Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Lots of virus troubles *FIXED* -Please lock-

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Computer Talk
View previous topic :: View next topic  
Author Message
krazedkat
I post too much
Reputation: 0

Joined: 29 Aug 2007
Posts: 2255
Location: Hell, Norway

PostPosted: Fri Feb 19, 2010 2:01 am    Post subject: Lots of virus troubles *FIXED* -Please lock- Reply with quote

Okay, I've gotten a virus and I need your help.
Here's a list of "features":
1) Disguised as "Anitivirus Soft"
2) Won't let me open CMD
3) Won't let me open taskmanager
4) Has opened two websites (porno.com and porno.org)

that's basically it... Anyone else had this? Any help?
Also: I can't open ANY sites on IE so I'm using FF.
PLEASE HELP ASAP


edit:Update: can't really open anything that comes prepackaged so can't show you a screenshot of the "Antivirus"


update2: it opened viagra.com -.-
WHO THE FUCK IS THE IMATURE FUCK THAT GAVE ME THIS VIRUS?


Last edited by krazedkat on Fri Feb 19, 2010 4:47 am; edited 1 time in total
Back to top
View user's profile Send private message
Hero
I'm a spammer
Reputation: 79

Joined: 16 Sep 2006
Posts: 7154

PostPosted: Fri Feb 19, 2010 2:15 am    Post subject: Reply with quote

Can you get malwarebytes and run it? Try it.
Back to top
View user's profile Send private message
krazedkat
I post too much
Reputation: 0

Joined: 29 Aug 2007
Posts: 2255
Location: Hell, Norway

PostPosted: Fri Feb 19, 2010 2:21 am    Post subject: Reply with quote

Trying right now Smile... If not I'll try to download it in safe mode...
Back to top
View user's profile Send private message
Konata Izumi
Grandmaster Cheater Supreme
Reputation: 3

Joined: 14 Feb 2008
Posts: 1527

PostPosted: Fri Feb 19, 2010 2:32 am    Post subject: Reply with quote

run hijackthis.
_________________
CARCASSSSSSSSSSSSSSS
Back to top
View user's profile Send private message MSN Messenger
Hero
I'm a spammer
Reputation: 79

Joined: 16 Sep 2006
Posts: 7154

PostPosted: Fri Feb 19, 2010 2:32 am    Post subject: Reply with quote

Hero1 wrote:
run hijackthis.
and post its log here.
Back to top
View user's profile Send private message
krazedkat
I post too much
Reputation: 0

Joined: 29 Aug 2007
Posts: 2255
Location: Hell, Norway

PostPosted: Fri Feb 19, 2010 2:35 am    Post subject: Reply with quote

Running Malwarebytes and downloading Hijackthis Smile

edit:
Logfile of hijackthis:
Code:
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 1:53:24 AM, on 19/02/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\SOUNDMAN.EXE
C:\Windows\System32\wpcumi.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [nodenable] C:\Program Files\eset\nodenable.exe /s
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2231138077-1801405048-1116169493-1001\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Keith')
O4 - HKUS\S-1-5-21-2231138077-1801405048-1116169493-1001\..\Run: [{63E63C42-B342-B32A-3207-ED032E27A1C8}] C:\Users\Keith\AppData\Roaming\updregvc64.exe (User 'Keith')
O4 - HKUS\S-1-5-21-2231138077-1801405048-1116169493-1001\..\Run: [SlickRun] "J:\SlickRun\sr.exe" (User 'Keith')
O4 - HKUS\S-1-5-21-2231138077-1801405048-1116169493-1001\..\Run: [IDMan] J:\Apps\Internet Download Manager\IDMan.exe /onboot (User 'Keith')
O4 - HKUS\S-1-5-21-2231138077-1801405048-1116169493-1001\..\Run: [WhatPulse] J:\Apps\WhatPulse\WhatPulse.exe (User 'Keith')
O4 - HKUS\S-1-5-21-2231138077-1801405048-1116169493-1001\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Keith')
O4 - HKUS\S-1-5-21-2231138077-1801405048-1116169493-1001\..\Run: [JaaduVNCConnect] "C:\Users\Keith\Desktop\Jaadu\JaaduConnect.exe" -autostart (User 'Keith')
O4 - HKUS\S-1-5-21-2231138077-1801405048-1116169493-1001\..\Run: [iPhone PC Suite] C:\Users\Keith\Desktop\iPCSuite\iPhone\iPhone PC Suite.exe /start (User 'Keith')
O4 - HKUS\S-1-5-21-2231138077-1801405048-1116169493-1001\..\Run: [hdvneipy] C:\Users\Keith\AppData\Local\lhculi\hpwtsftav.exe (User 'Keith')
O4 - HKUS\S-1-5-21-2231138077-1801405048-1116169493-1001\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; http://bsalsa.com) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://www.habbo.ca/shockwave_client" (User 'Keith')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Users\Eric\Desktop\Microsoft Publisher\Office10\OSA.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

--
End of file - 10108 bytes


Last edited by krazedkat on Fri Feb 19, 2010 2:39 am; edited 1 time in total
Back to top
View user's profile Send private message
Konata Izumi
Grandmaster Cheater Supreme
Reputation: 3

Joined: 14 Feb 2008
Posts: 1527

PostPosted: Fri Feb 19, 2010 2:37 am    Post subject: Reply with quote

Hero wrote:
Hero1 wrote:
run hijackthis.
and post its log on hijackthis.de
also, download nod32 trial then get a free donated serials from hhuu.net
_________________
CARCASSSSSSSSSSSSSSS
Back to top
View user's profile Send private message MSN Messenger
krazedkat
I post too much
Reputation: 0

Joined: 29 Aug 2007
Posts: 2255
Location: Hell, Norway

PostPosted: Fri Feb 19, 2010 2:41 am    Post subject: Reply with quote

I've posted the logfile here and hijackthis.de and I also have an ESET scan in progress...
Back to top
View user's profile Send private message
Konata Izumi
Grandmaster Cheater Supreme
Reputation: 3

Joined: 14 Feb 2008
Posts: 1527

PostPosted: Fri Feb 19, 2010 2:46 am    Post subject: Reply with quote

delete the ones that hijackhis.de said were bad.
_________________
CARCASSSSSSSSSSSSSSS
Back to top
View user's profile Send private message MSN Messenger
krazedkat
I post too much
Reputation: 0

Joined: 29 Aug 2007
Posts: 2255
Location: Hell, Norway

PostPosted: Fri Feb 19, 2010 2:49 am    Post subject: Reply with quote

It didn't say any were bad, just unnecessary and neutral :\... Can you use the log file and tell me what to delete (use it on hijackthis.de yourself?)


EDIT:
weird side note but it seems to possibly only affect my file because it is not happening on my dad's...
Back to top
View user's profile Send private message
Konata Izumi
Grandmaster Cheater Supreme
Reputation: 3

Joined: 14 Feb 2008
Posts: 1527

PostPosted: Fri Feb 19, 2010 2:58 am    Post subject: Reply with quote

delete:
O4 - HKUS\S-1-5-21-2231138077-1801405048-1116169493-1001\..\Run: [{63E63C42-B342-B32A-3207-ED032E27A1C8}] C:\Users\Keith\AppData\Roaming\updregvc64.exe (User 'Keith')

O4 - HKUS\S-1-5-21-2231138077-1801405048-1116169493-1001\..\Run: [hdvneipy] C:\Users\Keith\AppData\Local\lhculi\hpwtsftav.exe (User 'Keith')

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

_________________
CARCASSSSSSSSSSSSSSS
Back to top
View user's profile Send private message MSN Messenger
krazedkat
I post too much
Reputation: 0

Joined: 29 Aug 2007
Posts: 2255
Location: Hell, Norway

PostPosted: Fri Feb 19, 2010 3:18 am    Post subject: Reply with quote

It's all good and fixed up, thanks mah heros!
Back to top
View user's profile Send private message
hcavolsdsadgadsg
I'm a spammer
Reputation: 26

Joined: 11 Jun 2007
Posts: 5801

PostPosted: Fri Feb 19, 2010 4:35 am    Post subject: Reply with quote

Hero1 wrote:
Hero wrote:
Hero1 wrote:
run hijackthis.
and post its log on hijackthis.de
also, download nod32 trial then get a free donated serials from hhuu.net


i seriously lol'd at this
Back to top
View user's profile Send private message
krazedkat
I post too much
Reputation: 0

Joined: 29 Aug 2007
Posts: 2255
Location: Hell, Norway

PostPosted: Fri Feb 19, 2010 4:48 am    Post subject: Reply with quote

Solved, please lock.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Computer Talk All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites