Unknown Virus-----PLEASE PLEASE HELP VERY URGENTLY

@maca1

hallo again! I deleted the files in killbox but 3 files or directories could'nt delete. KillBox said - "This file could not be deleted" , they are:

E:\OLD HDD\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\HKT15QAL\

E:\OLD HDD\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\S5O86ERO\

E:\OLD HDD\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\G5EV01UR\

Do you know why, and is it really dengerous?...........

antway here's the fresh HijackThis log............

Logfile of HijackThis v1.99.1
Scan saved at 10:46:16 AM, on 9/5/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\louisevn@mics.co.za\Desktop\New Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.za
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\PROGRAM FILES\CANON\EASY-WEBPRINT\TOOLBAND.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CorelCENTRAL 10.lnk = C:\Program Files\Corel\WordPerfect Office 2002\Programs\CCWin10.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\PROGRAM FILES\CANON\EASY-WEBPRINT\Resource.dll/RC_Print.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5623905A-A274-420E-968D-5345DFC05FB1}: NameServer = 196.43.1.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{75C2D838-9BC9-4F17-854D-7E8FDAFFD97F}: NameServer = 168.210.2.2 196.14.239.2
O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Have a nice day

 

Click here to get The Avenger. (if you uninstalled it)

Click on Avenger.zip to open the file.
Extract avenger.exe to your desktop.
Copy all the text contained inside the box below to your Clipboard by highlighting it and pressing (Ctrl+C):
INCLUDING: Files to delete

-----------------------------------------------------------------------------------------------
Files to delete:
E:\OLD HDD\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\HKT15QAL\

E:\OLD HDD\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\S5O86ERO\

E:\OLD HDD\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\G5EV01UR\
-----------------------------------------------------------------------------------------------

Now, start The Avenger program by clicking on its icon on your desktop.
Under "Script file to execute" choose "Input Script Manually".
Click on the Magnifying Glass icon which will open a "View/edit script"
Paste the text copied to clipboard into this window by pressing (Ctrl+V).
Click Done.
Click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
It will Restart your computer. (In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

Post the contents of c:\avenger.txt into your next reply.

Edited for spelling and corections.

 

at niobis, that script wont work cause they're folders


@dayglow, they are temp internet files on your E drive



Click My Computer.
Right Click the drive that needs a clean up - E: (in this case)


Go to Properties on the Right Click Menu and click on the “Disk Clean Up” button under General. The Disk cleanup Window will open and do a disk search and then open a screen that offers several options of “Files to Delete”
Make sure only Temporary Files, Temporary Internet Files, and Recycle Bin are checked.
Press OK to remove them

Let me know how that goes.

 

@maca, ok then, could one add the whole file name?

 

You can delete folders wwith avenger just use

Folders to delete:


see here for more you can do
http://swandog46.geekstogo.com/avengernotes.htm

 

Hi guys thanks for the help.

@maca1...

I tried Disk clean up and avenger but ir seems that we missed the obvious........... I followed the path of the folders and just right-clicked and said delete. And it did delete them.

Here's the Avenger log anyway...

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\dqjdqjdn

*******************

Script file located at: \??\C:\Documents and Settings\^sutcdsw.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Error: E:\OLD HDD\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\HKT15QAL\ is a folder, not a file!
Deletion of file E:\OLD HDD\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\HKT15QAL\ failed!

Could not process line:
E:\OLD HDD\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\HKT15QAL\
Status: 0xc00000ba



Error: E:\OLD HDD\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\S5O86ERO\ is a folder, not a file!
Deletion of file E:\OLD HDD\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\S5O86ERO\ failed!

Could not process line:
E:\OLD HDD\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\S5O86ERO\
Status: 0xc00000ba



Error: E:\OLD HDD\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\G5EV01UR\ is a folder, not a file!
Deletion of file E:\OLD HDD\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\G5EV01UR\ failed!

Could not process line:
E:\OLD HDD\WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\G5EV01UR\
Status: 0xc00000ba


Completed script processing.

*******************

Finished! Terminate.


.......Ok... Is this virus gone from my system now? If so there is a couple of widows bugs with the taskbar. The windows I minimize isn't showing properly and my whole system is still a bit slow. Would it be easier to fix windows manually or should I just reinstall WindowsXP?

Tnaks again for all the help!!!

 

Yeah, i never asked you to use avenger on those, I said it wouldn't work cause they are folders not files. Manually deleting them is another way to do it.

Before you reinstall, I'd run Panda scan once more to see if anything is being found to see if those problems are caused by viruses.