GeekPolice Tech TutorialsLog in



descriptionPlease Help-Urgent Suffering with VIRUSES

This is my first query after joining this forum.
So,i need all your valuable advise and suggestions for virus and related severe network connectivity issues.

Issues:-Explorer hanging and crashing,CPU usage percentage showing about 90-100% always,IE nd MOZILLA also hanging very frequently.
System is also significant lagging in performance.
**The worst part is during these times-all the settings of the CORPORATE ANTIVIRUS protection,updates are disabled and SET to READ ONLY.
And also effects severly network connectivity like loosing domain and workgroup membersips,internet connections,router page not opening at all,etc

I am sorry for writing so much mainly because the issues and symptoms were not restricted to only 1 virus but of different combinations for which its been a mess.

It has been very bad experiences with viruses that after sometime-- the network & security admin people had to format and clean install 3 times in past 1 month as the OS started giving severe issues and that it would
in turn effect the network in general.This has really put me into security issues of my company's policies and also it wasted a huge amount of my work time.I am really frustrated and I really worry that what would
happen next as viruses have effected again.Its really a mess.

I use my Company's dell laptop which is loaded with Winxp pro + sp2.This is installed as an Image bundled with other customized utilities.
Antivirus:- Corporate edition of Trend Office Scan latest 8.0 and its entire suite included with Rootkit,etc

Steps I took:-I have been told that Trend Office gives real time protection and hence would never face any issues.But,unluckily i have seen that for some viruses
like PAK_GENERIC ,it gives a virus found alert but the quarantine fails.
So,next i go to the virus location and do a SHIFT+DELETE of all items reported.But this doesnot solve all problems because I still get Security alert mails for
the same virus later on which means its still left out.
Next time,i restart and everything is changed.Cant start TREND OFFICE SCAN,nor its related services,all disabled,etc.
Once even it removed my USER profile and so couldnt login to any DOMAIN.

I did a google of virus removal steps but havent been successful much.I dont install ANY OTHER ANTIVIRUS PROGRAM BECAUSE as far as I know 2 active antivirus progs
would usually conflict and also more important is we cant un-install/de-activate/remove corporately provided specified SOFTWARES as per our official policies.

Also,i fear that my IP connections has also been HIJACKED as twice i found different MAC adresses other then my PCs in the router configuration and i couldnt remove them.
Only option was to do a hard reset and set the router to default settings.(Have both wired and wireless networks at home)
The WIRELESS NETWORK is properly encypted with passwords.

(1)I have attached a word document with Images of all the recent settings on my MACHINE for ANTIVIRUS,etc
(1)I have attached the latest HIJACKTHIS log below

Still in addition,i have the full version of Spybot and it does identify certain things- but still its clear that i am infected.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:55:18 PM, on 12/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\Program \Common \Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program \SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\Program \DellTPad\Apoint.exe
C:\Program \ (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program \Microsoft Office Communicator\Communicator.exe
C:\Program \Messenger\msmsgs.exe
C:\Program \DellTPad\ApMsgFwd.exe
C:\Program \DellTPad\HidFind.exe
C:\Program \DellTPad\Apntex.exe
C:\Program \Internet Explorer\iexplore.exe
C:\Program \Internet Explorer\iexplore.exe
C:\Program \Internet Explorer\iexplore.exe
C:\Program \Internet Explorer\iexplore.exe
C:\Program \Trend Micro\OfficeScan Client\PccNTMon.exe
C:\Program \Citrix\ICA Client\pn.exe
C:\Program \Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program \Microsoft Office\OFFICE11\EXCEL.EXE
C:\Documents and Settings\mp010668.\Desktop\RootkitRevealer.exe
C:\Program \Trend Micro\OfficeScan Client\pccnt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program \Common \Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program \Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program \DellTPad\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program \ (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKCU\..\Run: [Communicator] "c:\Program \Microsoft Office Communicator\Communicator.exe" /silentRetrials /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program \Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program \Common \Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program \Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program \Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program \Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program \Microsoft Office Communicator\Communicator.exe" (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program \Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program \Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program \Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program \Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program \Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program \Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program \Messenger\msmsgs.exe
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http:officescan/console/html/ClientInstall/
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - officescan/console/html/ClientInstall/
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - http://officescan/console/html/root/
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://officescan/console/html/ClientInstall/
O16 - DPF: {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} (Loader Class v4) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
O17 - HKLM\Software\..\Telephony: DomainName =
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain =
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain =
O23 - Service: IXJZDFOH - Sysinternals - - C:\DOCUME~1\LOCALS~1\Temp\IXJZDFOH.exe
O23 - Service: Aventail VPN Client (NgVpnMgr) - Aventail Corporation - C:\WINDOWS\system32\ngvpnmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program \SigmaTel\C-Major Audio\WDM\StacSV.exe

End of file - 7533 bytes

descriptionRe: Please Help-Urgent Suffering with VIRUSES

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

descriptionRe: Please Help-Urgent Suffering with VIRUSES

Due to lack of feedback, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.

descriptionRe: Please Help-Urgent Suffering with VIRUSES

Permissions in this forum:
You cannot reply to topics in this forum