|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Windows 2000 Pro / NT Workstation Support Find support for Windows 2000 Pro / NT Workstation here |
 |
|
|
Thread Tools |
12-03-2007, 12:48 PM
|
#1 (permalink) |
|
Registered User
Join Date: Dec 2007
Location: Oregon, USA
Posts: 6
OS: win2k sp4
|
Hi, and thanks to Angelfire777
Sorry I first posted in the wrong place (newbe)
 Hi everybody. As with others I got stuck with that wicked virus called, "VirusWebProtect," (Lord curse the jerk who wrote that, may all his daughters be fat and ugly). I found you guys by searching on Google for info about this virus. Extreme gratitude and appreciation to Angelfire777 who posted the fix I used: If you were a chick I'd kiss you. I had to jimmy a few of the directions however, like manually opening the win2k files in SDFix, but Angelfire's directions are overall correct, and only took a little tweaking on my part. Below is my report in case it helps anyone else. I'm not yet a geek, so I thank you guys for being here to help me. I'm actually a tradesman and an aspiring writer, and computers are simply a matter of course, but I've learned more in the last year than I've ever known. This fix seems to have taken care of things on my computer that go back long before this virus and done further work on previously fixed infections. I am humbled  Thanks again, God bless, here's my report: SDFix: Version 1.116 Run by Joe Parsons on Sun 12/02/2007 at 9:14a Microsoft Windows 2000 [Version 5.00.2195] Running From: C:\SDFix Safe Mode: Checking Services: Name: NETDown Path: C:\WINNT\vcd1.exe NETDown - Deleted Restoring Windows Registry Values Restoring Windows Default Hosts File Restoring Default HomePage Value Restoring Default Desktop Components Value Restoring Default HomePage Value Restoring Default Desktop Components Value Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\WINNT\SYSTEM32\AM2KTPHD.DLL - Deleted C:\WINNT\SYSTEM32\EAIQVYPA.DLL - Deleted C:\WINNT\SYSTEM32\FCYAY.DLL - Deleted C:\WINNT\SYSTEM32\GHGKDYCP.DLL - Deleted C:\WINNT\SYSTEM32\HWRLGQYT.DLL - Deleted C:\WINNT\SYSTEM32\IFBLKOLP.DLL - Deleted C:\WINNT\SYSTEM32\IHBPMAGK.DLL - Deleted C:\WINNT\SYSTEM32\JBEYGNAV.DLL - Deleted C:\WINNT\SYSTEM32\JM2VT4L5.DLL - Deleted C:\WINNT\SYSTEM32\JWWCRHOK.DLL - Deleted C:\WINNT\SYSTEM32\LJVCEFUX.DLL - Deleted C:\WINNT\SYSTEM32\LNTSHVHS.DLL - Deleted C:\WINNT\SYSTEM32\MENHEXLD.DLL - Deleted C:\WINNT\SYSTEM32\MQLIKJAB.DLL - Deleted C:\WINNT\SYSTEM32\NNNKHGH.DLL - Deleted C:\WINNT\SYSTEM32\NVQQXTPN.DLL - Deleted C:\WINNT\SYSTEM32\NVTMVWME.DLL - Deleted C:\WINNT\SYSTEM32\OOOXJMJQ.DLL - Deleted C:\WINNT\SYSTEM32\QRYOKFIU.DLL - Deleted C:\WINNT\SYSTEM32\QTIOUPJE.DLL - Deleted C:\WINNT\SYSTEM32\QYWWJOOB.DLL - Deleted C:\WINNT\SYSTEM32\RYPMUBWG.DLL - Deleted C:\WINNT\SYSTEM32\SJEXGBXP.DLL - Deleted C:\WINNT\SYSTEM32\TIQDCBYE.DLL - Deleted C:\WINNT\SYSTEM32\UKRVQYGK.DLL - Deleted C:\WINNT\SYSTEM32\UPXVUMUS.DLL - Deleted C:\WINNT\SYSTEM32\VEJCQLLK.DLL - Deleted C:\WINNT\SYSTEM32\VWLSAISA.DLL - Deleted C:\WINNT\SYSTEM32\WMJPRKPU.DLL - Deleted C:\WINNT\SYSTEM32\XCEWHHBU.DLL - Deleted C:\WINNT\SYSTEM32\YBDGAFRE.DLL - Deleted C:\SDFIX.EXE - Deleted C:\PROGRA~1\COMPLU~1\RTENEM~1.HTM - Deleted C:\PROGRA~1\COMPLU~1\QUFAX - Deleted C:\Documents and Settings\Joe Parsons\Application Data\WinTouch\wintouch.cfg - Deleted C:\Documents and Settings\Joe Parsons\Desktop\Error Cleaner.url - Deleted C:\Documents and Settings\Joe Parsons\Favorites\Error Cleaner.url - Deleted C:\Documents and Settings\Joe Parsons\Desktop\Privacy Protector.url - Deleted C:\Documents and Settings\Joe Parsons\Favorites\Privacy Protector.url - Deleted C:\Documents and Settings\Joe Parsons\Desktop\Spyware&Malware Protection.url - Deleted C:\Documents and Settings\Joe Parsons\Favorites\Spyware&Malware Protection.url - Deleted C:\Documents and Settings\Joe Parsons\Application Data\tmp1.tmp.exe - Deleted C:\Documents and Settings\Joe Parsons\Application Data\tmp11.tmp.exe - Deleted C:\Documents and Settings\Joe Parsons\Application Data\tmp1A.tmp.exe - Deleted C:\Documents and Settings\Joe Parsons\Application Data\tmp2.tmp.exe - Deleted C:\Documents and Settings\Joe Parsons\Application Data\tmp2F8.tmp.exe - Deleted C:\Documents and Settings\Joe Parsons\Application Data\tmp3.tmp.exe - Deleted C:\Documents and Settings\Joe Parsons\Application Data\tmp30.tmp.exe - Deleted C:\Documents and Settings\Joe Parsons\Application Data\tmp38.tmp.exe - Deleted C:\Documents and Settings\Joe Parsons\Application Data\tmp4.tmp.exe - Deleted C:\Documents and Settings\Joe Parsons\Application Data\tmp7.tmp.exe - Deleted C:\Documents and Settings\Joe Parsons\Application Data\tmp93.tmp.exe - Deleted C:\Documents and Settings\Joe Parsons\Application Data\tmpA.tmp.exe - Deleted C:\Documents and Settings\Joe Parsons\My Documents\tmp1.tmp.exe - Deleted C:\Temp\1cb\syscheck.log - Deleted C:\WINNT\system32\tmp2.tmp.dll - Deleted C:\WINNT\system32\tmp4.tmp.dll - Deleted C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe - Deleted C:\Documents and Settings\Joe Parsons\Application Data\Install.dat - Deleted C:\WINNT\2.tmp - Deleted C:\WINNT\gormet.dll - Deleted C:\WINNT\hdtip.dll - Deleted C:\WINNT\monhop.exe - Deleted C:\WINNT\pmkret.dll - Deleted C:\WINNT\werbetdqw.dll - Deleted Folder C:\Documents and Settings\Joe Parsons\Application Data\WinTouch - Removed Folder C:\Program Files\InetGet2 - Removed Folder C:\Program Files\WinPop - Removed Folder C:\Temp\1cb - Removed Folder C:\Temp\fse - Removed Removing Temp Files... ADS Check: C:\WINNT No streams found. C:\WINNT\system32 No streams found. C:\WINNT\system32\svchost.exe No streams found. C:\WINNT\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-02 09:59:26 Windows 5.0.2195 Service Pack 4 NTFS detected NTDLL code modification: ZwQueryDirectoryFile, ZwQuerySystemInformation scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS] "StateIndex"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\WINNT:zapoteq.bmp" scanning hidden files ... C:\WINNT\ydfpy1.upd 73693 bytes scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 1 Remaining Services: ------------------ Remaining Files: --------------- File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes: Wed 29 Aug 2007 801,398 ..SH. --- "C:\WINNT\ghjmnn.tmp" Sun 26 Jun 2005 616,448 A.SHR --- "C:\Program Files\Replay Converter\cygwin1.dll" Tue 21 Jun 2005 45,568 A.SHR --- "C:\Program Files\Replay Converter\cygz.dll" Mon 9 Dec 2002 102,437 A..HR --- "C:\Program Files\Replay Converter\drv13260.dll" Mon 9 Dec 2002 176,165 A..HR --- "C:\Program Files\Replay Converter\drv23260.dll" Mon 9 Dec 2002 208,935 A..HR --- "C:\Program Files\Replay Converter\drv33260.dll" Mon 9 Dec 2002 217,127 A..HR --- "C:\Program Files\Replay Converter\drv43260.dll" Sun 9 Jun 2002 40,448 A..HR --- "C:\Program Files\Replay Converter\dspr3260.dll" Sat 3 Nov 2001 225,280 A..HR --- "C:\Program Files\Replay Converter\ivvideo.dll" Tue 10 Apr 2001 225,280 A..HR --- "C:\Program Files\Replay Converter\qtmlClient.dll" Fri 20 Feb 2004 232,960 A..HR --- "C:\Program Files\Replay Converter\raac.dll" Sun 9 Jun 2002 525,824 A..HR --- "C:\Program Files\Replay Converter\rnco3260.dll" Mon 9 Dec 2002 245,805 A..HR --- "C:\Program Files\Replay Converter\rnlt3260.dll" Mon 9 Dec 2002 45,093 A..HR --- "C:\Program Files\Replay Converter\rv103260.dll" Mon 9 Dec 2002 98,341 A..HR --- "C:\Program Files\Replay Converter\rv203260.dll" Mon 9 Dec 2002 94,247 A..HR --- "C:\Program Files\Replay Converter\rv303260.dll" Mon 9 Dec 2002 90,151 A..HR --- "C:\Program Files\Replay Converter\rv403260.dll" Sun 9 Jun 2002 49,152 A..HR --- "C:\Program Files\Replay Converter\tokr3260.dll" Sun 9 Sep 2007 636,918 A.SH. --- "C:\WINNT\system32\alopssqr.tmp" Thu 8 Mar 2007 27,648 A.SH. --- "C:\WINNT\system32\AVSredirect.dll" Fri 24 Nov 2006 737,345 A.SH. --- "C:\WINNT\system32\bcbeg.tmp" Sat 22 Sep 2007 124 A.SH. --- "C:\WINNT\system32\cbabc.tmp" Thu 27 Sep 2007 6,456 A.SH. --- "C:\WINNT\system32\giiii.bak1" Wed 5 Sep 2007 1,902,596 A.SH. --- "C:\WINNT\system32\mnpoq.tmp" Thu 20 Sep 2007 6,448 A.SH. --- "C:\WINNT\system32\orutv.bak1" Sat 22 Sep 2007 1,976,494 A.SH. --- "C:\WINNT\system32\orutv.bak2" Sun 9 Sep 2007 2,236,538 A.SH. --- "C:\WINNT\system32\svyxx.tmp" Tue 11 Sep 2007 6,456 A.SH. --- "C:\WINNT\system32\svyxx.bak1" Sun 30 Sep 2007 124 A.SH. --- "C:\WINNT\system32\ybefe.tmp" Fri 28 Jul 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT1.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT10.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT11.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT13.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT14.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT16.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT17.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT1C.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT1E.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT2.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT21.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT22.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT25.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT27.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT28.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT2D.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT2E.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT3.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT3B.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT3E.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT4.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT5.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT6.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT7.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT7D.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT8E.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT9.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT99.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BITA.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BITA1.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BITB.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BITB2.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BITBC.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BITC5.tmp" Wed 5 Sep 2007 7,590,000 A..H. --- "C:\WINNT\SoftwareDistribution\Download\685137a267b6e229dd95bb6ae282d1c9\BIT24.tmp" Fri 28 Jul 2006 4,348 ...H. --- "C:\Documents and Settings\Joe Parsons\My Documents\My Music\License Backup\drmv1key.bak" Fri 28 Jul 2006 20 A..H. --- "C:\Documents and Settings\Joe Parsons\My Documents\My Music\License Backup\drmv1lic.bak" Fri 28 Jul 2006 312 ...H. --- "C:\Documents and Settings\Joe Parsons\My Documents\My Music\License Backup\drmv2key.bak" Fri 28 Jul 2006 1,536 A..H. --- "C:\Documents and Settings\Joe Parsons\My Documents\My Music\License Backup\drmv2lic.bak" Finished! |
|
     
|
|
| Thread Tools | |
|
|
