Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Need Help Fast Please!


  • This topic is locked This topic is locked
6 replies to this topic

#1 Twiztid

Twiztid

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 17 July 2007 - 11:14 AM

Ok here is my deal...I notice my Mozilla Firefox has been screwed up on various websites and everytime i go to google, search soemthing, then clikc the link I want...It takes 3 trys to get to that page (the other 2 goto other random websites). But my IE is working fine so far. I have also noticed....If I am on Mozilla and I go to any websites that deal with HiJackThis! it closes the browser right out. Same when i actually run the program...Then when I do a speedy scan and log and save log to desktop it saves it as hijackthis.txt and when i reopenm to look in it it closes out. Then i renamed it to soemthing like Lol and it opens fine. I did a free Bit Defeneder scan it it came up with these various trojans:

In C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5\adv754_ (4 other numbers after the "_")[1].exe says there is Trojan.Downloader.LoadAdv.B and there was a "Deletion Failed".
Then in C:\Program Files\Common Files\System\msnmsgr8.exe it had Backdoor.Irc.Sdbot.Aq and "Deletion failed".

Then it looked like registry keys that it showed some tojan that had been in various system restore files and it says they were deleted but then after it says "Update failed".

I have tried everythign I can to fix this carp** and I cant find anything...I have tried 5 system restored on 5 different dates, each one said it failed to restore...I tryed going into safe mode and that didnt work. So please help me. Here is a log I took earlier. I dont know if it would show anything.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:58 AM, on 7/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\System\msnmsgr8.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\uborghcb.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Teamspeak2_RC2\server_windows.exe
D:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://acidsot.no-ip.org/index2.php
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {53B5F2B1-94DD-43E5-8187-EB4E31F00701} - C:\WINDOWS\fmbqnmha.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Acrobat Reader 8\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Update] C:\Program Files\Common Files\System\msnmsgr8.exe
O4 - HKLM\..\Run: [vcfypcjo] rundll32.exe "C:\Program Files\vcfypcjo\nuvunsrq.dll",Init
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ares] "D:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [gf1.0.0.2] C:\WINDOWS\uborghcb.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\Party Poker\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Program Files\Party Poker\PartyPoker\RunApp.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload....Plugin10USA.cab
O22 - SharedTaskScheduler: za - {53B5F2B1-94DD-43E5-8187-EB4E31F00701} - C:\WINDOWS\fmbqnmha.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 6811 bytes



Please help me!!!

    Advertisements

Register to Remove


#2 Twiztid

Twiztid

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 17 July 2007 - 11:37 AM

So so far the list of trojans are: Torjan.Horse.AZT (in 3-4 different files) Trojan.Downloader.LoadAdv.B Trojan.Downloader.Agent.YBW Time 00:32:57 Files 219505 Folders 5769 Boot Sectors 3 Archives 2257 Packed Files 10021 Results Identified Viruses 4 Infected Files 7 Suspect Files 0 Warnings 0 Disinfected 0 Deleted Files 6 Engines Info Virus Definitions 672631 Engine build AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27) Scan plugins 14 Archive plugins 38 Unpack plugins 6 E-mail plugins 6 System plugins 1 Scan Settings First Action Disinfect Second Action Delete Heuristics Yes Enable Warnings Yes Scanned Extensions *; Exclude Extensions Scan Emails Yes Scan Archives Yes Scan Packed Yes Scan Files Yes Scan Boot Yes Scanned File Status C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5TNJIG0S\dgvbpyiwpm[1].htm Infected with: Trojan.Horse.AZT C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5TNJIG0S\dgvbpyiwpm[1].htm Disinfection failed C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5TNJIG0S\dgvbpyiwpm[1].htm Deleted C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5\4GG4FR6T\ehnktuy[1].htm Infected with: Trojan.Horse.AZT C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5\4GG4FR6T\ehnktuy[1].htm Disinfection failed C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5\4GG4FR6T\ehnktuy[1].htm Deleted C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5\4GG4FR6T\mbuvf[1].htm Infected with: Trojan.Horse.AZT C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5\4GG4FR6T\mbuvf[1].htm Disinfection failed C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5\4GG4FR6T\mbuvf[1].htm Deleted C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5\764KI5TG\adv759_42307[1].exe Infected with: Trojan.Downloader.LoadAdv.B C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5\764KI5TG\adv759_42307[1].exe Disinfection failed C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5\764KI5TG\adv759_42307[1].exe Deleted C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5\T5224M8B\fmohurblnx[1].txt Infected with: Trojan.Downloader.Agent.YBW C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5\T5224M8B\fmohurblnx[1].txt Disinfection failed C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5\T5224M8B\fmohurblnx[1].txt Deleted C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5\T5224M8B\ramfpczmsg[1].htm Infected with: Trojan.Horse.AZT C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5\T5224M8B\ramfpczmsg[1].htm Disinfection failed C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5\T5224M8B\ramfpczmsg[1].htm Deleted C:\Program Files\Common Files\System\msnmsgr8.exe Infected with: Backdoor.Irc.Sdbot.AQ C:\Program Files\Common Files\System\msnmsgr8.exe Disinfection failed C:\Program Files\Common Files\System\msnmsgr8.exe Delete failed

#3 Twiztid

Twiztid

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 17 July 2007 - 03:04 PM

Anyone?

#4 Twiztid

Twiztid

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 17 July 2007 - 06:07 PM

Can anybody help me?

#5 Twiztid

Twiztid

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 17 July 2007 - 08:56 PM

Any help would be awesome....I really don't want to re-format....

#6 Twiztid

Twiztid

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 18 July 2007 - 10:55 AM

Why wont anyone help me? I did another bit defneder scan and got these: C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5\4GG4FR6T\adv759_42307[1].exe Infected with: Trojan.Downloader.LoadAdv.B C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5\4GG4FR6T\adv759_42307[1].exe Disinfection failed C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5\4GG4FR6T\adv759_42307[1].exe Deleted C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5\4GG4FR6T\ehnktuy[1].htm Infected with: Trojan.Horse.AZT C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5\4GG4FR6T\ehnktuy[1].htm Disinfection failed C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5\4GG4FR6T\ehnktuy[1].htm Deleted C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5\CAKI7N67\dgvbpyiwpm[1].htm Infected with: Trojan.Horse.AZT C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5\CAKI7N67\dgvbpyiwpm[1].htm Disinfection failed C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5\CAKI7N67\dgvbpyiwpm[1].htm Deleted C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5\T5224M8B\fmohurblnx[1].txt Infected with: Trojan.Downloader.Agent.YBW C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5\T5224M8B\fmohurblnx[1].txt Disinfection failed C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5\T5224M8B\fmohurblnx[1].txt Deleted C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5\W0IBB7O9\mbuvf[1].htm Infected with: Trojan.Horse.AZT C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5\W0IBB7O9\mbuvf[1].htm Disinfection failed C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5\W0IBB7O9\mbuvf[1].htm Deleted C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5\W6DHFMWI\ramfpczmsg[1].htm Infected with: Trojan.Horse.AZT C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5\W6DHFMWI\ramfpczmsg[1].htm Disinfection failed C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5\W6DHFMWI\ramfpczmsg[1].htm Deleted C:\Program Files\Common Files\System\msnmsgr8.exe Infected with: Backdoor.Irc.Sdbot.AQ C:\Program Files\Common Files\System\msnmsgr8.exe Disinfection failed C:\Program Files\Common Files\System\msnmsgr8.exe Delete failed D:\System Volume Information\_restore{1C05E5C6-7635-47F4-952A-B6663AE9A86F}\RP329\A0114026.exe=>(CAB Sfx r)=>OPENSO~1.EXE Infected with: Backdoor.Irc.Sdbot.AQ D:\System Volume Information\_restore{1C05E5C6-7635-47F4-952A-B6663AE9A86F}\RP329\A0114026.exe=>(CAB Sfx r)=>OPENSO~1.EXE Disinfection failed D:\System Volume Information\_restore{1C05E5C6-7635-47F4-952A-B6663AE9A86F}\RP329\A0114026.exe=>(CAB Sfx r)=>OPENSO~1.EXE Deleted D:\System Volume Information\_restore{1C05E5C6-7635-47F4-952A-B6663AE9A86F}\RP329\A0114026.exe=>(CAB Sfx r) Update failed D:\System Volume Information\_restore{1C05E5C6-7635-47F4-952A-B6663AE9A86F}\RP329\A0114211.exe=>(RAR Sfx o)=>Ko-Le v1480.51 (tr)\Release\XPatch.exe Infected with: Trojan.Downloader.Agent.YIQ D:\System Volume Information\_restore{1C05E5C6-7635-47F4-952A-B6663AE9A86F}\RP329\A0114211.exe=>(RAR Sfx o)=>Ko-Le v1480.51 (tr)\Release\XPatch.exe Disinfection failed D:\System Volume Information\_restore{1C05E5C6-7635-47F4-952A-B6663AE9A86F}\RP329\A0114211.exe=>(RAR Sfx o)=>Ko-Le v1480.51 (tr)\Release\XPatch.exe Deleted D:\System Volume Information\_restore{1C05E5C6-7635-47F4-952A-B6663AE9A86F}\RP329\A0114211.exe=>(RAR Sfx o) Update failed D:\System Volume Information\_restore{1C05E5C6-7635-47F4-952A-B6663AE9A86F}\RP329\A0114212.exe=>(RAR Sfx o)=>Ko-Le v1480.51 (tr)\Release\XPatch.exe Infected with: Trojan.Downloader.Agent.YIQ D:\System Volume Information\_restore{1C05E5C6-7635-47F4-952A-B6663AE9A86F}\RP329\A0114212.exe=>(RAR Sfx o)=>Ko-Le v1480.51 (tr)\Release\XPatch.exe Disinfection failed D:\System Volume Information\_restore{1C05E5C6-7635-47F4-952A-B6663AE9A86F}\RP329\A0114212.exe=>(RAR Sfx o)=>Ko-Le v1480.51 (tr)\Release\XPatch.exe Deleted D:\System Volume Information\_restore{1C05E5C6-7635-47F4-952A-B6663AE9A86F}\RP329\A0114212.exe=>(RAR Sfx o) Update failed D:\System Volume Information\_restore{1C05E5C6-7635-47F4-952A-B6663AE9A86F}\RP329\A0114213.exe=>(RAR Sfx o)=>Ko-Le v1480.52 (tr)\Release\XPatch.exe Infected with: Trojan.Downloader.Agent.YIQ D:\System Volume Information\_restore{1C05E5C6-7635-47F4-952A-B6663AE9A86F}\RP329\A0114213.exe=>(RAR Sfx o)=>Ko-Le v1480.52 (tr)\Release\XPatch.exe Disinfection failed D:\System Volume Information\_restore{1C05E5C6-7635-47F4-952A-B6663AE9A86F}\RP329\A0114213.exe=>(RAR Sfx o)=>Ko-Le v1480.52 (tr)\Release\XPatch.exe Deleted D:\System Volume Information\_restore{1C05E5C6-7635-47F4-952A-B6663AE9A86F}\RP329\A0114213.exe=>(RAR Sfx o) Update failed

#7 Twiztid

Twiztid

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 18 July 2007 - 06:54 PM

Thanks....

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users