03-30

    2008-03-27 00:37:52 0 d
    C:\MSNCleaner
    2008-03-19 00:01:32 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
    2008-03-19 00:01:22 0 d
    C:\Program Files\Windows Live
    2008-03-19 00:00:25 0 d
    C:\Users\All Users\WLInstaller


    -- Find3M Report

    2008-03-28 20:45:56 0 d
    C:\Users\Colm Mc\AppData\Roaming\Real
    2008-03-27 23:36:01 0 d
    C:\Users\Colm Mc\AppData\Roaming\OpenOffice.org2
    2008-03-25 22:26:42 836 --a
    C:\Windows\bthservsdp.dat
    2008-03-19 00:01:32 0 d
    C:\Program Files\Common Files
    2008-03-13 04:10:32 0 d
    C:\Program Files\Windows Mail


    -- Registry Dump

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [21/07/2007 18:55]
    "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [11/03/2007 12:21]
    "ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [10/01/2007 12:59]
    "IS CfgWiz"="c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" [13/01/2007 09:28]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [12/02/2007 15:37]
    "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [24/04/2007 02:11]
    "NapsterShell"="C:\Program Files\Napster\napster.exe" [13/01/2007 03:36]
    "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [13/02/2007 19:38]
    "HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [12/03/2007 19:54]
    "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [01/03/2007 21:18]
    "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [11/01/2007 00:12]
    "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [17/02/2005 07:11]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [29/05/2007 04:13]
    "CognizanceTS"="C:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [22/12/2003 19:12]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 19:51]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [29/06/2007 06:24]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [14/09/2007 10:00]
    "Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" []
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/01/2008 00:46]
    "IgfxTray"="C:\Windows\system32\igfxtray.exe" [02/01/2008 18:07]
    "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [02/01/2008 18:06]
    "Persistence"="C:\Windows\system32\igfxpers.exe" [02/01/2008 18:07]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [09/01/2008 19:45]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 13:35]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [20/06/2007 04:28]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [28/09/2007 02:17]
    "AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [01/03/2007 10:37]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
    "Launcher"=%WINDIR%\SMINST\launcher.exe

    C:\Users\Colm McM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [27/10/2006 04:24:54]
    OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [02/02/2007 17:54:56]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [20/12/2006 12:27:40]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"=2 (0x2)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSaveSettings"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=APSHook.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Notification Packages"= scecli ASWLNPkg

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @=&quot;Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @=&quot;Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @=&quot;Volume shadow copy"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @=&quot;IEEE 1394 Bus host controllers"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @=&quot;SBP2 IEEE 1394 Devices"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @=&quot;SecurityDevices"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
    bthsvcs BthServ
    Cognizance ASBroker ASChannel
    GPSvcGroup GPSvc

    *Newly Created Service* - COMHOST

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    C:\Windows\system32\unregmp2.exe /ShowWMP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



    -- End of Deckard's System Scanner: finished at 2008-03-30 20:04:38


  • Advertisement
  • #7
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Can you post the MsnCleaner report and the Extra.txt from DSS


  • #8
    colm_mcm
    Registered Users, Registered Users 2 Posts: 73,523 ✭✭✭✭colm_mcm


    The MSN Cleaner scan only took about 5 seconds, and it found no files.

    DSS didn't open Extra.txt - it also asked before the scan if I wanted to download Hijackthis. When I tried to, it said it couldn't download it. I went ahead with the scan anyway.

    Thanks for all the help by the way.


    EDIT: I just spotted an icon on my desktop that's not supposed to be there, it's definately related to this problem.
    icontb5.jpg

    proprttiesyo0.jpg

    It's an MS-DOS application and is to do with www.imageupload.com


    It appears to be the Bonjour virus:
    http://community.flexifoil.com/showthread.php?t=139591


  • #9
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Hello

    please reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    Once in Safe Mode, delete that file



    Reboot and do this

    Please do an online scan with Kaspersky WebScanner

    Click on Kaspersky Online Scanner and click Accept

    You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:
        Extended (if available otherwise Standard)
      • Scan Options:
        Scan Archives
        Scan Mail Bases

        [*]Click OK
        [*]Now under select a target to scan:
          Select
        My Computer

        [*]This will program will start and scan your system.
        [*]The scan will take a while so be patient and let it run.
        [*]Once the scan is complete it will display if your system has been infected.
        • Now click on the Save as Text button:
        [*]Save the file to your desktop.
        [*]Copy and paste that information in your next post.


      • #10
        colm_mcm
        Registered Users, Registered Users 2 Posts: 73,523 ✭✭✭✭colm_mcm


        Number of viruses found: 4
        Number of infected objects: 17
        Number of suspicious objects: 0
        Duration of the scan process: 02:38:44

        Infected Object Name / Virus Name / Last Action
        C:\boot\bcd Object is locked skipped
        C:\boot\BCD.LOG Object is locked skipped
        C:\Deckard\System Scanner\20080330205249\backup\Windows\temp\fwtsqmfile00.sqm Object is locked skipped
        C:\Deckard\System Scanner\20080330205249\backup\Windows\temp\fwtsqmfile01.sqm Object is locked skipped
        C:\Deckard\System Scanner\20080330205249\backup\Windows\temp\fwtsqmfile02.sqm Object is locked skipped
        C:\Deckard\System Scanner\20080330205249\backup\Windows\temp\fwtsqmfile03.sqm Object is locked skipped
        C:\Deckard\System Scanner\20080330205249\backup\Windows\temp\fwtsqmfile04.sqm Object is locked skipped
        C:\Deckard\System Scanner\20080330205249\backup\Windows\temp\fwtsqmfile05.sqm Object is locked skipped
        C:\Deckard\System Scanner\20080330205249\backup\Windows\temp\fwtsqmfile06.sqm Object is locked skipped
        C:\Deckard\System Scanner\20080330205249\backup\Windows\temp\fwtsqmfile07.sqm Object is locked skipped
        C:\Deckard\System Scanner\20080330205249\backup\Windows\temp\fwtsqmfile08.sqm Object is locked skipped
        C:\Deckard\System Scanner\20080330205249\backup\Windows\temp\fwtsqmfile09.sqm Object is locked skipped
        C:\Deckard\System Scanner\20080330205249\backup\Windows\temp\fwtsqmfile10.sqm Object is locked skipped
        C:\Deckard\System Scanner\20080330205249\backup\Windows\temp\fwtsqmfile11.sqm Object is locked skipped
        C:\Deckard\System Scanner\20080330205249\backup\Windows\temp\fwtsqmfile12.sqm Object is locked skipped
        C:\Deckard\System Scanner\20080330205249\backup\Windows\temp\fwtsqmfile13.sqm Object is locked skipped
        C:\Deckard\System Scanner\20080330205249\backup\Windows\temp\fwtsqmfile14.sqm Object is locked skipped
        C:\Deckard\System Scanner\20080330205249\backup\Windows\temp\fwtsqmfile15.sqm Object is locked skipped
        C:\Deckard\System Scanner\20080330205249\backup\Windows\temp\fwtsqmfile16.sqm Object is locked skipped
        C:\Deckard\System Scanner\20080330205249\backup\Windows\temp\fwtsqmfile17.sqm Object is locked skipped
        C:\Deckard\System Scanner\20080330205249\backup\Windows\temp\fwtsqmfile18.sqm Object is locked skipped
        C:\Deckard\System Scanner\20080330205249\backup\Windows\temp\fwtsqmfile19.sqm Object is locked skipped
        C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
        C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
        C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.ilg Object is locked skipped
        C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
        C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
        C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
        C:\ProgramData\CyberLink\TinyDB\EPGSignal Object is locked skipped
        C:\ProgramData\CyberLink\TinyDB\Schedule Object is locked skipped
        C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fed04567412448fe8b4df77134e310d6_b0303c72-244b-4603-9d65-02599190f11c Object is locked skipped
        C:\ProgramData\Symantec\Common Client\settings.bak Object is locked skipped
        C:\ProgramData\Symantec\Common Client\settings.dat Object is locked skipped
        C:\ProgramData\Symantec\LiveUpdate\2008-03-30_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
        C:\ProgramData\Symantec\SPBBC\BBConfig.log Object is locked skipped
        C:\ProgramData\Symantec\SPBBC\BBDebug.log Object is locked skipped
        C:\ProgramData\Symantec\SPBBC\BBDetect.log Object is locked skipped
        C:\ProgramData\Symantec\SPBBC\BBNotify.log Object is locked skipped
        C:\ProgramData\Symantec\SPBBC\BBRefr.log Object is locked skipped
        C:\ProgramData\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
        C:\ProgramData\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
        C:\ProgramData\Symantec\SPBBC\BBSetDev.log Object is locked skipped
        C:\ProgramData\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
        C:\ProgramData\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
        C:\ProgramData\Symantec\SPBBC\BBStHash.log Object is locked skipped
        C:\ProgramData\Symantec\SPBBC\BBValid.log Object is locked skipped
        C:\ProgramData\Symantec\SPBBC\SPPolicy.log Object is locked skipped
        C:\ProgramData\Symantec\SPBBC\SPStart.log Object is locked skipped
        C:\ProgramData\Symantec\SPBBC\SPStop.log Object is locked skipped
        C:\ProgramData\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
        C:\ProgramData\Symantec\SRTSP\SrtETmp\38B99EF6.TMP Object is locked skipped
        C:\ProgramData\Symantec\SRTSP\SrtETmp\42655E95.TMP Object is locked skipped
        C:\ProgramData\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
        C:\ProgramData\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
        C:\ProgramData\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
        C:\ProgramData\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
        C:\ProgramData\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
        C:\ProgramData\Symantec\SubEng\submissions.idx Object is locked skipped
        C:\System.sav\util\App.Evt Object is locked skipped
        C:\System.sav\util\Sec.Evt Object is locked skipped
        C:\System.sav\util\Sys.Evt Object is locked skipped
        C:\Users\Colm\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
        C:\Users\Colm\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
        C:\Users\Colm\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008033020080331\index.dat Object is locked skipped
        C:\Users\Colm\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
        C:\Users\Colm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
        C:\Users\Colm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQ3P100W\is152028[1].exe Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
        C:\Users\Colm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
        C:\Users\Colm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
        C:\Users\Colm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT Object is locked skipped
        C:\Users\Colm\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
        C:\Users\Colm\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
        C:\Users\Colm\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
        C:\Users\Colm\AppData\Local\Microsoft\Windows\UsrClass.dat{e54669ca-37ab-11dc-8a28-001a6b7419fe}.TM.blf Object is locked skipped
        C:\Users\Colm\AppData\Local\Microsoft\Windows\UsrClass.dat{e54669ca-37ab-11dc-8a28-001a6b7419fe}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
        C:\Users\Colm\AppData\Local\Microsoft\Windows\UsrClass.dat{e54669ca-37ab-11dc-8a28-001a6b7419fe}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
        C:\Users\Colm\AppData\Local\Microsoft\Windows Defender\FileTracker\{A64FD303-884D-4679-85A9-05FB54519881} Object is locked skipped
        C:\Users\Colm\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
        C:\Users\Colm\AppData\Local\Temp\ehmsas.txt Object is locked skipped
        C:\Users\Colm\AppData\Roaming\BitTorrent\bittorrent.log Object is locked skipped
        C:\Users\Colm\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
        C:\Users\Colm\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
        C:\Users\Colm\Music\Application Data\Identities\{CB85CB60-9EDA-11D5-9D79-B82028033039}\Microsoft\Outlook Express\Stored Recieved Messages.dbx/[From "xxxxx Comber" <xxxxxcomber@hotmail.com>][Date Sat, 4 Aug 2001 15:06:37 +0100]/UNNAMED/jkkkh.doc.pif Infected: Email-Worm.Win32.Sircam.c skipped
        C:\Users\Colm\Music\Application Data\Identities\{CB85CB60-9EDA-11D5-9D79-B82028033039}\Microsoft\Outlook Express\Stored Recieved Messages.dbx/[From "xxxxx Comber" <xxxxxcomber@hotmail.com>][Date Sat, 4 Aug 2001 15:06:37 +0100]/UNNAMED Infected: Email-Worm.Win32.Sircam.c skipped
        C:\Users\Colm\Music\Application Data\Identities\{CB85CB60-9EDA-11D5-9D79-B82028033039}\Microsoft\Outlook Express\Stored Recieved Messages.dbx Mail MS Outlook 5: infected - 2 skipped
        C:\Users\Colm\Music\Application Data\Identities\{CB85CB60-9EDA-11D5-9D79-B82028033039}\Microsoft\Outlook Express\Stored Sent Messages.dbx/[From "xxxxx Comber" <xxxxxcomber@xxxxx.com>][Date Sat, 16 Sep 2000 14:42:59 +0100]/UNNAMED/Lovely.exe Infected: not-virus:BadJoke.Win32.JepRuss skipped
        C:\Users\Colm\Music\Application Data\Identities\{CB85CB60-9EDA-11D5-9D79-B82028033039}\Microsoft\Outlook Express\Stored Sent Messages.dbx/[From "xxxxx Comber" <xxxxxcomber@xxxxx.com>][Date Sat, 16 Sep 2000 14:42:59 +0100]/UNNAMED Infected: not-virus:BadJoke.Win32.JepRuss skipped
        C:\Users\Colm\Music\Application Data\Identities\{CB85CB60-9EDA-11D5-9D79-B82028033039}\Microsoft\Outlook Express\Stored Sent Messages.dbx/[From "xxxxx Comber" <xxxxxcomber@xxxxx.com>][Date Sat, 16 Sep 2000 14:47:43 +0100]/UNNAMED/Lovely Infected: not-virus:BadJoke.Win32.JepRuss skipped
        C:\Users\Colm\Music\Application Data\Identities\{CB85CB60-9EDA-11D5-9D79-B82028033039}\Microsoft\Outlook Express\Stored Sent Messages.dbx/[From "xxxxx Comber" <xxxxxcomber@xxxxx.com>][Date Sat, 16 Sep 2000 14:47:43 +0100]/UNNAMED Infected: not-virus:BadJoke.Win32.JepRuss skipped
        C:\Users\Colm\Music\Application Data\Identities\{CB85CB60-9EDA-11D5-9D79-B82028033039}\Microsoft\Outlook Express\Stored Sent Messages.dbx Mail MS Outlook 5: infected - 4 skipped
        C:\Users\Colm\Music\Application Data\Identities\{F62DE8C2-DF71-11D5-9D79-0080C8F38678}\Microsoft\Outlook Express\Sent Items.dbx/[From "y Corbett" <y@xxxxx.com>][Date Mon, 10 Dec 2001 19:17:39 -0000]/UNNAMED/Fwd_/[From "oooo Hynes" <hhhhhh@hotmail.com>][Date Mon, 10 Dec 2001 14:13:21 +0000]/UNNAMED/[From Nicola Herridge [mailto:nicola.herridge@eptco.ie]][Date Mon, 10 Dec 2001 13:57:28 +0000]/Dice.exe Infected: not-virus:BadJoke.Win32.Anywork skipped
        C:\Users\Colm\Music\Application Data\Identities\{F62DE8C2-DF71-11D5-9D79-0080C8F38678}\Microsoft\Outlook Express\Sent Items.dbx/[From "y Corbett" <y@xxxxx.com>][Date Mon, 10 Dec 2001 19:17:39 -0000]/UNNAMED/Fwd_/[From "oooo Hynes" <hhhhhh@hotmail.com>][Date Mon, 10 Dec 2001 14:13:21 +0000]/UNNAMED Infected: not-virus:BadJoke.Win32.Anywork skipped
        C:\Users\Colm\Music\Application Data\Identities\{F62DE8C2-DF71-11D5-9D79-0080C8F38678}\Microsoft\Outlook Express\Sent Items.dbx/[From "y Corbett" <y@xxxxx.com>][Date Mon, 10 Dec 2001 19:17:39 -0000]/UNNAMED/Fwd_ Infected: not-virus:BadJoke.Win32.Anywork skipped
        C:\Users\Colm\Music\Application Data\Identities\{F62DE8C2-DF71-11D5-9D79-0080C8F38678}\Microsoft\Outlook Express\Sent Items.dbx/[From "y Corbett" <y@xxxxx.com>][Date Mon, 10 Dec 2001 19:17:39 -0000]/UNNAMED Infected: not-virus:BadJoke.Win32.Anywork skipped
        C:\Users\Colm\Music\Application Data\Identities\{F62DE8C2-DF71-11D5-9D79-0080C8F38678}\Microsoft\Outlook Express\Sent Items.dbx/[From "y Corbett" <y@xxxxx.com>][Date Wed, 12 Dec 2001 08:54:07 -0000]/UNNAMED/Fwd_/[From Nicola Herridge [mailto:nicola.herridge@eptco.ie]][Date Mon, 10 Dec 2001 13:57:28 +0000]/Dice.exe Infected: not-virus:BadJoke.Win32.Anywork skipped
        C:\Users\Colm\Music\Application Data\Identities\{F62DE8C2-DF71-11D5-9D79-0080C8F38678}\Microsoft\Outlook Express\Sent Items.dbx/[From "y Corbett" <y@xxxxx.com>][Date Wed, 12 Dec 2001 08:54:07 -0000]/UNNAMED/Fwd_ Infected: not-virus:BadJoke.Win32.Anywork skipped
        C:\Users\Colm\Music\Application Data\Identities\{F62DE8C2-DF71-11D5-9D79-0080C8F38678}\Microsoft\Outlook Express\Sent Items.dbx/[From "y Corbett" <y@xxxxx.com>][Date Wed, 12 Dec 2001 08:54:07 -0000]/UNNAMED Infected: not-virus:BadJoke.Win32.Anywork skipped
        C:\Users\Colm\Music\Application Data\Identities\{F62DE8C2-DF71-11D5-9D79-0080C8F38678}\Microsoft\Outlook Express\Sent Items.dbx Mail MS Outlook 5: infected - 7 skipped
        C:\Users\Colm\NTUSER.DAT Object is locked skipped
        C:\Users\Colm\ntuser.dat.LOG1 Object is locked skipped
        C:\Users\Colm\ntuser.dat.LOG2 Object is locked skipped
        C:\Users\Colm\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
        C:\Users\Colm\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
        C:\Users\Colm\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
        C:\Windows\bthservsdp.dat Object is locked skipped
        C:\Windows\Debug\PASSWD.LOG Object is locked skipped
        C:\Windows\Debug\sam.log Object is locked skipped
        C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
        C:\Windows\Logs\CBS\CBS.log Object is locked skipped
        C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped
        C:\Windows\Logs\DPX\setupact.log Object is locked skipped
        C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
        C:\Windows\MEMORY.DMP Object is locked skipped
        C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
        C:\Windows\panther\diagerr.xml Object is locked skipped
        C:\Windows\panther\diagwrn.xml Object is locked skipped
        C:\Windows\panther\setupact.log Object is locked skipped
        C:\Windows\panther\setuperr.log Object is locked skipped
        C:\Windows\panther\UnattendGC\diagerr.xml Object is locked skipped
        C:\Windows\panther\UnattendGC\diagwrn.xml Object is locked skipped
        C:\Windows\panther\UnattendGC\setupact.log Object is locked skipped
        C:\Windows\panther\UnattendGC\setuperr.log Object is locked skipped
        C:\Windows\security\database\secedit.sdb Object is locked skipped
        C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
        C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
        C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
        C:\Windows\System32\catroot2\edb.log Object is locked skipped
        C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
        C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
        C:\Windows\System32\config\COMPONENTS Object is locked skipped
        C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
        C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
        C:\Windows\System32\config\DEFAULT Object is locked skipped
        C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
        C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
        C:\Windows\System32\config\SAM Object is locked skipped
        C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
        C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
        C:\Windows\System32\config\SECURITY Object is locked skipped
        C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
        C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
        C:\Windows\System32\config\SOFTWARE Object is locked skipped
        C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
        C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
        C:\Windows\System32\config\SYSTEM Object is locked skipped
        C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
        C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
        C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
        C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
        C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
        C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
        C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
        C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
        C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
        C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
        C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
        C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
        C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
        C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
        C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
        C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked skipped
        C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked skipped
        C:\Windows\System32\sysprep\Panther\setupact.log Object is locked skipped
        C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked skipped
        C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
        C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped
        C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
        C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
        C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
        C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
        C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
        C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
        C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
        C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
        C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
        C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
        C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
        C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
        C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
        C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
        C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
        C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
        C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
        C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
        C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
        C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
        C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
        C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
        C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
        C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
        C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
        C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
        C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
        C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
        C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
        C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
        C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
        C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
        C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
        C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
        C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
        C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
        C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
        C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
        C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
        C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
        C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
        C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
        C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
        C:\Windows\System32\winevt\Logs\VeriSoft.evtx Object is locked skipped
        C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
        C:\Windows\WindowsUpdate.log Object is locked skipped
        C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped

        Scan process completed.



        Hope you don't mind, I blocked out email adresses from the post.


      • #11
        ActorSeeksJob
        Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


        Nope

        You got some emails that have malware in them, you will need to delete the ones that Kaspersky detected

        Then do this

        Please download ATF Cleaner by Atribune.
        This program is for XP and Windows 2000 only
          Double-click
        ATF-Cleaner.exe to run the program.
        Under Main choose: Select All
        Click the Empty Selected button.
        If you use Firefox browser
          Click
        Firefox at the top and choose: Select All
        Click the Empty Selected button.
        NOTE: If you would like to keep your saved passwords, please click No at the prompt.
        If you use Opera browser
          Click
        Opera at the top and choose: Select All
        Click the Empty Selected button.
        NOTE: If you would like to keep your saved passwords, please click No at the prompt.
        Click Exit on the Main menu to close the program.



        Reboot and tell me how your PC is running


      • Advertisement
      • #12
        amolfadnis
        Closed Accounts Posts: 1 amolfadnis


        Hi All,

        Visit www.bitdefender.com and run the online scan.

        It tries to disinfect and if it does not work, it deletes the file.

        Try and revert.

        Amol


      • #13
        colm_mcm
        Registered Users, Registered Users 2 Posts: 73,523 ✭✭✭✭colm_mcm


        Deleted files, running Kaspersky again.


      • #14
        ActorSeeksJob
        Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


        Your logs are clean ! We need to do a few things

        You can delete the tools that we used


        Now we need to create a new System Restore point.

        Click Start Menu > Run > type (or copy and paste)

        %SystemRoot%\System32\restore\rstrui.exe

        Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

        Next goto Start Menu > Run > type

        cleanmgr

        Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

        To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.



        You now need to update your Java and remove your older versions.

        Please follow these steps to remove older version Java components.

        * Click Start > Control Panel.
        * Click Add/Remove Programs.
        * Check any item with Java Runtime Environment (JRE) in the name.
        * Click the Remove or Change/Remove button.

        Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
        here



        Below I have included a number of recommendations for how to protect your computer against malware infections.

        * Keep Windows updated by regularly checking their website at :
        http://windowsupdate.microsoft.com/
        This will ensure your computer has always the latest security updates available installed on your computer.

        * To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
        SpywareBlaster protects against bad ActiveX
        IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
        Have a look at this tutorial for IE-Spyad here

        * SpywareGuard offers realtime protection from spyware installation attempts.

        Make Internet Explorer more secure
        • Click Start > Run
        • Type Inetcpl.cpl & click OK
        • Click on the Security tab
        • Click Reset all zones to default level
        • Make sure the Internet Zone is selected & Click Custom level
        • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
        • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

        * MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

        * Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
        secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
        blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
        Here

        * Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
        Here

        Thank you for your patience, and performing all of the procedures requested.


      • #15
        colm_mcm
        Registered Users, Registered Users 2 Posts: 73,523 ✭✭✭✭colm_mcm


        I don't think Vista has a "Run" like XP has


      • #16
        aidan_walsh
        Closed Accounts Posts: 17,208 ✭✭✭✭aidan_walsh


        Not using the default Start Menu type. You should be able to type the command into the Start Menu search pane and that will display it above.


      • #17
        ActorSeeksJob
        Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


        Yeah your right, forgot you were on Vista

        Follow Aidans advice there. We just need to clean out your old System Restore points and make a new one


      • #18
        zilog_jones
        Registered Users, Registered Users 2 Posts: 6,638 ✭✭✭zilog_jones


        IIRC, windows key+R still directs you to Run in Vista.

        I was also surprised to see Ctrl+Alt+Del then Alt+T does the same thing despite not looking like it would :)


      • #19
        colm_mcm
        Registered Users, Registered Users 2 Posts: 73,523 ✭✭✭✭colm_mcm


        windows cannot find %SystemRoot%\System32\restore\rstrui.exe


      • #20
        ActorSeeksJob
        Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


        Yes sorry about that, forgot you were on Vista

        You need to flush your old system restore points and make a new one. If you don't know how, follow this link

        http://bertk.mvps.org/html/createrpv.html


      • #21
        colm_mcm
        Registered Users, Registered Users 2 Posts: 73,523 ✭✭✭✭colm_mcm


        That's all done, thanks to everyone for guiding me it, especially ActorSeeksJob.


      • Advertisement
      Advertisement