Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91867 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

please help me please.... :(


  • This topic is locked This topic is locked
34 replies to this topic

#1 medically tekki

medically tekki

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 23 February 2007 - 12:53 PM

i got a worm.solow.a and a worm.solow.b,,,, i cant really remove this one its so tough ive been using many worm removals but still it doesnt work.... it keeps on coming back and for that i cant open all my three hard drives directly.... please help me please...will hijackthis can fix it,,,? please help me...thanks so much guys and more power.....

    Advertisements

Register to Remove


#2 medically tekki

medically tekki

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 25 February 2007 - 10:10 AM

i got a worm.solow.a and a worm.solow.b,,,, i cant really remove this one its so tough ive been using many worm removals but still it doesnt work.... it keeps on coming back and for that i cant open all my three hard drives directly.... please help me please...will hijackthis can fix it,,,? please help me...thanks so much guys and more power.....

#3 IndiGenus

IndiGenus

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,251 posts
  • Interests:Computer Security, Music, Sports

Posted 26 February 2007 - 10:06 AM

Hi medically tekki,

Welcome back to the forums. I have merged the 2 new topics that you just started. Please only start one new topic for a new issue by using the Add Reply button on the lower right hand side of your screen.

We need to have you run HijackThis and provide us with a log so we can identify any malware on your computer.

Download a copy of HJTsetup.exe from Here and save it to your Desktop.
Double click HJTsetup.exe to begin installation.*By default it will install to C:\Program Files\HijackThis.
*Continue to click Next in the setup dialog boxes until you get to the Select Addition Tasks dialog.
*Put a check by Create a desktop icon then click Next again.
*Continue to follow the prompts from there.
*When HJT opens, click on the Do a system scan and save a log file button.
*When HJT has finished scanning, a window entitled "hijackthis.log" will open - when you close this window the log will be saved into the hijackthis folder.
Copy and paste this log into your reply by using the Add Reply button on the lower right hand side of the screen.
IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

Logs will be closed if you haven't replied within 5 days



Proud Graduate of TC/WTT Classroom



"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi


#4 medically tekki

medically tekki

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 26 February 2007 - 01:31 PM

good day sir,, sorry bout that i just can help myself this worm is killing me.....

heres the logfile sir,,, now the virus seems to affect my email i cant open my own email address....
hope you could help me sir please am begging u sir.... thanx alot sir....


Logfile of HijackThis v1.99.1
Scan saved at 3:24:45 AM, on 2/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
E:\Installers\hijackthis latest version 2\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = TAGA LIPA ARE!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\ISPx Web Accelerator\components\NOWImaging.dll (file missing)
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [FS6519] C:\WINDOWS\FS6519.dll.vbs
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

#5 IndiGenus

IndiGenus

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,251 posts
  • Interests:Computer Security, Music, Sports

Posted 26 February 2007 - 01:44 PM

Hello medically tekki,

We need to make sure all hidden files are showing so please:
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
Please reverse this process once the fix is complete.

------------------------------------------------------------

Run HijackThis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on this:

O4 - HKLM\..\Run: [FS6519] C:\WINDOWS\FS6519.dll.vbs

Then close all windows except this one and press Fix checked.

Using Windows Explorer please delete the following file:

C:\WINDOWS\FS6519.dll.vbs<--File

-------------------------------------------------------------

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main select the following:
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

It's normal after running ATF cleaner that the PC will be slower to boot the first time.

-------------------------------------------------------------

Now reboot if you haven't already done so.

Using Internet Explorer, click on Kaspersky Online Scanner * You will be prompted to install an ActiveX component from Kaspersky, Click 'Yes'.
* The program will launch and then start to download the latest definition files.
* Once the scanner is installed and the definitions downloaded, click 'Next'.
* Now click on 'Scan Settings'
* In the scan settings make sure that the following are selected:
o Scan using the following Anti-Virus database: 'Extended' (If available, otherwise 'Standard')
o Scan Options: 'Scan Archives' and 'Scan Mail Bases'
* Click 'OK'
* Now under 'Select a target to scan' select 'My Computer'
* The scan will take a while, so be patient and let it run. Once the scan is complete, it will display whether your system has been infected.
* Now click on the 'Save as Text' button:
* Save the file to your desktop.
Please post the Kaspersky report and a new HijackThis log.

Regards,
Dave
IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

Logs will be closed if you haven't replied within 5 days



Proud Graduate of TC/WTT Classroom



"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi


#6 medically tekki

medically tekki

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 27 February 2007 - 02:27 PM

good day sir,,

i have deleted the O4 - HKLM\..\Run: [FS6519] C:\WINDOWS\FS6519.dll.vbs;

but i cant find the C:\WINDOWS\FS6519.dll.vbs<--File on the windows explorer;

the ATF (Atribune Temp File) Cleaner© by Atribune was done;

but the Kaspersky Online Scanner is not working well with my pc at the 15-20% of scanning it suddenly stops or the internet explorer occured a problem,, can i use this in firefor instead...

i can now open my mail sir.. thanks for that alot....

but still i cant open the hard drives yet....

this is my latest hijacklog file...

Logfile of HijackThis v1.99.1
Scan saved at 4:18:46 AM, on 2/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Installers\hijackthis latest version 2\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = TAGA LIPA ARE!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\ISPx Web Accelerator\components\NOWImaging.dll (file missing)
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

hope we can fix it sir.... huhhu

thanks for the help sir...

#7 IndiGenus

IndiGenus

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,251 posts
  • Interests:Computer Security, Music, Sports

Posted 27 February 2007 - 02:44 PM

We can have you try the Trend Micro scan. It should work with IE or Firefox.

TrendMicro™ HouseCall Java Scan
  • Please go HERE to run the Trend Micro™ HouseCall Scan.
  • Click Scan now. It's free!
  • Read and put a Check next to Yes I accept the terms of use.
  • Click the Launching HouseCall>> button.
  • If confirmed that HouseCall can run on your system, under Using Java-based HouseCall kernel click the Starting HouseCall>> button.
  • You may receive a Security Warning about the TrendMicro Java applet, click YES.
  • Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
  • Please be patient while it installs, updates, and scans your system.
  • Once the scan is complete, it will take you to the summary page.
  • Under Cleanup options, choose clean all detected infections automatically.
  • Click the Clean now>> button.
  • If anything was found you may be prompted to run the scan again, you can just close the browser window.

but still i cant open the hard drives yet....

When you say you can't open them, what do you mean? Do you get some kind of error? Can you not see them? Please give me some detail as to what is going on.

Dave
IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

Logs will be closed if you haven't replied within 5 days



Proud Graduate of TC/WTT Classroom



"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi


#8 medically tekki

medically tekki

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 28 February 2007 - 02:12 PM

hi sir,,,,, just finished the trend micro scanning .............. removed some malware.... when i go directly to my computer and i will open up my three hard drives by clicking it,,, an error message will pop up saying "WINDOWS SCRIPT HOST... CAN NOT FIND SCRIPT FILE C:\FS6519.dll.vbs..... and i guese this the virus it self,, huhuuhu what will i do please help me,, but on the trend micro scanning it doesnt detect any worm solow... thanks sir for helping out i hope this will be solved am slowly losing hope...

#9 IndiGenus

IndiGenus

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,251 posts
  • Interests:Computer Security, Music, Sports

Posted 28 February 2007 - 02:34 PM

Are those removable drives? (ie. USB, ect...)

It definitely sounds as though they are infected. Let's try this and see what we find:

Please download this tool > System Repair Engineer

1. Extract it to it's own folder & double click SREng.exe to run it
2. Select 'Smart Scan' & tick "Verify the digital signature of process modules"
3. Click on the [Scan] button
4. When finished, click on the [Save Reports] button & save the log to Desktop
5. Post the log in your next reply. You may have to use more than one post so they don't get cut off.

Edited by IndiGenus, 28 February 2007 - 02:35 PM.

IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

Logs will be closed if you haven't replied within 5 days



Proud Graduate of TC/WTT Classroom



"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi


#10 medically tekki

medically tekki

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 01 March 2007 - 02:30 PM

good day sir,,,

no.. those are my hard drives..... drives c;d and e....

this is the log sir....

[code=auto:0]

2007-03-02,04:22:24

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Yahoo! Pager><; "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet> [(Verified)Yahoo! Inc.]
<MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Corporation]
<PcSync><; C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog> [Time Information Services Ltd.]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<DataLayer><C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe> [Nokia Mobile Phones Ltd.]
<PCSuiteTrayApplication><C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray> [Nokia]
<AVG7_CC><; C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP> [GRISOFT, s.r.o.]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<nwiz><nwiz.exe /install> [N/A]
<NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [NVIDIA Corporation]
<!AVG Anti-Spyware><; "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized> [Anti-Malware Development a.s.]
<DownloadAccelerator><; "C:\Program Files\DAP\DAP.EXE" /STARTUP> [Speedbit Ltd.]
<SunJavaUpdateSched><; "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"> [Sun Microsystems, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><LogonUI.EXE> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll> [Anti-Malware Development a.s.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<0aMCPClient><> [N/A]

    Advertisements

Register to Remove


#11 medically tekki

medically tekki

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 01 March 2007 - 02:31 PM

================================== Startup Folders [Microsoft Office] <C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [Microsoft Corporation]><N> ================================== Services [AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start] <C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><Anti-Malware Development a.s.> [AVG7 Alert Manager Server / Avg7Alrt][Running/Auto Start] <C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe><GRISOFT, s.r.o.> [AVG7 Update Service / Avg7UpdSvc][Running/Auto Start] <C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe><GRISOFT, s.r.o.> [AVG E-mail Scanner / AVGEMS][Running/Auto Start] <C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe><GRISOFT, s.r.o.> [EPSON Printer Status Agent2 / EPSONStatusAgent2][Running/Auto Start] <C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe><SEIKO EPSON CORPORATION> [Human Interface Device Access / HidServ][Stopped/Disabled] <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A> [NVIDIA Display Driver Service / NVSvc][Running/Auto Start] <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation> ================================== Drivers [Intel® 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start] <system32\drivers\ac97intc.sys><Intel Corporation> [AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start] <\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A> [AVG7 Kernel / Avg7Core][Running/System Start] <\SystemRoot\System32\Drivers\avg7core.sys><GRISOFT, s.r.o.> [AVG7 Wrap Driver / Avg7RsW][Running/System Start] <\SystemRoot\System32\Drivers\avg7rsw.sys><GRISOFT, s.r.o.> [AVG7 Resident Driver XP / Avg7RsXP][Running/System Start] <\SystemRoot\System32\Drivers\avg7rsxp.sys><GRISOFT, s.r.o.> [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start] <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.> [AVG7 Clean Driver / AvgClean][Running/System Start] <\SystemRoot\System32\Drivers\avgclean.sys><GRISOFT, s.r.o.> [AVG Network Redirector / AvgTdi][Running/Auto Start] <\SystemRoot\System32\Drivers\avgtdi.sys><GRISOFT, s.r.o.> [basic2 / basic2][Stopped/Manual Start] <system32\DRIVERS\basic2.sys><Conexant> [D-Link DFE-528TX PCI Adapter / DFE528TX][Running/Manual Start] <system32\DRIVERS\DLKRTL.SYS><D-Link Corporation> [Fallback / Fallback][Running/Auto Start] <system32\DRIVERS\fallback.sys><Conexant> [Fsks / Fsks][Running/Auto Start] <system32\DRIVERS\fsksnt.sys><Conexant> [IdeBusDr / IdeBusDr][Running/Boot Start] <\SystemRoot\system32\DRIVERS\IdeBusDr.sys><Intel Corporation> [Intel® Ultra ATA Controller / IdeChnDr][Running/Boot Start] <\SystemRoot\system32\DRIVERS\IdeChnDr.sys><Intel Corporation> [K56 / K56][Running/Auto Start] <system32\DRIVERS\k56nt.sys><Conexant> [Nokia USB Generic / Nokia USB Generic][Stopped/Manual Start] <system32\drivers\nmwcdc.sys><Nokia> [Nokia USB Modem / Nokia USB Modem][Stopped/Manual Start] <system32\drivers\nmwcdcm.sys><Nokia> [Nokia USB Phone Parent / Nokia USB Phone Parent][Stopped/Manual Start] <system32\drivers\nmwcd.sys><Nokia> [nv / nv][Running/Manual Start] <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation> [Direct Parallel Link Driver / Ptilink][Running/Manual Start] <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.> [PxHelp20 / PxHelp20][Running/Boot Start] <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions> [Rksample / Rksample][Stopped/Manual Start] <system32\DRIVERS\rksample.sys><Conexant> [Secdrv / Secdrv][Stopped/Manual Start] <System32\DRIVERS\secdrv.sys><N/A> [SoftFax / SoftFax][Running/Auto Start] <system32\DRIVERS\faxnt.sys><Conexant> [tmcomm / tmcomm][Running/Auto Start] <\??\C:\WINDOWS\system32\drivers\tmcomm.sys><Trend Micro Inc.> [Tones / Tones][Running/Auto Start] <system32\DRIVERS\tonesnt.sys><Conexant> [V124 / V124][Running/Auto Start] <system32\DRIVERS\v124nt.sys><Conexant> ================================== Browser Add-ons [AcroIEHlprObj Class] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx, > [Yahoo! IE Services Button] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} <C:\Program Files\Yahoo!\Common\yiesrvc.dll, Yahoo! Inc.> [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, Sun Microsystems, Inc.> [NOW!Imaging] {9AA2F14F-E956-44B8-8694-A5B615CDF341} <C:\Program Files\ISPx Web Accelerator\components\NOWImaging.dll, N/A> [Java Plug-in 1.5.0_10] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, Sun Microsystems, Inc.> [Yahoo! IE Services Button] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} <C:\Program Files\Yahoo!\Common\yiesrvc.dll, Yahoo! Inc.> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation> [CKAVWebScan Object] {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab> [Java Plug-in 1.5.0_10] {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, Sun Microsystems, Inc.> [Java Plug-in 1.5.0_10] {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, Sun Microsystems, Inc.> [Java Plug-in 1.5.0_10] {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll, Sun Microsystems, Inc.> [AcroIEHlprObj Class] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx, > [Web Browser Applet Control] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\System32\msjava.dll, Microsoft Corporation> [CKAVWebScan Object] {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab> [Yahoo! IE Services Button] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} <C:\Program Files\Yahoo!\Common\yiesrvc.dll, Yahoo! Inc.> [CKAVReportCtrl Object] {6117669B-8C2D-41FA-A6D9-9E484B999CF0} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab> [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, Sun Microsystems, Inc.> [NOW!Imaging] {9AA2F14F-E956-44B8-8694-A5B615CDF341} <C:\Program Files\ISPx Web Accelerator\components\NOWImaging.dll, N/A> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.> [MessengerChecker Class] {DA4F543C-C8A9-4E88-9A79-548CBB46F18F} <C:\Program Files\Yahoo!\Messenger\YPagerChecker.dll, Yahoo! Inc.> [&Clean Traces] <C:\Program Files\DAP\Privacy Package\dapcleanerie.htm, N/A> [&Download with &DAP] <C:\Program Files\DAP\dapextie.htm, N/A> [&Yahoo! Search] <file:///C:\Program Files\Yahoo!\Common/ycsrch.htm, N/A> [Download &all with DAP] <C:\Program Files\DAP\dapextie2.htm, N/A> [E&xport to Microsoft Excel] <res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A> [Yahoo! &Dictionary] <file:///C:\Program Files\Yahoo!\Common/ycdict.htm, N/A> [Yahoo! &Maps] <file:///C:\Program Files\Yahoo!\Common/ycmap.htm, N/A> [Yahoo! &SMS] <file:///C:\Program Files\Yahoo!\Common/ycsms.htm, N/A>

#12 medically tekki

medically tekki

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 01 March 2007 - 02:32 PM

================================== Running Processes [PID: 436][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 496][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 520][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 564][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 576][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 728][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 792][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 856][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 948][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1052][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1188][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\EBPMON2.DLL] [SEIKO EPSON CORPORATION, 2, 20, 0, 0] [C:\WINDOWS\system32\pdfports.dll] [Adobe Systems Incorporated., 5.0.000] [C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll] [N/A, N/A] [PID: 1392][C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe] [Anti-Malware Development a.s., 7, 5, 0, 47] [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll] [Anti-Malware Development a.s., 4, 2, 0, 15] [PID: 1408][C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe] [GRISOFT, s.r.o., 7.5.0.445] [C:\PROGRA~1\Grisoft\AVGFRE~1\avgklib.dll] [GRISOFT, s.r.o., 7.5.0.434] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\PROGRA~1\Grisoft\AVGFRE~1\avglog.dll] [GRISOFT, s.r.o., 7.5.0.429] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Grisoft\AVG Free\avgcfg.dll] [GRISOFT, s.r.o., 7.5.0.442] [C:\Program Files\Grisoft\AVG Free\avglng.dll] [GRISOFT, s.r.o., 7.5.0.429] [PID: 1444][C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe] [GRISOFT, s.r.o., 7.5.0.420] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1472][C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe] [GRISOFT, s.r.o., 7.5.0.442] [C:\PROGRA~1\Grisoft\AVGFRE~1\libsasl.dll] [GRISOFT, s.r.o., 7.5.0.407] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Grisoft\AVG Free\avgcfg.dll] [GRISOFT, s.r.o., 7.5.0.442] [C:\Program Files\Grisoft\AVG Free\avgklib.dll] [GRISOFT, s.r.o., 7.5.0.434] [C:\PROGRA~1\Grisoft\AVGFRE~1\avglog.dll] [GRISOFT, s.r.o., 7.5.0.429] [C:\Program Files\Grisoft\AVG Free\avglng.dll] [GRISOFT, s.r.o., 7.5.0.429] [C:\Program Files\Grisoft\AVG Free\avgscan.dll] [GRISOFT, s.r.o., 7.5.0.442] [C:\Program Files\Grisoft\AVG Free\avgunarc.dll] [GRISOFT, s.r.o., 7.5.0.443] [C:\PROGRA~1\Grisoft\AVGFRE~1\sasllogin.dll] [GRISOFT, s.r.o., 7.5.0.407] [C:\PROGRA~1\Grisoft\AVGFRE~1\saslplain.dll] [GRISOFT, s.r.o., 7.5.0.407] [C:\PROGRA~1\Grisoft\AVGFRE~1\saslcrammd5.dll] [GRISOFT, s.r.o., 7.5.0.407] [C:\PROGRA~1\Grisoft\AVGFRE~1\sasldigestmd5.dll] [GRISOFT, s.r.o., 7.5.0.407] [C:\Program Files\Grisoft\AVG Free\avgmail.dll] [GRISOFT, s.r.o., 7.5.0.429] [PID: 1492][C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe] [SEIKO EPSON CORPORATION, 2, 2, 0, 0] [C:\WINDOWS\system32\EBAPI2.DLL] [SEIKO EPSON CORPORATION, 1, 4, 0, 0] [C:\Program Files\Common Files\EPSON\EBAPI\EBPLPT.DLL] [SEIKO EPSON CORPORATION, 2, 20, 0, 0] [PID: 1588][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.9371] [C:\WINDOWS\system32\nvapi.dll] [N/A, N/A] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 124][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 996][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\nview.dll] [N/A, N/A] [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll] [Anti-Malware Development a.s., 7, 5, 0, 47] [C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx] [, 1, 0, 0, 1] [C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll] [Sun Microsystems, Inc., 5.0.100.3] [C:\WINDOWS\system32\nvwddi.dll] [NVIDIA Corporation, 6.14.10.9371] [PID: 1284][C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe] [Nokia Mobile Phones Ltd., 6, 60, 109, 2] [C:\Program Files\Common Files\PCSuite\DataLayer\Lang\DataLayer_eng.nlr] [Nokia, 6, 60, 8, 0] [c:\WINDOWS\system32\msxml4.dll] [Microsoft Corporation, 4.20.9818.0] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\nview.dll] [N/A, N/A] [PID: 1316][C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe] [Nokia, 6, 60, 25, 5] [C:\WINDOWS\system32\ConnAPI.DLL] [Nokia., 6, 60, 21, 1] [C:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll] [Nokia, 6, 60, 45, 3] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Common Files\PCSuite\ConfServer\ConfServer.dll] [Nokia, 6, 60, 9, 1] [c:\WINDOWS\system32\msxml4.dll] [Microsoft Corporation, 4.20.9818.0] [C:\Program Files\Nokia\Nokia PC Suite 6\Lang\LaunchApplication_eng.NLR] [Nokia, 6, 60, 14, 0] [C:\WINDOWS\system32\nview.dll] [N/A, N/A] [PID: 1880][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\nview.dll] [N/A, N/A] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\nvwddi.dll] [NVIDIA Corporation, 6.14.10.9371] [C:\WINDOWS\system32\nvapi.dll] [N/A, N/A] [C:\WINDOWS\system32\nvshell.dll] [N/A, N/A] [PID: 2004][C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE] [Nokia., 6, 60, 33, 1] [C:\WINDOWS\system32\NclTools.dll] [Nokia., 6, 60, 11, 0] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Common Files\PCSuite\Transports\NCLIrDAMM.dll] [Nokia Corp., 6, 60, 17, 0] [C:\Program Files\Common Files\PCSuite\Transports\NclMSBTMM.dll] [Nokia., 6, 60, 26, 1] [C:\Program Files\Common Files\PCSuite\Transports\NCLRSMM.dll] [Nokia, 6, 60, 25, 1] [C:\Program Files\Common Files\PCSuite\Transports\NCLUSBMM.dll] [Nokia, 6, 60, 26, 0] [C:\WINDOWS\system32\nview.dll] [N/A, N/A] [PID: 1656][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\nview.dll] [N/A, N/A] [PID: 2868][C:\Program Files\Mozilla Firefox\firefox.exe] [Mozilla Corporation, 1.8.0.10: 2007021601] [C:\Program Files\Mozilla Firefox\js3250.dll] [Netscape Communications Corporation, 4.0] [C:\Program Files\Mozilla Firefox\nspr4.dll] [Netscape Communications Corporation, 4.6.5] [C:\Program Files\Mozilla Firefox\xpcom_core.dll] [Mozilla Foundation, 1.8.0.10: 2007021601] [C:\Program Files\Mozilla Firefox\plc4.dll] [Netscape Communications Corporation, 4.6.5] [C:\Program Files\Mozilla Firefox\plds4.dll] [Netscape Communications Corporation, 4.6.5] [C:\Program Files\Mozilla Firefox\smime3.dll] [Mozilla Foundation, 3.11.5] [C:\Program Files\Mozilla Firefox\nss3.dll] [Mozilla Foundation, 3.11.5] [C:\Program Files\Mozilla Firefox\softokn3.dll] [Mozilla Foundation, 3.11.4] [C:\Program Files\Mozilla Firefox\ssl3.dll] [Mozilla Foundation, 3.11.5] [C:\Program Files\Mozilla Firefox\xpcom_compat.dll] [Mozilla Foundation, 1.8.0.10: 2007021601] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\nview.dll] [N/A, N/A] [C:\Program Files\Mozilla Firefox\components\jar50.dll] [Mozilla Foundation, 1.8.0.10: 2007021601] [C:\Program Files\Mozilla Firefox\extensions\{41697025-CA0B-4687-99DE-ABC82C5A630B}\components\NOWImaging_Moz.dll] [N/A, N/A] [C:\WINDOWS\system32\sliprt.dll] [SlipStream Data Inc., 5.1.0] [C:\Program Files\Mozilla Firefox\freebl3.dll] [Mozilla Foundation, 3.11.4] [C:\Program Files\Mozilla Firefox\nssckbi.dll] [Mozilla Foundation, 1.62] [C:\Program Files\DAP\DAPFireFox\components\DAPFireFox.dll] [Speedbit Ltd., 8, 0, 6, 8] [C:\Program Files\Mozilla Firefox\xpcom.dll] [Mozilla Foundation, 1.8.0.10: 2007021601] [C:\WINDOWS\system32\nvwddi.dll] [NVIDIA Corporation, 6.14.10.9371] [C:\Program Files\Yahoo!\Shared\npYState.dll] [Yahoo! Inc., 1, 0, 0, 5] [PID: 2152][C:\Documents and Settings\SALAZAR\Desktop\sreng2\SREng.EXE] [Smallfrogs Studio, 2.3.13.690] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\nview.dll] [N/A, N/A] [C:\WINDOWS\system32\nvwddi.dll] [NVIDIA Corporation, 6.14.10.9371] ================================== File Associations .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock Provider N/A ================================== Autorun.Inf [C:\] ˙ž[ [E:\] ˙ž[ ================================== HOSTS File localhost 127.0.0.1 ================================== API HOOK N/A ================================== [/CODE] hope we can really fix this worm sir thanks alot sir...

#13 IndiGenus

IndiGenus

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,251 posts
  • Interests:Computer Security, Music, Sports

Posted 01 March 2007 - 02:43 PM

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
  • Back at the main window, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

Logs will be closed if you haven't replied within 5 days



Proud Graduate of TC/WTT Classroom



"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi


#14 medically tekki

medically tekki

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 02 March 2007 - 03:13 PM

hi sir... i cant have my computer scan on all the hard drives simultaneously.... i keeps on hanging,, tried it for 5 times... what i did was i scan all my three hard drives separately,,,, and no virus was either found... also i cant click on the button your referring to for the logfile... is there anymore chance for this worm ? thanks for helping me out sir,,, i hope we can find solution for this.. thanks...

#15 IndiGenus

IndiGenus

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,251 posts
  • Interests:Computer Security, Music, Sports

Posted 02 March 2007 - 04:29 PM

Please download FixWareout from one of these sites:
http://downloads.sub.../Fixwareout.exe
http://www.bleepingc.../Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads please post the text that will open (report.txt) and a new HijackThis log.

Now lets check some settings on your system.
(2000/XP) Only
In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically
Press OK twice to get out of the properties screen and reboot if it asks.
That option might not be avaiable on some systems
Next Go start run type cmd and hit OK
type
ipconfig /flushdns
then hit enter, type exit hit enter
(that space between g and / is needed)
IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

Logs will be closed if you haven't replied within 5 days



Proud Graduate of TC/WTT Classroom



"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users