Hey, first time poster. First off, i was recomended to this site by friends in a game. As the title says, i have Worm.AutoRun.HXB in my computer. Every time that i try to remove it. it just comes back up again. I downloaded the combofix.exe, used it. This is what my Vexira Antivirus says.
Virus found!
Virus information:
Name: Worm.AutoRun.HXB
Removability: killable
Found information:
Location: Memory
File: C:\WINDOWS\system32\cfeeeeec.dll
The following processes use the cfeeeeec.dll file:
winlogon.exe
And this is the Combofix info.
ComboFix 09-07-14.08 - HP_Administrator 07/16/2009 16:01.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.469 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Vexira Antivirus Professional *On-access scanning enabled* (Updated) {76CEA918-5D0F-48D5-BEC6-7BB54A3735C3}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\HP_Administrator\Application Data\02000000b23054d2625C.manifest
c:\documents and settings\HP_Administrator\Application Data\02000000b23054d2625O.manifest
c:\documents and settings\HP_Administrator\Application Data\02000000b23054d2625P.manifest
c:\documents and settings\HP_Administrator\Application Data\02000000b23054d2625S.manifest
c:\documents and settings\HP_Administrator\Local Settings\Temp\IadHide5.dll
c:\documents and settings\HP_Administrator\nah_log.dat
C:\fwdrv.sys
c:\program files\Common
c:\windows\Downloaded Program Files\ijjiPreNotify2.exe
c:\windows\GnuHashes.ini
c:\windows\Installer\118f12.msi
c:\windows\Installer\152c4dbe.msi
c:\windows\Installer\15bcc.msi
c:\windows\Installer\15bd2.msi
c:\windows\Installer\15bd8.msi
c:\windows\Installer\15bde.msi
c:\windows\Installer\17f67098.msp
c:\windows\Installer\1a30a.msi
c:\windows\Installer\1a312.msp
c:\windows\Installer\1a322.msi
c:\windows\Installer\1acb4a5.msi
c:\windows\Installer\1acb4c3.msi
c:\windows\Installer\1acb4eb.msi
c:\windows\Installer\1acb4fd.msi
c:\windows\Installer\1e4c6d3.msi
c:\windows\Installer\25f755dc.msi
c:\windows\Installer\2907a81.msp
c:\windows\Installer\31235e5.msi
c:\windows\Installer\3233a40.msp
c:\windows\Installer\445ff58.msi
c:\windows\Installer\445ff62.msi
c:\windows\Installer\536aa.msi
c:\windows\Installer\82cc85.msp
c:\windows\Installer\c650df.msi
c:\windows\Installer\e213.msp
c:\windows\Installer\e3a4071.msi
c:\windows\Installer\e428.msp
c:\windows\Readme.txt
c:\windows\system32\1.tmp
c:\windows\system32\1FD.tmp
c:\windows\system32\6F.tmp
c:\windows\System32\capesnpn32.dll
c:\windows\system32\DGHbm.vbs
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\kdpini.dll
c:\windows\system32\KiBypass.dll
c:\windows\system32\ydyDR.vbs
D:\Autorun.inf
c:\recycler\S-1-5-21-3847298872-3323431910-380601516-1008 . . . . failed to delete
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\system32\winlogon.old
Virus found!
Virus information:
Name: Worm.AutoRun.HXB
Removability: killable
Found information:
Location: Memory
File: C:\WINDOWS\system32\cfeeeeec.dll
The following processes use the cfeeeeec.dll file:
winlogon.exe
And this is the Combofix info.
ComboFix 09-07-14.08 - HP_Administrator 07/16/2009 16:01.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.469 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Vexira Antivirus Professional *On-access scanning enabled* (Updated) {76CEA918-5D0F-48D5-BEC6-7BB54A3735C3}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\HP_Administrator\Application Data\02000000b23054d2625C.manifest
c:\documents and settings\HP_Administrator\Application Data\02000000b23054d2625O.manifest
c:\documents and settings\HP_Administrator\Application Data\02000000b23054d2625P.manifest
c:\documents and settings\HP_Administrator\Application Data\02000000b23054d2625S.manifest
c:\documents and settings\HP_Administrator\Local Settings\Temp\IadHide5.dll
c:\documents and settings\HP_Administrator\nah_log.dat
C:\fwdrv.sys
c:\program files\Common
c:\windows\Downloaded Program Files\ijjiPreNotify2.exe
c:\windows\GnuHashes.ini
c:\windows\Installer\118f12.msi
c:\windows\Installer\152c4dbe.msi
c:\windows\Installer\15bcc.msi
c:\windows\Installer\15bd2.msi
c:\windows\Installer\15bd8.msi
c:\windows\Installer\15bde.msi
c:\windows\Installer\17f67098.msp
c:\windows\Installer\1a30a.msi
c:\windows\Installer\1a312.msp
c:\windows\Installer\1a322.msi
c:\windows\Installer\1acb4a5.msi
c:\windows\Installer\1acb4c3.msi
c:\windows\Installer\1acb4eb.msi
c:\windows\Installer\1acb4fd.msi
c:\windows\Installer\1e4c6d3.msi
c:\windows\Installer\25f755dc.msi
c:\windows\Installer\2907a81.msp
c:\windows\Installer\31235e5.msi
c:\windows\Installer\3233a40.msp
c:\windows\Installer\445ff58.msi
c:\windows\Installer\445ff62.msi
c:\windows\Installer\536aa.msi
c:\windows\Installer\82cc85.msp
c:\windows\Installer\c650df.msi
c:\windows\Installer\e213.msp
c:\windows\Installer\e3a4071.msi
c:\windows\Installer\e428.msp
c:\windows\Readme.txt
c:\windows\system32\1.tmp
c:\windows\system32\1FD.tmp
c:\windows\system32\6F.tmp
c:\windows\System32\capesnpn32.dll
c:\windows\system32\DGHbm.vbs
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\kdpini.dll
c:\windows\system32\KiBypass.dll
c:\windows\system32\ydyDR.vbs
D:\Autorun.inf
c:\recycler\S-1-5-21-3847298872-3323431910-380601516-1008 . . . . failed to delete
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\system32\winlogon.old