GeekPolice
Would you like to react to this message? Create an account in a few clicks or log in to continue.

GeekPoliceLog in

 


security tool virus

3 posters

descriptionsecurity tool virus Emptysecurity tool virus23rd December 2009, 5:38 am

more_horiz
I got the security tool virus. Finally after multiple tries i got malware to download and I ran it actually twice. And it seems to have gone away. But I did read that with some people it has came back and there were suggestions to use HiJACK THIS. So I ran it and this was the results can someone please let me know what I need to do now. I have no idea what all that means


Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 9:35:44 AM, on 12/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/mail?.src=ym&.intl=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 78.159.110.51 www.google.de
O1 - Hosts: 78.159.110.51 www.google.fr
O1 - Hosts: 78.159.110.51 www.google.com.br
O1 - Hosts: 78.159.110.51 www.google.it
O1 - Hosts: 78.159.110.51 www.google.es
O1 - Hosts: 78.159.110.51 www.google.co.jp
O1 - Hosts: 78.159.110.51 www.google.com.mx
O1 - Hosts: 78.159.110.51 www.google.ca
O1 - Hosts: 78.159.110.51 www.google.com.au
O1 - Hosts: 78.159.110.51 www.google.nl
O1 - Hosts: 78.159.110.51 www.google.co.za
O1 - Hosts: 78.159.110.51 www.google.be
O1 - Hosts: 78.159.110.51 www.google.gr
O1 - Hosts: 78.159.110.51 www.google.at
O1 - Hosts: 78.159.110.51 www.google.se
O1 - Hosts: 78.159.110.51 www.google.ch
O1 - Hosts: 78.159.110.51 www.google.pt
O1 - Hosts: 78.159.110.51 www.google.dk
O1 - Hosts: 78.159.110.51 www.google.fi
O1 - Hosts: 78.159.110.51 www.google.ie
O1 - Hosts: 78.159.110.51 www.google.no
O1 - Hosts: 78.159.110.51 search.yahoo.com
O1 - Hosts: 78.159.110.51 us.search.yahoo.com
O1 - Hosts: 78.159.110.51 uk.search.yahoo.com
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Wishpot Button - {9E40F4A8-6896-4b67-91F5-F6F287ECB5D9} - C:\Program Files\Wishpot\ietb.dll
O3 - Toolbar: Wishpot Button - {7DAAFFD0-5A88-447d-96C6-E6CA06AF0758} - C:\Program Files\Wishpot\ietb.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: DW WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6002 bytes

descriptionsecurity tool virus EmptyRe: security tool virus23rd December 2009, 5:56 am

more_horiz
Please download ComboFix security tool virus Combofix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

security tool virus Query_RC
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
security tool virus RC_successful

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

descriptionsecurity tool virus EmptyRe: security tool virus23rd December 2009, 6:40 am

more_horiz
I tried to follow the steps and rename the program. I got a pop up that said these sights where not affilitaed with bleeping computer. So I am downloading it and will try to install it again

descriptionsecurity tool virus EmptyRe: security tool virus23rd December 2009, 6:54 am

more_horiz
I tried again and this is the message I get

Disclaimer of warranty on software

the following websites are not in any way affiliated with combofix:

http://www.combofix.org/
http://combofixdownload.com/

If you have purchased anything from them, I suggest you instruct your financiers to cancel the transaction.

Aguide on proper Combofix usage may be found at
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Combofix is meant for private use. It should nebver be used in an unsupervised enviroment. If infections are found,it will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.

This software is provided 'as is' without warranty of any kind. All implied warranties are expressly disclaimed. If you do not agree to the above tems Exit




Do I need to exit or continue with this

descriptionsecurity tool virus EmptyRe: security tool virus23rd December 2009, 9:29 am

more_horiz
You can safely continue.

descriptionsecurity tool virus EmptyRe: security tool virus24th December 2009, 12:27 am

more_horiz
Moderated Message: Hello, your comment has been removed. Please do not post in another member's topic. If you need help, please read this over and click here to open a new topic. ~DragonMaster Jay

descriptionsecurity tool virus EmptyRe: security tool virus

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum