Tech Support Forum - View Single Post

Dogge · 06-06-2006, 06:38 PM

I were infected by something that kept popping up in my tray and saying that I had a virus.

This is a screenshot that someone with the same problem has taken:
http://pg.photos.yahoo.com/ph/alevar...cd.jpg&.src=ph

I had just rebooted my computer and quite suddenly got this virus/malware w/e. I had something similiar before, but it kept installing a fake anti-malware program called SpyAxe. Anyway, I used loads of programs like Ewido, SmitFraudFix, AdAware and some more and now the virus is gone, atleast I think so.

If I remember right I had some weird process named something like "attk" which were terminated by AdAware, or atleast that's what it said.
Anyway, here is my HiJackThis-log.

Logfile of HijackThis v1.99.1
Scan saved at 02:32:02, on 2006-06-07
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\VM_STI.EXE
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\SMANTE~1\POOL32~1.EXE
C:\WINDOWS\DOBE~1\fast.exe
C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
F:\Program\Norton Antivirus 2005\navapsvc.exe
F:\Program\Norton Antivirus 2005\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\Douglas\Skrivbord\ewido anti-malware\ewidoctrl.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis\HijackThis.exe
C:\Program\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: (no name) - {F8EB4BDF-DB42-F2B4-6DA7-F25D37C34E9D} - C:\WINDOWS\System32\twux.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program\Norton Antivirus 2005\NavShExt.dll
O2 - BHO: (no name) - {F8EB4BDF-DB42-F2B4-6DA7-F25D37C34E9D} - C:\WINDOWS\System32\twux.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program\Norton Antivirus 2005\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [61231003.exe] C:\WINDOWS\System32\61231003.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program\Delade filer\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Kymhlhlt] C:\WINDOWS\system32\SMANTE~1\POOL32~1.EXE
O4 - HKCU\..\Run: [Stos] "C:\WINDOWS\DOBE~1\fast.exe" -vt yax
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program\MS office XP Pro Swe\Office10\OSA.EXE
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://F:\Program\MSOFFI~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\scanregw.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\Douglas\Skrivbord\ewido anti-malware\ewidoctrl.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - F:\Program\Norton Antivirus 2005\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - F:\Program\Norton Antivirus 2005\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - F:\Program\Norton Antivirus 2005\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

I'll check back frequently and will be quick with any instructions you give me.
Thank you in advance.

06-06-2006, 06:38 PM	#1 (permalink)
Dogge Registered User Join Date: Jun 2006 Posts: 3 OS: XP	"Fakevirus" gone, or is it? I were infected by something that kept popping up in my tray and saying that I had a virus. This is a screenshot that someone with the same problem has taken: http://pg.photos.yahoo.com/ph/alevar...cd.jpg&.src=ph I had just rebooted my computer and quite suddenly got this virus/malware w/e. I had something similiar before, but it kept installing a fake anti-malware program called SpyAxe. Anyway, I used loads of programs like Ewido, SmitFraudFix, AdAware and some more and now the virus is gone, atleast I think so. If I remember right I had some weird process named something like "attk" which were terminated by AdAware, or atleast that's what it said. Anyway, here is my HiJackThis-log. Logfile of HijackThis v1.99.1 Scan saved at 02:32:02, on 2006-06-07 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\WINDOWS\VM_STI.EXE C:\Program\Delade filer\Symantec Shared\ccApp.exe C:\WINDOWS\system32\SMANTE~1\POOL32~1.EXE C:\WINDOWS\DOBE~1\fast.exe C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe F:\Program\Norton Antivirus 2005\navapsvc.exe F:\Program\Norton Antivirus 2005\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Documents and Settings\Douglas\Skrivbord\ewido anti-malware\ewidoctrl.exe C:\Program\Mozilla Firefox\firefox.exe C:\HJT\HijackThis\HijackThis.exe C:\Program\Messenger\msmsgs.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar R3 - URLSearchHook: (no name) - {F8EB4BDF-DB42-F2B4-6DA7-F25D37C34E9D} - C:\WINDOWS\System32\twux.dll (file missing) R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program\Norton Antivirus 2005\NavShExt.dll O2 - BHO: (no name) - {F8EB4BDF-DB42-F2B4-6DA7-F25D37C34E9D} - C:\WINDOWS\System32\twux.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program\Norton Antivirus 2005\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [61231003.exe] C:\WINDOWS\System32\61231003.exe O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program\Delade filer\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Kymhlhlt] C:\WINDOWS\system32\SMANTE~1\POOL32~1.EXE O4 - HKCU\..\Run: [Stos] "C:\WINDOWS\DOBE~1\fast.exe" -vt yax O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = F:\Program\MS office XP Pro Swe\Office10\OSA.EXE O8 - Extra context menu item: E&xportera till Microsoft Excel - res://F:\Program\MSOFFI~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\MSMSGS.EXE O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1123 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: C:\WINDOWS\System32\scanregw.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\Douglas\Skrivbord\ewido anti-malware\ewidoctrl.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - F:\Program\Norton Antivirus 2005\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - F:\Program\Norton Antivirus 2005\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - F:\Program\Norton Antivirus 2005\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe I'll check back frequently and will be quick with any instructions you give me. Thank you in advance.