Tech Support Forum banner
Status
Not open for further replies.
1 - 5 of 5 Posts

·
Registered
Joined
·
5 Posts
Discussion Starter · #1 ·
I recently got a pretty nasty virus that I'm pretty sure I got from torrentreactor, who've apparently been recently hacked.

My internet has been going very slow, and I see that my LAN icon is always blue (transmitting data), so I'm sure I'm sending some private information to someone and it's probably downloading more bad things to my computer as I type. Worst of all, it seems to have disabled every virus fighting tool I know (kas, norton, avg, hijackthis, and regedit, so far I've tried and they've all failed). The only one I've managed to run so far is Malware Bytes, but it isn't able to remove the virus completely. It seems to get worse every day. I normally manage to fix any virus with some help from google, but information on this one seems to be lacking. Doesn't help that I can't get its name with Kaspersky =(. I have attached my MBAM log files. The latest full scan was done in safe mode. Any help would be appreciated.

Thanks in advance.
 

Attachments

·
Registered
Joined
·
5 Posts
Discussion Starter · #3 ·
Managed to run hijackthis right after running MBAM. Attaching log.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:23:45 PM, on 5/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\WINNT\regedit.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files\Kaspersky

Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program

Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} -

C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft

Money\System\mnyviewer.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User

'Default user')
O4 - Startup: regsvr32.lnk = C:\WINNT\system32\regsvr32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1

\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Web traffic protection statistics - {1f460357-8a94-4d71-9ca3-

aa4acf32ed8e} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program

Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program

Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program

Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [searching] Search from the Address bar
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) -

http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?

1206779846546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?

1206779780921
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -

http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E123BED4-B8C7-42BB-958F-F13CA77EF95D} (Anark Client ActiveX Control) -

http://install.anark.com/client/version2/windows-ie/en/AMClient.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2515AA29-2F54-4377-99FF-81849BE5897C}: NameServer =

192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA02B79B-3DF6-4EB1-8B24-FC8B51A0A739}: NameServer =

194.54.90.226
O17 - HKLM\System\CS1\Services\Tcpip\..\{2515AA29-2F54-4377-99FF-81849BE5897C}: NameServer =

192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{2515AA29-2F54-4377-99FF-81849BE5897C}: NameServer =

192.168.1.1
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1

\mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (avp) - Kaspersky Lab - C:\Program Files\Kaspersky

Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINNT\
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Performance Logs and Alerts SysmonLogRpcLocator (SysmonLogRpcLocator) -

Unknown owner - C:\WINNT\system32\1033i.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINNT\

--
End of file - 5949 bytes
 
1 - 5 of 5 Posts
Status
Not open for further replies.
Top