Tech Support Forum - View Single Post

kanmm · 04-18-2005, 08:43 PM

I recently accepted and ran something that came across MSN Messenger. It typed in for the person i was talking to "check this out" (or something to that effect) and i ran it. As soon as i did, it opened all the people on my MSN list and sent them the same file with a message from me saying "check this out." I checked taskmanager and there was a "project1.exe" running. I ended it and restarted my computer. Upon restart I got the messages "Cannot find 'C:\Program'", "Could not load or run 'C:\Program' specified in registry", "Cannot find 'C:\files\msn7\msn.exe' (I think it was 'C:\')" and "Could not load or run \files\msn7\msn.exe'" I did an AVG scan, Microsoft Antispyware scan, and Spybot S&D scan, with nothing other than a few tracking cookies showing up. I downloaded Hijackthis and Hijackthis analyzer and this is the log. Please help, I don't have a clue what to do. Thank you.

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 8:19:06 PM, on 4/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\WINDOWS\system32\winshvc.exe
C:\WINDOWS\system32\winshvc.exe
C:\Documents and Settings\Nic\Desktop\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mytelus.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://mytelus.com/
F3 - REG:win.ini: load=C:\Program Files\msn7\msn.exe
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [Windows Sz Host] winshvc.exe
O4 - HKLM\..\RunServices: [Windows Sz Host] winshvc.exe
O4 - HKCU\..\Run: [Windows Sz Host] winshvc.exe
O4 - HKCU\..\RunServices: [Windows Sz Host] winshvc.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/game...ts/y/et1_x.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1111810597484
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

End of KRC HijackThis Analyzer Log.
====================================================================

04-18-2005, 08:43 PM	#1 (permalink)
kanmm Registered User Join Date: Apr 2005 Posts: 8 OS: XP SP2	Help! MSN Messenger Virus I recently accepted and ran something that came across MSN Messenger. It typed in for the person i was talking to "check this out" (or something to that effect) and i ran it. As soon as i did, it opened all the people on my MSN list and sent them the same file with a message from me saying "check this out." I checked taskmanager and there was a "project1.exe" running. I ended it and restarted my computer. Upon restart I got the messages "Cannot find 'C:\Program'", "Could not load or run 'C:\Program' specified in registry", "Cannot find 'C:\files\msn7\msn.exe' (I think it was 'C:\')" and "Could not load or run \files\msn7\msn.exe'" I did an AVG scan, Microsoft Antispyware scan, and Spybot S&D scan, with nothing other than a few tracking cookies showing up. I downloaded Hijackthis and Hijackthis analyzer and this is the log. Please help, I don't have a clue what to do. Thank you. O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 8:19:06 PM, on 4/18/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE C:\WINDOWS\system32\winshvc.exe C:\WINDOWS\system32\winshvc.exe C:\Documents and Settings\Nic\Desktop\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mytelus.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://mytelus.com/ F3 - REG:win.ini: load=C:\Program Files\msn7\msn.exe O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun O4 - HKLM\..\Run: [Windows Sz Host] winshvc.exe O4 - HKLM\..\RunServices: [Windows Sz Host] winshvc.exe O4 - HKCU\..\Run: [Windows Sz Host] winshvc.exe O4 - HKCU\..\RunServices: [Windows Sz Host] winshvc.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/game...ts/y/et1_x.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1111810597484 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe End of KRC HijackThis Analyzer Log. ====================================================================