GeekPolice
Would you like to react to this message? Create an account in a few clicks or log in to continue.

GeekPoliceLog in

 


Virus on Windows 7

2 posters

descriptionVirus on Windows 7 EmptyVirus on Windows 723rd July 2009, 12:31 am

more_horiz
Hey, today i was trying to crack bullguard and got a virus Goofy anyone I'm running Windows 7 beta 7100

log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:29:56 PM, on 22/07/2009
Platform: Unknown Windows (WinNT 6.01.3004)
MSIE: Internet Explorer v8.00 (8.00.7100.0000)
Boot mode: Normal

Running processes:
F:\Windows\system32\Dwm.exe
F:\Windows\system32\taskhost.exe
F:\Windows\Explorer.EXE
F:\Program Files\Java\jre6\bin\jusched.exe
F:\Program Files\Windows Sidebar\sidebar.exe
F:\Windows\system32\wuauclt.exe
F:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
C:\Program Files\Steam\Steam.exe
F:\Program Files\BullGuard Ltd\BullGuard\BGScan.exe
F:\Windows\system32\DeviceDisplayObjectProvider.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Internet Explorer\IELowutil.exe
F:\Windows\system32\SearchFilterHost.exe
F:\Windows\explorer.exe
F:\Users\Taylor\Downloads\winlogon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BullGuard] "F:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot
O4 - HKCU\..\Run: [BullGuard] "F:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: [Sidebar] F:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] F:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] F:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O10 - Unknown file in Winsock LSP: f:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: f:\windows\system32\bglsp.dll
O13 - Gopher Prefix:
O23 - Service: AMD External Events Utility - AMD - F:\Windows\system32\atiesrxx.exe
O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - F:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: Steam Client Service - Valve Corporation - F:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 4509 bytes

descriptionVirus on Windows 7 EmptyRe: Virus on Windows 724th July 2009, 7:31 am

more_horiz
bump

descriptionVirus on Windows 7 EmptyRe: Virus on Windows 725th July 2009, 8:02 am

more_horiz
bump

descriptionVirus on Windows 7 EmptyRe: Virus on Windows 725th July 2009, 7:07 pm

more_horiz
Sorry for the delay. Your topic probably got pushed back because there isn't much we can do here.
Your log shows the problem, but not many use Windows 7 right now and our tools aren't designed for Windows 7 yet.

Further more, you should know using illegal software like cracks will get you infected, since you posted here once before.

The worst part is, that the malware is using your LSP chain as somewhere to hide. If I was to kick the file out of your machine, it would likely break your LSP chain and you'll lose internet access.

What build of Windows 7 is this? you may need to start over again if our tools won't run.

descriptionVirus on Windows 7 EmptyRe: Virus on Windows 7

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum