Hello all , I already have one java script virus sitting in the quarantine in Avira anti- virus premium . A while ago I must have installed a program called 1 - click down loader and the computer is running super slow at times , and I receive a pop up message letting me know a " script is running and to click yes or no to stop it . Does this sound like a worm virus , and any suggestions and how to remove it because Avira , Malware-bytes , Combo - fix , and even Super-anti- spyware have not detected this virus .
see if you can uninstall 1click,then download,update and run hijack this and post a log.do not fix anything with hjt.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dts.search-results.com/sr?src=ieb&appid=283&systemid=406&sr=0&q={searchTerms} R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ O2 - BHO: BHO_PROJECT - {47CEEE9C-3B9B-492C-95CA-1AC3A99D154C} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Citrix\GoToMyPC\g2svc.exe (file missing) O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\pev.3XE (file missing) O24 - Desktop Component 0: (no name) - http://v5-static.ehowcdn.com/media/images/logos/logo.png O24 - Desktop Component 1: (no name) - http://img.ehowcdn.com/other-people/ehow/images/a06/82/as/make-backup-disc-computer-180x180.jpg O24 - Desktop Component 2: (no name) - http://www.ironmagazineforums.com/gallery/data/596/medium/hot17.jpg -- End of file - 4485 bytes Here is the log .
run hijack this again and delete the following. O2 - BHO: BHO_PROJECT - {47CEEE9C-3B9B-492C-95CA-1AC3A99D154C} - (no file) O24 - Desktop Component 0: (no name) - http://v5-static.ehowcdn.com/media/images/logos/logo.png O24 - Desktop Component 1: (no name) - http://img.ehowcdn.com/other-people/eho...ter-180x180.jpg O24 - Desktop Component 2: (no name) - http://www.ironmagazineforums.com/galle...edium/hot17.jpg after doing this run another av scan.then run malwarebytes and superantispyware and delete what you find.then run hijack this again and post another log.also let us know how your computer is running.
I think I may have a worm virus infecting my computer . This is what I see in a pop-up box when the computer starts to freeze : Warning : unresponsive script . Script :http//yahoo .eye blaster .com /pl- yahoo/big scripts /eb banner -2-5-2-1.js:1 I ran a W32.blaster.worm removal tool after disabling system restore and the internet connection and was told this worm is not on my computer so any suggestions because this is odd no anti- virus or spyware program can detect this worm . I was supposed to install a patch from microsoft only my operating system is too up to date and won't install and I don't know if that would have made a difference . All I know is Avira is detecting more viruses all of a sudden .
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:46:47 PM, on 7/12/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5503) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Avira\AntiVir Desktop\avmailc.exe C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dts.search-results.com/sr?src=ieb&appid=283&systemid=406&sr=0&q={searchTerms} R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ O2 - BHO: BHO_PROJECT - {47CEEE9C-3B9B-492C-95CA-1AC3A99D154C} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKUS\S-1-5-21-299502267-261903793-839522115-1004\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED (User '?') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Citrix\GoToMyPC\g2svc.exe (file missing) O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: McAfee ScanAndRepair Svc - McAfee, Inc. - C:\Program Files\McAfeeScanAndRepair\McAfeeScanRepairSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\pev.3XE (file missing) -- End of file - 4345 bytes I just did a full scan with Avira premium today in safe mode and no viruses detected and the computer still running slow and freezing up .
Yes , the items checked were deleted . I may have to have this looked at by my local computer shop . Do you think I should try another anti- virus ?
Have you tried any programs like AD-Aware or Malwarebytes?Just make sure you do an update to them before you run them.
try one more time.run hjt and check fix the following. O2 - BHO: BHO_PROJECT - {47CEEE9C-3B9B-492C-95CA-1AC3A99D154C} - (no file) after doing this run hjt and post another log.
Hi , I know it's been 11 days since I last posted because I uninstalled Mozilla Firefox and changed to Google Chrome and installed Avast anti-virus free and wanted to see how this worked and everything's moving along much better now . No more script messages and 1 Trojan found and quarantined with Avast . Thanks for the help .
