Tech Support Forum - View Single Post

MelanieMcKenzie · 07-07-2005, 12:34 PM

I caught the Ceres virus from doing an alltheweb.com search and went to a page that took a long time to load before I realized a Trojan horse was being put on my computer. I ctr+alt+del and restarted my computer. I had the same problem back in March with a Cool Web virus and was able to get rid of it, by following step by step instructions. So I already had several programs on my computer. AdAware Personal Edition, Grisoft Virus Scanner, Cool Websearch shredder, HiJack This and Clean Up.

When I performed my first ad scan it detected ceres had been put on my computer, so I removed them. I then did a grisoft virus scan and it showed 18 viruses 10 which were backup ones. So I put those in a virus vault. I also did a HiJack this log and saw there were several programs running that didn't need to and deleted them. I used the CWShredder which didn't detect anything. Used CleanUp to get rid of temp files and restarted the computer.

I fear that the virus is now hiding somewhere on my computer because after running these virus-protection programs, several times, I still get on the computer and my mouse jumps from place to place. I can type in the address bar, but when I press enter it doesn't take me anywhere like it usually does. The address bar's appearance length changes. Pages and programs open that I didn't click on. I know something is still on my computer but don't know where to find it. Could anybody please help me.

Here's my HiJack This Log:

Logfile of HijackThis v1.99.1
Scan saved at 1:29:26 PM, on 7/7/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\WINDOWS\SYSTEM\PRINTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN5\YCOMP5_6_0_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN5\YCOMP5_6_0_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/game...ts/y/tt3_x.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab

I would appreciate any assistance, thanks in advance

07-07-2005, 12:34 PM	#1 (permalink)
MelanieMcKenzie Registered User Join Date: Jul 2005 Posts: 16 OS: Win98SE	Problem with Ceres virus I caught the Ceres virus from doing an alltheweb.com search and went to a page that took a long time to load before I realized a Trojan horse was being put on my computer. I ctr+alt+del and restarted my computer. I had the same problem back in March with a Cool Web virus and was able to get rid of it, by following step by step instructions. So I already had several programs on my computer. AdAware Personal Edition, Grisoft Virus Scanner, Cool Websearch shredder, HiJack This and Clean Up. When I performed my first ad scan it detected ceres had been put on my computer, so I removed them. I then did a grisoft virus scan and it showed 18 viruses 10 which were backup ones. So I put those in a virus vault. I also did a HiJack this log and saw there were several programs running that didn't need to and deleted them. I used the CWShredder which didn't detect anything. Used CleanUp to get rid of temp files and restarted the computer. I fear that the virus is now hiding somewhere on my computer because after running these virus-protection programs, several times, I still get on the computer and my mouse jumps from place to place. I can type in the address bar, but when I press enter it doesn't take me anywhere like it usually does. The address bar's appearance length changes. Pages and programs open that I didn't click on. I know something is still on my computer but don't know where to find it. Could anybody please help me. Here's my HiJack This Log: Logfile of HijackThis v1.99.1 Scan saved at 1:29:26 PM, on 7/7/05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE C:\WINDOWS\RUNDLL32.EXE C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE C:\WINDOWS\SYSTEM\LXSUPMON.EXE C:\WINDOWS\SYSTEM\PRINTRAY.EXE C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE C:\WINDOWS\SYSTEM\LEXBCES.EXE C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\RUNDLL32.EXE C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE C:\PROGRAM FILES\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = yahoo.com O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN5\YCOMP5_6_0_0.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN5\YCOMP5_6_0_0.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [CountrySelection] pctptt.exe O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [LexStart] Lexstart.exe O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/game...ts/y/tt3_x.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab I would appreciate any assistance, thanks in advance