My PC Is Infected With Trojan/Spyware Etc - Please Help

Discussion in 'Windows - Virus and spyware problems' started by dougal79, Oct 28, 2006.

  1. dougal79

    dougal79 Regular member

    Joined:
    Aug 11, 2006
    Messages:
    487
    Likes Received:
    0
    Trophy Points:
    26
    i went to bed last night & everything was fine..
    i woke up this morning & when i turned on my pc i had 3 new icons on my desktop..
    1 was called online security guide & when i hover the mouse over it, it says www.protectionlist.com..
    the other has since disappeared as i scanned with spyware doctor pro & nod32..
    the last looks like a program icon & is called porn pass manager..
    ive since found out my partners son who is 15 was on it all morning.
    i know for a fact hes been on msn as i have 2 user accounts.
    1 is in my name & has a password.
    the other i use to play games only & under this one it says 3 new messages.
    i clicked on it & it came up as his msn address..
    everytime i try to go online i notice my browser has been hijacked & the site is called safeiepage.com & there is another window that pops up saying:-
    warning w32.Myzor.fk@yf is a virus that affects files with .exe. extensions & attempts to steal passwords & private information..
    it also says its 138,293 bytes long & under technical details it says:-
    1) creates files in %windir%\ by default this is c:\windows
    2) adds values to registry keys: HKEY_LOCAL_MNACHINE\ (NOTICE MACHINE ISNT SPELLED CORRECTLY, BUT THATS HOW IT IS)Software\Microsoft\Windows\CurrentVersion\Run3
    3) scans the hard drive for .exe files & infects any executable files.
    searches for passwords/information which it may send to a remote attacker.
    it then goes on to say click OK to download officialy approved security software. always keep your patch levels up to date.
    can anyone tell me whats happened to my pc?
    & more importantly how to fix this?
    i just put a brand new heatsink & fan into this & have spent a lot of money on it..
    im the only 1 that gets on the pc & will be putting a password on the accounts i use for games..
    he has done this before & infected me with malware etc..
    i also keep getting popups in the system tray saying
    system alert: Trojan-Spy.Win32@mx, Cyberlog-x & another called Trojan SPM/LX.
    any help is appreciated.. also what is best for security for your pc as i have lots of programs on disks i dont use such as panda antivirus, panda antivirus & firewall, avg pro etc..
    thanks for any help i recieve. :-(
     
    Last edited: Oct 28, 2006
    dougal79, Oct 28, 2006
    #1
  2. xxteakxx

    xxteakxx Regular member

    Joined:
    Jul 20, 2006
    Messages:
    1,506
    Likes Received:
    0
    Trophy Points:
    46
    Download HijackThis (click the name).
    Create a folder in C: named HjT.
    Extract the files to the new folder.
    Open HijackThis.exe and "Do a system scan and save a log file".
    Post that log in your next reply.
     
    xxteakxx, Oct 28, 2006
    #2
  3. dougal79

    dougal79 Regular member

    Joined:
    Aug 11, 2006
    Messages:
    487
    Likes Received:
    0
    Trophy Points:
    26
    ok here is the log from hijackthis..
    i tried follwing the guide niobis put up, but its not
    letting me update avg anti spyware..
    Logfile of HijackThis v1.99.1
    Scan saved at 15:43:12, on 28/10/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\PornPass Manager\isamonitor.exe
    C:\Program Files\PornPass Manager\pmsngr.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\Program Files\PornPass Manager\isamini.exe
    C:\Program Files\PornPass Manager\pmmon.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\system32\wpabaln.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\SYSTEM32\cidaemon.exe
    C:\Documents and Settings\neil dougal\Desktop\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by blueyonder
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {8bf5b8fc-11cb-409f-8c91-4d4ca04a1b6d} - C:\Program Files\PornPass Manager\isaddon.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
    O3 - Toolbar: Protection Bar - {1a29a79a-b9c8-44a9-bedf-7fadde3cf33f} - C:\Program Files\PornPass Manager\iesplugin.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [DVD43] C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe /hidden
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
    O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
    O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
    O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O15 - Trusted Zone: http://toolbar.imageshack.us
    O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

     
    dougal79, Oct 28, 2006
    #3
  4. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,326
    Likes Received:
    0
    Trophy Points:
    66
    Edit: didn't see where you made a new post with the SmitfraudFix log. No use in double posting!!

    ->edited<-
     
    Last edited: Oct 28, 2006
    Niobis, Oct 28, 2006
    #4

Share This Page