| View previous topic :: View next topic |
| Author |
Message |
krazedkat I post too much
Reputation: 0
Joined: 29 Aug 2007 Posts: 2255 Location: Hell, Norway
|
Posted: Fri Feb 19, 2010 2:01 am Post subject: Lots of virus troubles *FIXED* -Please lock- |
|
|
Okay, I've gotten a virus and I need your help.
Here's a list of "features":
1) Disguised as "Anitivirus Soft"
2) Won't let me open CMD
3) Won't let me open taskmanager
4) Has opened two websites (porno.com and porno.org)
that's basically it... Anyone else had this? Any help?
Also: I can't open ANY sites on IE so I'm using FF.
PLEASE HELP ASAP
edit:Update: can't really open anything that comes prepackaged so can't show you a screenshot of the "Antivirus"
update2: it opened viagra.com -.-
WHO THE FUCK IS THE IMATURE FUCK THAT GAVE ME THIS VIRUS?
Last edited by krazedkat on Fri Feb 19, 2010 4:47 am; edited 1 time in total |
|
| Back to top |
|
 |
Hero I'm a spammer
Reputation: 79
Joined: 16 Sep 2006 Posts: 7154
|
Posted: Fri Feb 19, 2010 2:15 am Post subject: |
|
|
| Can you get malwarebytes and run it? Try it.
|
|
| Back to top |
|
 |
krazedkat I post too much
Reputation: 0
Joined: 29 Aug 2007 Posts: 2255 Location: Hell, Norway
|
Posted: Fri Feb 19, 2010 2:21 am Post subject: |
|
|
Trying right now ... If not I'll try to download it in safe mode...
|
|
| Back to top |
|
 |
Konata Izumi Grandmaster Cheater Supreme
Reputation: 3
Joined: 14 Feb 2008 Posts: 1527
|
Posted: Fri Feb 19, 2010 2:32 am Post subject: |
|
|
run hijackthis.
_________________
CARCASSSSSSSSSSSSSSS |
|
| Back to top |
|
 |
Hero I'm a spammer
Reputation: 79
Joined: 16 Sep 2006 Posts: 7154
|
Posted: Fri Feb 19, 2010 2:32 am Post subject: |
|
|
| Hero1 wrote: | | run hijackthis. | and post its log here.
|
|
| Back to top |
|
 |
krazedkat I post too much
Reputation: 0
Joined: 29 Aug 2007 Posts: 2255 Location: Hell, Norway
|
Posted: Fri Feb 19, 2010 2:35 am Post subject: |
|
|
Running Malwarebytes and downloading Hijackthis
edit:
Logfile of hijackthis:
| Code: | Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 1:53:24 AM, on 19/02/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18385)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\SOUNDMAN.EXE
C:\Windows\System32\wpcumi.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [nodenable] C:\Program Files\eset\nodenable.exe /s
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2231138077-1801405048-1116169493-1001\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Keith')
O4 - HKUS\S-1-5-21-2231138077-1801405048-1116169493-1001\..\Run: [{63E63C42-B342-B32A-3207-ED032E27A1C8}] C:\Users\Keith\AppData\Roaming\updregvc64.exe (User 'Keith')
O4 - HKUS\S-1-5-21-2231138077-1801405048-1116169493-1001\..\Run: [SlickRun] "J:\SlickRun\sr.exe" (User 'Keith')
O4 - HKUS\S-1-5-21-2231138077-1801405048-1116169493-1001\..\Run: [IDMan] J:\Apps\Internet Download Manager\IDMan.exe /onboot (User 'Keith')
O4 - HKUS\S-1-5-21-2231138077-1801405048-1116169493-1001\..\Run: [WhatPulse] J:\Apps\WhatPulse\WhatPulse.exe (User 'Keith')
O4 - HKUS\S-1-5-21-2231138077-1801405048-1116169493-1001\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Keith')
O4 - HKUS\S-1-5-21-2231138077-1801405048-1116169493-1001\..\Run: [JaaduVNCConnect] "C:\Users\Keith\Desktop\Jaadu\JaaduConnect.exe" -autostart (User 'Keith')
O4 - HKUS\S-1-5-21-2231138077-1801405048-1116169493-1001\..\Run: [iPhone PC Suite] C:\Users\Keith\Desktop\iPCSuite\iPhone\iPhone PC Suite.exe /start (User 'Keith')
O4 - HKUS\S-1-5-21-2231138077-1801405048-1116169493-1001\..\Run: [hdvneipy] C:\Users\Keith\AppData\Local\lhculi\hpwtsftav.exe (User 'Keith')
O4 - HKUS\S-1-5-21-2231138077-1801405048-1116169493-1001\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; http://bsalsa.com) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://www.habbo.ca/shockwave_client" (User 'Keith')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Users\Eric\Desktop\Microsoft Publisher\Office10\OSA.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
--
End of file - 10108 bytes
|
Last edited by krazedkat on Fri Feb 19, 2010 2:39 am; edited 1 time in total |
|
| Back to top |
|
 |
Konata Izumi Grandmaster Cheater Supreme
Reputation: 3
Joined: 14 Feb 2008 Posts: 1527
|
Posted: Fri Feb 19, 2010 2:37 am Post subject: |
|
|
| Hero wrote: | | Hero1 wrote: | | run hijackthis. | and post its log on hijackthis.de | also, download nod32 trial then get a free donated serials from hhuu.net
_________________
CARCASSSSSSSSSSSSSSS |
|
| Back to top |
|
 |
krazedkat I post too much
Reputation: 0
Joined: 29 Aug 2007 Posts: 2255 Location: Hell, Norway
|
Posted: Fri Feb 19, 2010 2:41 am Post subject: |
|
|
| I've posted the logfile here and hijackthis.de and I also have an ESET scan in progress...
|
|
| Back to top |
|
 |
Konata Izumi Grandmaster Cheater Supreme
Reputation: 3
Joined: 14 Feb 2008 Posts: 1527
|
Posted: Fri Feb 19, 2010 2:46 am Post subject: |
|
|
delete the ones that hijackhis.de said were bad.
_________________
CARCASSSSSSSSSSSSSSS |
|
| Back to top |
|
 |
krazedkat I post too much
Reputation: 0
Joined: 29 Aug 2007 Posts: 2255 Location: Hell, Norway
|
Posted: Fri Feb 19, 2010 2:49 am Post subject: |
|
|
It didn't say any were bad, just unnecessary and neutral :\... Can you use the log file and tell me what to delete (use it on hijackthis.de yourself?)
EDIT:
weird side note but it seems to possibly only affect my file because it is not happening on my dad's...
|
|
| Back to top |
|
 |
Konata Izumi Grandmaster Cheater Supreme
Reputation: 3
Joined: 14 Feb 2008 Posts: 1527
|
Posted: Fri Feb 19, 2010 2:58 am Post subject: |
|
|
delete:
O4 - HKUS\S-1-5-21-2231138077-1801405048-1116169493-1001\..\Run: [{63E63C42-B342-B32A-3207-ED032E27A1C8}] C:\Users\Keith\AppData\Roaming\updregvc64.exe (User 'Keith')
O4 - HKUS\S-1-5-21-2231138077-1801405048-1116169493-1001\..\Run: [hdvneipy] C:\Users\Keith\AppData\Local\lhculi\hpwtsftav.exe (User 'Keith')
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
_________________
CARCASSSSSSSSSSSSSSS |
|
| Back to top |
|
 |
krazedkat I post too much
Reputation: 0
Joined: 29 Aug 2007 Posts: 2255 Location: Hell, Norway
|
Posted: Fri Feb 19, 2010 3:18 am Post subject: |
|
|
| It's all good and fixed up, thanks mah heros!
|
|
| Back to top |
|
 |
hcavolsdsadgadsg I'm a spammer
Reputation: 26
Joined: 11 Jun 2007 Posts: 5801
|
Posted: Fri Feb 19, 2010 4:35 am Post subject: |
|
|
| Hero1 wrote: | | Hero wrote: | | Hero1 wrote: | | run hijackthis. | and post its log on hijackthis.de | also, download nod32 trial then get a free donated serials from hhuu.net |
i seriously lol'd at this
|
|
| Back to top |
|
 |
krazedkat I post too much
Reputation: 0
Joined: 29 Aug 2007 Posts: 2255 Location: Hell, Norway
|
Posted: Fri Feb 19, 2010 4:48 am Post subject: |
|
|
| Solved, please lock.
|
|
| Back to top |
|
 |
|