help ! pls ! seriously infected with viruses & trojans

Discussion in 'Windows - Virus and spyware problems' started by Niakiki, Sep 20, 2006.

  1. Niakiki

    Niakiki Guest

    hello good techies,

    I'm really a hectic time with somes computers
    on which pendrives and diskettes were moved from one
    to another and have been seriously infected with dangerous
    viruses and trojans.

    below is the hijackThis log:---

    Logfile of HijackThis v1.99.1
    Scan saved at 14:21:32, on 9/20/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    c:\cpqapps\Aclient\Aclient.exe
    C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
    C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
    C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vpc32.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\ecg\Desktop\New Folder\HijackThis_v1.99.1.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - file://D:\CDS300\noflash\swflash.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - c:\cpqapps\Aclient\Aclient.exe
    O23 - Service: Insight Local Alerter (CPQALERT) - Hewlett-Packard Company - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
    O23 - Service: cpqdmi - Unknown owner - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe (file missing)
    O23 - Service: Insight Web Agent (cpqWebDmi) - Hewlett-Packard Company - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Remote Diagnostics Enabling Agent (DfwWebAgent) - Hewlett-Packard - C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


    thanks in advance
     
    Niakiki, Sep 20, 2006
    #1
  2. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,326
    Likes Received:
    0
    Trophy Points:
    66
    Go here and run ActiveScan. If anything other than cookies is found, post the resuslts.
     
    Niobis, Sep 20, 2006
    #2
  3. Niakiki

    Niakiki Guest

    Hello,

    Below is my ActiveScan Log. I hav ealso scanned my
    PC with some antiviruses like NOD32,Super Antispyware,
    Mc Affee ,AVG ,Symantec etc ....,but i still get the
    report that the ff. trojans and viruses are still on my system:-

    -W32.HLLP.Sality!inf
    -Temp Com.Trojan
    -Brontok.A
    --------------------------
    Incident Status Location

    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\ecg\Cookies\ecg@ads.pointroll[2].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\ecg\Cookies\ecg@atdmt[2].txt
    Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\ecg\Cookies\ecg@casalemedia[1].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\ecg\Cookies\ecg@doubleclick[1].txt
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\ecg\Cookies\ecg@fastclick[2].txt
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\ecg\Cookies\ecg@overture[1].txt
    Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\ecg\Cookies\ecg@perf.overture[1].txt
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\ecg\Cookies\ecg@serving-sys[1].txt
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\ecg\Desktop\twifoo\SmitfraudFix_v2.94.zip[SmitfraudFix/Process.exe]
    Spyware:Spyware/New.net Not disinfected C:\WINDOWS\newdotnet2_92.dll_tobedeleted
     
    Niakiki, Sep 21, 2006
    #3
  4. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,326
    Likes Received:
    0
    Trophy Points:
    66
    Restart in safe mode, find and delete this file [bold]C:\WINDOWS\newdotnet2_92.dll[/bold].

    Restart in normal mode. Go here and get CCleaner. Run both the cleaner and the issues fix.
     
    Niobis, Sep 21, 2006
    #4

Share This Page