Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

Nasty Virus that stops me from running antivirus software (including hijackthis)

This is a discussion on Nasty Virus that stops me from running antivirus software (including hijackthis) within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. hi, to begin with i have followed the five steps suggested before posting. The symptoms are: 1) In normal mode


 
 
Thread Tools Search this Thread
Old 09-12-2006, 11:00 AM   #1
Registered Member
 
Join Date: Sep 2006
Posts: 2
OS: Win2000



hi,

to begin with i have followed the five steps suggested before posting.

The symptoms are:
1) In normal mode when try to run anti-virus software (hijackthis, adaware etc) it immediately closes. I can run in safe-mode only.
2) In normal mode when i visit any antivirus website (this one included) my browser (firefox 1.5) is closed automatically, otherwise i can use it.
3) In safe mode some of the NT windows services will not run (critically the ones required by windows update)

The steps I have taken so far:

1) Ran adaware with vx2 plugin in safe mode and removed adaware. Now performs clean scan.
2) Ran trendmicro homevisit from safemode, it came up clean.
3) Ran hijackthis in safe mode and got the following log:
4) tried to run windows update but as mentioned can't start the required ntservices in safe mode.

Please help!!! As suggested I will await your advice before taking any further steps.

Any help will be greatly appreciated.

Raymondo



################################################
################################################

Logfile of HijackThis v1.99.1
Scan saved at 13:01:38, on 12/09/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\wrappers.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\mmc.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT Internet
F2 - REG:system.ini: Shell=Explorer.exe wrappers.exe
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,wrappers.exe
O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\Program Files\DAP\DAPIEBar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TDspOff] Tdspoff.exe B
O4 - HKLM\..\Run: [YAMAHA DS-XG Launcher] C:\WINNT\dslaunch.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [S3TRAY] S3tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealJukeboxSystray] "C:\Program Files\Real\RealJukebox\tsystray.exe"
O4 - HKLM\..\RunServices: [MS Java Service Wrapper for Windows NT & XP] wrapper.exe
O4 - HKLM\..\RunServices: [MS Java Service Wrappers for Windows NT & XP] wrappers.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [My-disgo] C:\Documents and Settings\Administrator\Application Data\My-disgo\MyKey_Disgo.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunServices: [MS Java Service Wrapper for Windows NT & XP] wrapper.exe
O4 - HKCU\..\RunServices: [MS Java Service Wrappers for Windows NT & XP] wrappers.exe
O4 - Startup: 22M WLAN Adapter Utility.lnk = C:\Program Files\22M WLAN\WLANMON.exe
O4 - Global Startup: TSBxLogon.lnk = C:\WINNT\system32\TMESBS2.exe
O4 - Global Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\Realdownload.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.finspreads.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1139990808239
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Microsoft Logon Service - Unknown owner - C:\WINNT\system32\dllcache\mslogon.exe
O23 - Service: tmesbs2 (Tmesbs) - Toshiba Corporation - C:\WINNT\System32\Tmesbs2.exe
O23 - Service: Tmesrv - Unknown owner - C:\Program Files\TOSHIBA\TME\Tmesrv.exe" /Service (file missing)

################################################
###############################################

__________________
raymondo is offline  
Old 09-12-2006, 07:27 PM   #2
TSF Enthusiast
 
fredmh's Avatar
 
Join Date: May 2006
Location: Phila,Pa
Posts: 2,335
OS: XP


Hello raymondo, and welcome to TSF.


I am currently reviewing your log. Please note that this is under the supervision of an expert analyst,
and I will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.

Please be patient with me during this time.

__________________
fredmh is offline  
Old 09-13-2006, 04:11 AM   #3
TSF Enthusiast
 
fredmh's Avatar
 
Join Date: May 2006
Location: Phila,Pa
Posts: 2,335
OS: XP


raymondo:

Please re-name HijackThis.exe to HJ-This.exe and post a new log from the normal mode.
__________________
fredmh is offline  
Old 09-20-2006, 03:53 AM   #4
Registered Member
 
Join Date: Sep 2006
Posts: 2
OS: Win2000


Hi fred,

thanks for your response. I managed to clean away the viruses myself. I has been a week now and all is working well. After cleaning up, I have ran windows update and ran the updates suggested by trend micro. If anything resurfaces or new comes up I will post again on this forum. thanks. Raymondo
__________________
raymondo is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 09:03 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts