Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

torrentreactor virus - kaspersky, norton, avg, hijackthis, and regedit disabled

This is a discussion on torrentreactor virus - kaspersky, norton, avg, hijackthis, and regedit disabled within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. I recently got a pretty nasty virus that I'm pretty sure I got from torrentreactor, who've apparently been recently hacked.

Thread Tools Search this Thread
Old 05-25-2009, 05:03 PM   #1
Registered Member
Join Date: May 2009
Posts: 5
OS: Win XP Home SP2

I recently got a pretty nasty virus that I'm pretty sure I got from torrentreactor, who've apparently been recently hacked.

My internet has been going very slow, and I see that my LAN icon is always blue (transmitting data), so I'm sure I'm sending some private information to someone and it's probably downloading more bad things to my computer as I type. Worst of all, it seems to have disabled every virus fighting tool I know (kas, norton, avg, hijackthis, and regedit, so far I've tried and they've all failed). The only one I've managed to run so far is Malware Bytes, but it isn't able to remove the virus completely. It seems to get worse every day. I normally manage to fix any virus with some help from google, but information on this one seems to be lacking. Doesn't help that I can't get its name with Kaspersky =(. I have attached my MBAM log files. The latest full scan was done in safe mode. Any help would be appreciated.

Thanks in advance.
Attached Files
File Type: txt mbam-log-2009-05-19 (06-58-24).txt (24.2 KB, 15 views)
File Type: txt mbam-log-2009-05-25 (01-38-31).txt (15.8 KB, 15 views)
BoswerLK is offline   Reply With Quote
Sponsored Links
Old 05-25-2009, 05:05 PM   #2
Registered Member
Join Date: May 2009
Posts: 5
OS: Win XP Home SP2

Here's the full scan in safe mode.
Attached Files
File Type: txt mbam-log-2009-05-25 (05-36-46).txt (844 Bytes, 23 views)
BoswerLK is offline   Reply With Quote
Old 05-25-2009, 05:40 PM   #3
Registered Member
Join Date: May 2009
Posts: 5
OS: Win XP Home SP2

Managed to run hijackthis right after running MBAM. Attaching log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:23:45 PM, on 5/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files\Kaspersky

Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program

Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} -

C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User

'Default user')
O4 - Startup: regsvr32.lnk = C:\WINNT\system32\regsvr32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Web traffic protection statistics - {1f460357-8a94-4d71-9ca3-

aa4acf32ed8e} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program

Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program

Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [searching] Search from the Address bar
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) -

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -


O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -


O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

O16 - DPF: {E123BED4-B8C7-42BB-958F-F13CA77EF95D} (Anark Client ActiveX Control) -

O17 - HKLM\System\CCS\Services\Tcpip\..\{2515AA29-2F54-4377-99FF-81849BE5897C}: NameServer =
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA02B79B-3DF6-4EB1-8B24-FC8B51A0A739}: NameServer =
O17 - HKLM\System\CS1\Services\Tcpip\..\{2515AA29-2F54-4377-99FF-81849BE5897C}: NameServer =
O17 - HKLM\System\CS2\Services\Tcpip\..\{2515AA29-2F54-4377-99FF-81849BE5897C}: NameServer =
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1

O23 - Service: Kaspersky Anti-Virus (avp) - Kaspersky Lab - C:\Program Files\Kaspersky

Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINNT\
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Performance Logs and Alerts SysmonLogRpcLocator (SysmonLogRpcLocator) -

Unknown owner - C:\WINNT\system32\1033i.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINNT\

End of file - 5949 bytes
BoswerLK is offline   Reply With Quote
Old 05-25-2009, 07:01 PM   #4
Registered Member
Join Date: May 2009
Posts: 5
OS: Win XP Home SP2

Ran ComboFix. Regedit and hijackthis functionality restored. Kaspersky is still nonfunctional.
Attached Files
File Type: txt combolog.txt (16.7 KB, 16 views)
BoswerLK is offline   Reply With Quote
Old 05-27-2009, 04:20 PM   #5
Registered Member
Join Date: May 2009
Posts: 5
OS: Win XP Home SP2

nevermind, managed to fix everything
BoswerLK is offline   Reply With Quote

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off

Post a Question

» Site Navigation
 > FAQ

All times are GMT -7. The time now is 04:44 PM.

vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2017 DragonByte Technologies Ltd.
Copyright 2001 - 2015, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts


Partially Powered By Products Found At Lampwrights.com