1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

In Need of help!!! please help

Discussion in 'Windows - Virus and spyware problems' started by backer6, Jul 24, 2006.

  1. backer6

    backer6 Member

    Joined:
    Jul 24, 2006
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    11
    so out of the blue my home page turns in to http://www.sysprotectionpage.net/ (donot click could be a virus)
    and then i got looking in the internet and found out its W32.Myzor.FK@yf virus.
    On my tool bar by the clock.
    i get this error logo saying click here to fix the problem.
    Each time i click on it i get a different site.
    These are the programs they want me to download

    spy heal
    pest trap
    the spy guard
    brave sentry
    malware wipe

    here is my hijack log
    Logfile of HijackThis v1.99.1
    Scan saved at 3:40:42 PM, on 24/07/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
    C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
    C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
    C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
    C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
    C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\isnotify.exe
    C:\WINDOWS\system32\issearch.exe
    C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
    C:\WINDOWS\system32\WISPTIS.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.pandasoftware.com/redirector/?prod=103&app=UpdtDownload&lang=eng
    O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\system32\ixt1.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
    O4 - HKLM\..\Run: [LUPGCONF] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\LUpgConf.exe" /RunOnce:4_02_00
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winzlo32 - winzlo32.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
    O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
    O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
    O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
    O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
    O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

    Please help this virus is on my school laptop.
     
    backer6, Jul 24, 2006
    #1
  2. backer6

    backer6 Member

    Joined:
    Jul 24, 2006
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    11
    no help?
     
    backer6, Jul 24, 2006
    #2
  3. thugs121

    thugs121 Regular member

    Joined:
    Aug 3, 2004
    Messages:
    460
    Likes Received:
    0
    Trophy Points:
    26
    backer6:

    Download these programs:

    Ewido: http://www.ewido.net/en/download/

    - Download, update for latest signatures...then we will scan later

    Smitfraud Fix: http://siri.geekstogo.com/SmitfraudFix.php

    - Follow the graphical guide on how to use it...

    After you have downloaded (and updated for latest signatures), boot into safe mode: http://www.pchell.com/support/safemode.shtml

    When you have booted into safe mode successfully, run HIjack This ([bold]Perform a system scan only[/bold]) and then place a checkmark at these entries:

    [bold]O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\system32\ixt1.dll

    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe

    O20 - Winlogon Notify: winzlo32 - winzlo32.dll (file missing)[/bold]

    After using Hijack This to remove them, (still in safe mode) run SmitFraud Fix. If it detects some bad things, use option #2 to clean them. After that, run Ewido ([bold]Scanner --> Complete System Scan[/bold])

    After you are done, post the logs produced by SmitFraud Fix and Ewido. The log for Smitfraud should be located in: C:\Rapport

    Also, you Java is out of date. Download the latest one from here: http://java.com/en/download/windows_xpi.jsp

    Before installing the new Java version, uninstall the old one from Control Panel ---> Add/Remove
     
    Last edited: Jul 24, 2006
    thugs121, Jul 24, 2006
    #3

Share This Page