Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93105 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Please Help! Dns Changer!


  • Please log in to reply
1 reply to this topic

#1 griffin

griffin

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 06 September 2007 - 07:03 PM

Hi, I have a virus named Zlob.dnschanger on my computer. Spybot cannot delete it. I also have some other viruses that showed up on avg called winbo32.exe. I have read these forums trying to figure out what I should do but I have had no luck. This is my hijackthis file :


Logfile of HijackThis v1.99.1
Scan saved at 7:59:37 PM, on 9/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\windows\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\McAfee\MSC\mcregist.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Steam\steam.exe
c:\program files\steam\steamapps\brett123\counter-strike source\hl2.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: ClientManager3.lnk = C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\windows\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\windows\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\windows\System32\shdocvw.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1169488693102
O18 - Protocol: bw+0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bw+0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bw-0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bw-0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bw00 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bw00s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bw10 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bw10s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bw20 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bw20s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bw30 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bw30s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bw40 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bw40s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bw50 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bw50s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bw60 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bw60s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bw70 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bw70s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bw80 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bw80s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bw90 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bw90s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwa0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwa0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwb0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwb0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwc0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwc0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwd0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwd0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwe0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwe0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwf0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwf0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: bwg0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwg0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwh0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwh0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwi0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwi0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwj0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwj0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwk0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwk0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwl0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwl0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwm0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwm0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwn0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwn0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwo0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwo0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwp0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwp0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwq0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwq0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwr0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwr0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bws0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bws0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwt0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwt0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwu0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwu0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwv0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwv0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bww0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bww0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwx0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwx0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwy0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwy0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwz0 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: bwz0s - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: offline-8876480 - {4E2DB33C-79AD-4D15-9035-045B9EDF0172} - (no file)
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - (no file)
O20 - Winlogon Notify: avgwlntf - C:\windows\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: klogon - C:\windows\
O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: Bwsvc - BUFFALO INC. - C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    Advertisements

Register to Remove


#2 shelf life

shelf life

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 3,191 posts

Posted 08 September 2007 - 06:39 AM

hi griffin,

dont see anything that looks like a classic dnschanger in the log. are you getting web page redirects? do ascan with spybot, then right click in the window and copy/paste the report into notepad. just need the scan results, not the entire full report. post the spybot results back here. you can do a online scan also here;

F-secure scan:
http://support.f-sec.../home/ols.shtml

click on the "start scanning button" near bottom of page.
click to accept/install the ActiveX applet,Click Full System Scan
Once the download completes (may take awhile),the scan will begin automatically.
The scan will take some time to finish.
When the scan completes, click the Automatic cleaning (recommended) button.

Click the Show Report button and Copy&Paste the entire report in your next reply along with a current HijackThis log.

shelf life
How Can I Reduce My Risk?

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users