Virus's and trojans - HELP

jack213 · 05-14-2006, 08:40 AM

Hello people, this is my first time using this forum, so I hope Im in the right section. I would also really appreciate any help to clean my pc!

I hooked up my 2nd hdd for the 1st time in weeks and have forgotten my password (Ya, I know how stupid that is!).

I heard you can get password applications on the internet so I did a google search for one. I clicked on 1 of the links on the search result page. It seemed to be loading fairly oddly, so I engaged my Zone Alarm Internet Lock, which cut my connection, but not b4 some got thru to my pc.

Within seconds, exe's were trying to access the internet.
I ran AVG and it picked up some of them (placed them in virus vault) and Ad-Aware identified AlfaCleaner + others. - (Deleted these)
Every couple of minutes (as I type), a commant prompt - E:\WINNT\system32\svchost.exe is flashing up on screen.
I havn't rebooted yet for fear of running 1 of these on startup. - Please Advise.

A screensaver has appeared telling me i'v got spyware, identifying my ip address, and providing 2 links to click on to remove the spyware.

I think I need a walkthrough setting up + posting a log for HJT.
Any help greatly appreciated

**nickster_uk** · 05-14-2006, 08:45 AM

Hi...

Please read MicroBell's 5 step process for information on posting a hijack log file and steps to take before.

Hope that helps and you get the problem sorted :-)

jack213 · 05-14-2006, 09:25 AM

Thanks nickster, i'll do that + keep u posted.

jack213 · 05-15-2006, 04:22 PM

Hijack This Log after running ewido, bit defender, cw shredder + spybot which found multiple problems, will I also post the logfile from these?

Logfile of HijackThis v1.99.1
Scan saved at 4:38:27 PM, on 5/15/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\System32\RUNDLL32.EXE
E:\Program Files\broadband guardian\PCTHelp.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Netopia\Wireless USB Card\WLANSTA.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\Program Files\ewido anti-malware\ewidoctrl.exe
E:\Program Files\ewido anti-malware\ewidoguard.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\System32\devldr32.exe
E:\WINDOWS\System32\wuauclt.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCTAgent] E:\Program Files\broadband guardian\PCTHelp.exe
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Wireless USB Card Utility.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {89521361-EA5B-11D7-97CA-00E08103E149} (Parental Controls Agent Class) - http://ebgcfg.eircom.net:8080/config...n/PCTAgent.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - E:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - E:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Netopia WLAN IP Utility (Netopia_iphelp) - Unknown owner - E:\Program Files\Netopia\Wireless USB Card\iphlpsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe

Only problem left appearant is on w2k (sending this from xp partition). It boots up to the desktop, nothing else loads and the curser changes to eggtimer any time it hovers over the start button/taskbar. Would a repair with w2k disk recover this?

05-14-2006, 08:40 AM	#1 (permalink)
jack213 Registered User Join Date: May 2006 Posts: 3 OS: w2k	Virus's and trojans - HELP Hello people, this is my first time using this forum, so I hope Im in the right section. I would also really appreciate any help to clean my pc! I hooked up my 2nd hdd for the 1st time in weeks and have forgotten my password (Ya, I know how stupid that is!). I heard you can get password applications on the internet so I did a google search for one. I clicked on 1 of the links on the search result page. It seemed to be loading fairly oddly, so I engaged my Zone Alarm Internet Lock, which cut my connection, but not b4 some got thru to my pc. Within seconds, exe's were trying to access the internet. I ran AVG and it picked up some of them (placed them in virus vault) and Ad-Aware identified AlfaCleaner + others. - (Deleted these) Every couple of minutes (as I type), a commant prompt - E:\WINNT\system32\svchost.exe is flashing up on screen. I havn't rebooted yet for fear of running 1 of these on startup. - Please Advise. A screensaver has appeared telling me i'v got spyware, identifying my ip address, and providing 2 links to click on to remove the spyware. I think I need a walkthrough setting up + posting a log for HJT. Any help greatly appreciated

05-14-2006, 08:45 AM	#2 (permalink)
nickster_uk Moderator, Microsoft Support, Happy to support TSF! Join Date: Feb 2005 Location: United Kingdom Posts: 7,043 OS: XP Pro SP3, Windows 7 Ultimate, Ubuntu v8.04 My System	Hi... Please read MicroBell's 5 step process for information on posting a hijack log file and steps to take before. Hope that helps and you get the problem sorted :-) __________________ My system: ASUS P5K-E WiFi \| Intel Core 2 Duo E6600 Conroe 2.4GHz (OC 3.60GHz) \| 4GB Corsair DDR2 XMS2-6400C4 RAM (4-4-4-12) \| PowerColor ATI Radeon HD 3850 Pro Xtreme 512MB GDDR3 GPU \| Maxtor DiamondMax 22 500GB, Maxtor DiamondMax 23 500GB & 2xMaxtor DiamondMax 21 250GB SATA HDDs \| Thermaltake CL-P0114 Heatsink + 6 LED Case Fans \| Corsair HX620W Modular PSU \| Enermax Black Knight (CS-527) Case \| Pioneer DVR-216 SATA 20x20 DVD±RW In a world without walls or fences - who needs Windows and Gates?

05-14-2006, 09:25 AM	#3 (permalink)
jack213 Registered User Join Date: May 2006 Posts: 3 OS: w2k	Thanks nickster, i'll do that + keep u posted.

05-15-2006, 04:22 PM	#4 (permalink)
jack213 Registered User Join Date: May 2006 Posts: 3 OS: w2k	Hijack This Log after running ewido, bit defender, cw shredder + spybot which found multiple problems, will I also post the logfile from these? Logfile of HijackThis v1.99.1 Scan saved at 4:38:27 PM, on 5/15/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\WINDOWS\Explorer.EXE E:\WINDOWS\System32\RUNDLL32.EXE E:\Program Files\broadband guardian\PCTHelp.exe E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe E:\Program Files\Messenger\msmsgs.exe E:\Program Files\Netopia\Wireless USB Card\WLANSTA.exe E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe E:\Program Files\ewido anti-malware\ewidoctrl.exe E:\Program Files\ewido anti-malware\ewidoguard.exe E:\WINDOWS\System32\nvsvc32.exe E:\WINDOWS\System32\devldr32.exe E:\WINDOWS\System32\wuauclt.exe E:\Program Files\Internet Explorer\iexplore.exe E:\Program Files\Hijackthis\HijackThis.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PCTAgent] E:\Program Files\broadband guardian\PCTHelp.exe O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Wireless USB Card Utility.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {89521361-EA5B-11D7-97CA-00E08103E149} (Parental Controls Agent Class) - http://ebgcfg.eircom.net:8080/config...n/PCTAgent.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: ewido security suite control - ewido networks - E:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - E:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: Netopia WLAN IP Utility (Netopia_iphelp) - Unknown owner - E:\Program Files\Netopia\Wireless USB Card\iphlpsrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe Only problem left appearant is on w2k (sending this from xp partition). It boots up to the desktop, nothing else loads and the curser changes to eggtimer any time it hovers over the start button/taskbar. Would a repair with w2k disk recover this?