|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Introductions Say hello and have a chat about yourself |
 |
|
|
LinkBack | Thread Tools |
12-02-2007, 11:47 AM
|
#1 (permalink) |
|
Registered User
Join Date: Dec 2007
Location: Oregon, USA
Posts: 6
OS: win2k sp4
|
Hello to all, and special thanks to Angelfire777
 Hi everybody. As with others I got stuck with that wicked virus called, "VirusWebProtect," (Lord curse the jerk who wrote that, may all his daughters be fat and ugly). I found you guys by searching on Google for info about this virus. Extreme gratitude and appreciation to Angelfire777 who posted the fix I used: If you were a chick I'd kiss you. I had to jimmy a few of the directions however, like manually opening the win2k files in SDFix, but Angelfire's directions are overall correct, and only took a little tweaking on my part. Below is my report in case it helps anyone else. I'm not yet a geek, so I thank you guys for being here to help me. I'm actually a tradesman and an aspiring writer, and computers are simply a matter of course, but I've learned more in the last year than I've ever known. This fix seems to have taken care of things on my computer that go back long before this virus and done further work on previously fixed infections. I am humbled  Thanks again, God bless, here's my report: SDFix: Version 1.116 Run by Joe Parsons on Sun 12/02/2007 at 9:14a Microsoft Windows 2000 [Version 5.00.2195] Running From: C:\SDFix Safe Mode: Checking Services: Name: NETDown Path: C:\WINNT\vcd1.exe NETDown - Deleted Restoring Windows Registry Values Restoring Windows Default Hosts File Restoring Default HomePage Value Restoring Default Desktop Components Value Restoring Default HomePage Value Restoring Default Desktop Components Value Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\WINNT\SYSTEM32\AM2KTPHD.DLL - Deleted C:\WINNT\SYSTEM32\EAIQVYPA.DLL - Deleted C:\WINNT\SYSTEM32\FCYAY.DLL - Deleted C:\WINNT\SYSTEM32\GHGKDYCP.DLL - Deleted C:\WINNT\SYSTEM32\HWRLGQYT.DLL - Deleted C:\WINNT\SYSTEM32\IFBLKOLP.DLL - Deleted C:\WINNT\SYSTEM32\IHBPMAGK.DLL - Deleted C:\WINNT\SYSTEM32\JBEYGNAV.DLL - Deleted C:\WINNT\SYSTEM32\JM2VT4L5.DLL - Deleted C:\WINNT\SYSTEM32\JWWCRHOK.DLL - Deleted C:\WINNT\SYSTEM32\LJVCEFUX.DLL - Deleted C:\WINNT\SYSTEM32\LNTSHVHS.DLL - Deleted C:\WINNT\SYSTEM32\MENHEXLD.DLL - Deleted C:\WINNT\SYSTEM32\MQLIKJAB.DLL - Deleted C:\WINNT\SYSTEM32\NNNKHGH.DLL - Deleted C:\WINNT\SYSTEM32\NVQQXTPN.DLL - Deleted C:\WINNT\SYSTEM32\NVTMVWME.DLL - Deleted C:\WINNT\SYSTEM32\OOOXJMJQ.DLL - Deleted C:\WINNT\SYSTEM32\QRYOKFIU.DLL - Deleted C:\WINNT\SYSTEM32\QTIOUPJE.DLL - Deleted C:\WINNT\SYSTEM32\QYWWJOOB.DLL - Deleted C:\WINNT\SYSTEM32\RYPMUBWG.DLL - Deleted C:\WINNT\SYSTEM32\SJEXGBXP.DLL - Deleted C:\WINNT\SYSTEM32\TIQDCBYE.DLL - Deleted C:\WINNT\SYSTEM32\UKRVQYGK.DLL - Deleted C:\WINNT\SYSTEM32\UPXVUMUS.DLL - Deleted C:\WINNT\SYSTEM32\VEJCQLLK.DLL - Deleted C:\WINNT\SYSTEM32\VWLSAISA.DLL - Deleted C:\WINNT\SYSTEM32\WMJPRKPU.DLL - Deleted C:\WINNT\SYSTEM32\XCEWHHBU.DLL - Deleted C:\WINNT\SYSTEM32\YBDGAFRE.DLL - Deleted C:\SDFIX.EXE - Deleted C:\PROGRA~1\COMPLU~1\RTENEM~1.HTM - Deleted C:\PROGRA~1\COMPLU~1\QUFAX - Deleted C:\Documents and Settings\Joe Parsons\Application Data\WinTouch\wintouch.cfg - Deleted C:\Documents and Settings\Joe Parsons\Desktop\Error Cleaner.url - Deleted C:\Documents and Settings\Joe Parsons\Favorites\Error Cleaner.url - Deleted C:\Documents and Settings\Joe Parsons\Desktop\Privacy Protector.url - Deleted C:\Documents and Settings\Joe Parsons\Favorites\Privacy Protector.url - Deleted C:\Documents and Settings\Joe Parsons\Desktop\Spyware&Malware Protection.url - Deleted C:\Documents and Settings\Joe Parsons\Favorites\Spyware&Malware Protection.url - Deleted C:\Documents and Settings\Joe Parsons\Application Data\tmp1.tmp.exe - Deleted C:\Documents and Settings\Joe Parsons\Application Data\tmp11.tmp.exe - Deleted C:\Documents and Settings\Joe Parsons\Application Data\tmp1A.tmp.exe - Deleted C:\Documents and Settings\Joe Parsons\Application Data\tmp2.tmp.exe - Deleted C:\Documents and Settings\Joe Parsons\Application Data\tmp2F8.tmp.exe - Deleted C:\Documents and Settings\Joe Parsons\Application Data\tmp3.tmp.exe - Deleted C:\Documents and Settings\Joe Parsons\Application Data\tmp30.tmp.exe - Deleted C:\Documents and Settings\Joe Parsons\Application Data\tmp38.tmp.exe - Deleted C:\Documents and Settings\Joe Parsons\Application Data\tmp4.tmp.exe - Deleted C:\Documents and Settings\Joe Parsons\Application Data\tmp7.tmp.exe - Deleted C:\Documents and Settings\Joe Parsons\Application Data\tmp93.tmp.exe - Deleted C:\Documents and Settings\Joe Parsons\Application Data\tmpA.tmp.exe - Deleted C:\Documents and Settings\Joe Parsons\My Documents\tmp1.tmp.exe - Deleted C:\Temp\1cb\syscheck.log - Deleted C:\WINNT\system32\tmp2.tmp.dll - Deleted C:\WINNT\system32\tmp4.tmp.dll - Deleted C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe - Deleted C:\Documents and Settings\Joe Parsons\Application Data\Install.dat - Deleted C:\WINNT\2.tmp - Deleted C:\WINNT\gormet.dll - Deleted C:\WINNT\hdtip.dll - Deleted C:\WINNT\monhop.exe - Deleted C:\WINNT\pmkret.dll - Deleted C:\WINNT\werbetdqw.dll - Deleted Folder C:\Documents and Settings\Joe Parsons\Application Data\WinTouch - Removed Folder C:\Program Files\InetGet2 - Removed Folder C:\Program Files\WinPop - Removed Folder C:\Temp\1cb - Removed Folder C:\Temp\fse - Removed Removing Temp Files... ADS Check: C:\WINNT No streams found. C:\WINNT\system32 No streams found. C:\WINNT\system32\svchost.exe No streams found. C:\WINNT\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-02 09:59:26 Windows 5.0.2195 Service Pack 4 NTFS detected NTDLL code modification: ZwQueryDirectoryFile, ZwQuerySystemInformation scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS] "StateIndex"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\WINNT:zapoteq.bmp" scanning hidden files ... C:\WINNT\ydfpy1.upd 73693 bytes scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 1 Remaining Services: ------------------ Remaining Files: --------------- File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes: Wed 29 Aug 2007 801,398 ..SH. --- "C:\WINNT\ghjmnn.tmp" Sun 26 Jun 2005 616,448 A.SHR --- "C:\Program Files\Replay Converter\cygwin1.dll" Tue 21 Jun 2005 45,568 A.SHR --- "C:\Program Files\Replay Converter\cygz.dll" Mon 9 Dec 2002 102,437 A..HR --- "C:\Program Files\Replay Converter\drv13260.dll" Mon 9 Dec 2002 176,165 A..HR --- "C:\Program Files\Replay Converter\drv23260.dll" Mon 9 Dec 2002 208,935 A..HR --- "C:\Program Files\Replay Converter\drv33260.dll" Mon 9 Dec 2002 217,127 A..HR --- "C:\Program Files\Replay Converter\drv43260.dll" Sun 9 Jun 2002 40,448 A..HR --- "C:\Program Files\Replay Converter\dspr3260.dll" Sat 3 Nov 2001 225,280 A..HR --- "C:\Program Files\Replay Converter\ivvideo.dll" Tue 10 Apr 2001 225,280 A..HR --- "C:\Program Files\Replay Converter\qtmlClient.dll" Fri 20 Feb 2004 232,960 A..HR --- "C:\Program Files\Replay Converter\raac.dll" Sun 9 Jun 2002 525,824 A..HR --- "C:\Program Files\Replay Converter\rnco3260.dll" Mon 9 Dec 2002 245,805 A..HR --- "C:\Program Files\Replay Converter\rnlt3260.dll" Mon 9 Dec 2002 45,093 A..HR --- "C:\Program Files\Replay Converter\rv103260.dll" Mon 9 Dec 2002 98,341 A..HR --- "C:\Program Files\Replay Converter\rv203260.dll" Mon 9 Dec 2002 94,247 A..HR --- "C:\Program Files\Replay Converter\rv303260.dll" Mon 9 Dec 2002 90,151 A..HR --- "C:\Program Files\Replay Converter\rv403260.dll" Sun 9 Jun 2002 49,152 A..HR --- "C:\Program Files\Replay Converter\tokr3260.dll" Sun 9 Sep 2007 636,918 A.SH. --- "C:\WINNT\system32\alopssqr.tmp" Thu 8 Mar 2007 27,648 A.SH. --- "C:\WINNT\system32\AVSredirect.dll" Fri 24 Nov 2006 737,345 A.SH. --- "C:\WINNT\system32\bcbeg.tmp" Sat 22 Sep 2007 124 A.SH. --- "C:\WINNT\system32\cbabc.tmp" Thu 27 Sep 2007 6,456 A.SH. --- "C:\WINNT\system32\giiii.bak1" Wed 5 Sep 2007 1,902,596 A.SH. --- "C:\WINNT\system32\mnpoq.tmp" Thu 20 Sep 2007 6,448 A.SH. --- "C:\WINNT\system32\orutv.bak1" Sat 22 Sep 2007 1,976,494 A.SH. --- "C:\WINNT\system32\orutv.bak2" Sun 9 Sep 2007 2,236,538 A.SH. --- "C:\WINNT\system32\svyxx.tmp" Tue 11 Sep 2007 6,456 A.SH. --- "C:\WINNT\system32\svyxx.bak1" Sun 30 Sep 2007 124 A.SH. --- "C:\WINNT\system32\ybefe.tmp" Fri 28 Jul 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT1.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT10.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT11.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT13.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT14.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT16.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT17.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT1C.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT1E.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT2.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT21.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT22.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT25.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT27.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT28.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT2D.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT2E.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT3.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT3B.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT3E.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT4.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT5.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT6.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT7.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT7D.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT8E.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT9.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BIT99.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BITA.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BITA1.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BITB.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BITB2.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BITBC.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Documents and Settings\Joe Parsons\Local Settings\Temp\BITC5.tmp" Wed 5 Sep 2007 7,590,000 A..H. --- "C:\WINNT\SoftwareDistribution\Download\685137a267b6e229dd95bb6ae282d1c9\BIT24.tmp" Fri 28 Jul 2006 4,348 ...H. --- "C:\Documents and Settings\Joe Parsons\My Documents\My Music\License Backup\drmv1key.bak" Fri 28 Jul 2006 20 A..H. --- "C:\Documents and Settings\Joe Parsons\My Documents\My Music\License Backup\drmv1lic.bak" Fri 28 Jul 2006 312 ...H. --- "C:\Documents and Settings\Joe Parsons\My Documents\My Music\License Backup\drmv2key.bak" Fri 28 Jul 2006 1,536 A..H. --- "C:\Documents and Settings\Joe Parsons\My Documents\My Music\License Backup\drmv2lic.bak" Finished! |
|
     
|
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
12-02-2007, 11:57 AM
|
#2 (permalink) |
|
Manager, Hardware Forums
Join Date: Jul 2004
Location: west australia
Posts: 56,630
OS: win 7 32x 64x rtm
|
Re: Hello to all, and special thanks to Angelfire777
hi and welcome to the forum
this forum is for introductions only,you need to post your problem in the appropiate forum
__________________
|
|
|
|
|
12-02-2007, 12:18 PM
|
#3 (permalink) |
|
Asst Manager Hardware
Join Date: May 2005
Location: USA
Posts: 19,658
OS: XP Professional
|
Re: Hello to all, and special thanks to Angelfire777
Hello and Welcome to the forum. Nice to see you here.
__________________
---------- I don't receive email notifications of replies to subscribed threads. (Internet provider policy) Therefore, if I don't respond to your post within 24 hours, please send me a reminder PM and include the link to your thread. |
|
|
|
|
12-02-2007, 01:15 PM
|
#5 (permalink) |
|
Manager, TSF Articles
|
Re: Hello to all, and special thanks to Angelfire777
Hi Joe and welcome aboard.
As this is posted for information there is no point in moving it except that not everyone reads the introductions. You could try putting it in General Computer Security.
__________________
  If you feel that TSF has helped you please make a donationand help to keep the forum free Cenedl heb iaith, cenedl heb galon |
|
|
|
|
12-02-2007, 02:07 PM
|
#6 (permalink) |
|
Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic
|
Re: Hello to all, and special thanks to Angelfire777
Hi and welcome to the TSF family - glad to see you here.
__________________
Iain - Defender of the Haggis and all things Scottish. I don't help by PM - post in the Forums.   PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner |
|
|
|
|
12-04-2007, 10:04 PM
|
#11 (permalink) |
|
Manager Emeritus
Join Date: Feb 2006
Location: Adelaide, South Australia
Posts: 10,180
OS: Xp Sp3 with all updates + Vista™ Ultimate SP1.
|
Re: Hello to all, and special thanks to Angelfire777
 From Australia, "The Land Down Under"...Welcome to TSF!  Enjoy your stay with us. Regards,
__________________
Dave T. If it works, Don't fix it! Especially if Bill Gates had anything to do with it!!
|
|
|
|
|
| Thread Tools | |
|
|
