P2P-Worm.Win32.VB.dw

R

Rock Princess

New member
Hay!I´m really desperate because I don´t know how to solve this problem...I´ve been using LimeWare for a while and now I have a virus on my computer...P2P-Worm.Win32.VB.dw...I am running a sistem scan with a kavdos.exe application, I think it is a some sort of a Kapersky scan...


Can you help me to delete this virus?

thanks
 
I see that noone has answered the question but I suppose it is my fault because I gave you too little informations...I have done Hijackthis scan and this is my log file:

Logfile of HijackThis v1.99.1
Scan saved at 19:10:52, on 29.4.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\windows\System32\nvsvc32.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MEDIAK~1\MagicKey.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\windows\System32\winlog.exe
C:\Program Files\outlook\outlook.exe
C:\windows\mousepad15.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\x\My Documents\s?stem\w?crtupd.exe
C:\Program Files\Hitware Popup Killer Lite\HitwarePKLite.exe
C:\windows\System32\SKS~1\winword.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MEDIAK~1\OSD.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\x\Desktop\HIJACKTHIS\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {0AB9ABC1-A7EA-4F65-8C18-C01C0D794542} - C:\Program Files\Windows NT\mefo.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Mario Forever Toolbar - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - C:\Program Files\Mario Forever Toolbar\v2.0.0.3\Mario_Forever_Toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MagicKey] C:\PROGRA~1\MEDIAK~1\MagicKey.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [newname] C:\windows\newname15.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad15.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard15.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Dme] C:\Documents and Settings\x\My Documents\s?stem\w?crtupd.exe
O4 - HKCU\..\Run: [HitwarePKLite] C:\Program Files\Hitware Popup Killer Lite\HitwarePKLite.exe
O4 - HKCU\..\Run: [Rnab] "C:\windows\System32\SKS~1\winword.exe" -vt yazr
O4 - Startup: Webshots.lnk.disabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Whistle - {220E39C3-B081-4719-AB1A-9A884DCBD05C} - C:\Program Files\WhistleSoftware\WselServices\webband.dll (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{207B6A2C-4336-4830-B070-FED1A5F974F7}: NameServer = 212.39.98.162 195.29.150.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{207B6A2C-4336-4830-B070-FED1A5F974F7}: NameServer = 212.39.98.162 195.29.150.3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Control Panel - C:\windows\system32\l00u0ad9ed0.dll (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Please help me....also, I´ve been using Spybot S&D and I can´t delete cmd but it doesn´t seems to be a big problem

Thanks one more time ;)
 
Please download Brute Force Uninstaller.
Unzip it to it’s own folder (c:\BFU)

RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra Remover. Save it in the folder you made earlier (c:\BFU).

Open My Computer and navigate to the c:\BFU folder. Start the Brute Force Uninstaller by doubleclicking BFU.exe

In the scriptline to execute field copy and paste c:\bfu\alcanshorty.bfu
Press execute and let it do it’s job.

Wait for the complete script execution box to pop up and press OK.

click "save"

IN "filename" enter log.txt

click exit to exit the BFU program.

Please copy the contents of the log.txt back here in your next reply. The log.txt will be in the C:\BFU\ folder ...
 
I did everything you said and I have saved lod.txt but there is only this in that file:

BFU v1.00.9
Windows XP (WinNT 5.01.2600 )
Script started at 20:23:19, on 29.4.2006

Script completed.

Maybe I did something wrong?:scratch:
 
I am so sorry, sometimes I am so stupid when it´s about computers :D

I have one something wrong :D

Here is it:

BFU v1.00.9
Windows XP (WinNT 5.01.2600 )
Script started at 20:28:04, on 29.4.2006

Option Unload Explorer: Yes
Failed: DllUnregister C:\windows\DH.dll|1 (file not found)
Failed: ServiceStop Network Monitor (operation failed)
Failed: ServiceStop cmdService (service not found)
Failed: ServiceDisable cmdService (service not found)
Failed: ServiceDelete cmdService (service not found)
Failed: RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (key not found)
Failed: RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (key not found)
Failed: RegDelValue HKCU\System\CurrentControlSet\Control\Lsa|p2pnetwork (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations|LowRiskFileTypes (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CU1 (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CU2 (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|services32 (key not found)
Option pause between commands: 300 ms
Option pause between commands: 50 ms
Failed: FolderDelete C:\Program Files\MsConfigs (folder not found)
Failed: FolderDelete C:\Program Files\winupdates (folder not found)
Failed: FolderDelete C:\Program Files\winupdate (folder not found)
Failed: FolderDelete C:\Program Files\winsupdater (folder not found)
Failed: FolderDelete C:\Program Files\MsUpdate (folder not found)
Failed: FolderDelete C:\Program Files\MsMovies (folder not found)
Failed: FolderDelete C:\Program Files\wmplayer (folder not found)
Failed: FileDelete C:\Program Files\Common Files\Download\mc-*-*.exe (operation failed)
Failed: FileDelete C:\DOCUME~1\x\LOCALS~1\Temp\~DF3AD6.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\x\LOCALS~1\Temp\~DF61BB.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\x\LOCALS~1\Temp\~DF68FB.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\x\LOCALS~1\Temp\~DF77AC.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\x\LOCALS~1\Temp\~DF91C0.tmp (operation failed)
Failed: FileDelete C:\DOCUME~1\x\LOCALS~1\Temp\~DFF9D3.tmp (operation failed)
Failed: FileDelete C:\windows\Temp\ZLT063c7.TMP (operation failed)
Failed: FolderDelete C:\Documents and Settings\x\Local Settings\Temporary Internet Files\Content.IE5\4X6V052B (operation failed)
Failed: FolderDelete C:\Documents and Settings\x\Local Settings\Temporary Internet Files\Content.IE5\89ATCVAT (operation failed)
Failed: FolderDelete C:\Documents and Settings\x\Local Settings\Temporary Internet Files\Content.IE5\D007LX0T (operation failed)
Failed: FolderDelete C:\Documents and Settings\x\Local Settings\Temporary Internet Files\Content.IE5\E55UVUDK (operation failed)
Failed: FolderDelete C:\Documents and Settings\x\Local Settings\Temporary Internet Files\Content.IE5\KT2F8LYR (operation failed)
Failed: FolderDelete C:\Documents and Settings\x\Local Settings\Temporary Internet Files\Content.IE5\SLYB89EZ (operation failed)
Failed: FolderDelete C:\Documents and Settings\x\Local Settings\Temporary Internet Files\Content.IE5\Y3QB2PUN (operation failed)
Failed: FolderDelete C:\Program Files\Maxifiles (folder not found)
Failed: FolderDelete C:\Program Files\DNS (folder not found)
Failed: FolderDelete C:\Program Files\EQAdvice (folder not found)
Failed: FolderDelete C:\Program Files\FCAdvice (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\FreeProd1 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\FreeProd2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\InetGet2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\VCClient (folder not found)
Failed: FolderDelete C:\Program Files\Network Monitor (folder not found)
Failed: FolderDelete C:\windows\inet20001 (folder not found)
Failed: FolderDelete C:\Program Files\Update06 (folder not found)
Failed: FolderDelete C:\Program Files\Update03 (folder not found)
Failed: FolderDelete C:\Program Files\Update04 (folder not found)
Failed: FolderDelete C:\Program Files\Update08 (folder not found)
Failed: FolderDelete C:\Program Files\W-Update (folder not found)
Failed: FolderDelete C:\Program Files\Cas (folder not found)
Failed: FolderDelete C:\Program Files\CasStub (folder not found)
Failed: FolderDelete C:\Program Files\Cas2Stub (folder not found)
Failed: FolderDelete C:\temp (folder not found)
Failed: FileMove C:\windows\win*-*.exe|C:\bintheredunthat (source file not found)
Script completed.


Also, I see there is something wrong here...there are a lot of folders which are "not found":scratch:
 
You're doing fine. You must have scanned twice with BFU which is why that last log isn't finding anything. Can you please scan with HijackThis and post a fresh log from it please?
 
Thank you for your patience:)

Here is the log:

Logfile of HijackThis v1.99.1
Scan saved at 21:23:07, on 29.4.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\windows\System32\nvsvc32.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MEDIAK~1\MagicKey.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hitware Popup Killer Lite\HitwarePKLite.exe
C:\windows\System32\SKS~1\winword.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MEDIAK~1\OSD.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\windows\explorer.exe
C:\Documents and Settings\x\Desktop\HIJACKTHIS\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {0AB9ABC1-A7EA-4F65-8C18-C01C0D794542} - C:\Program Files\Windows NT\mefo.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Mario Forever Toolbar - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - C:\Program Files\Mario Forever Toolbar\v2.0.0.3\Mario_Forever_Toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MagicKey] C:\PROGRA~1\MEDIAK~1\MagicKey.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Dme] C:\Documents and Settings\x\My Documents\s?stem\w?crtupd.exe
O4 - HKCU\..\Run: [HitwarePKLite] C:\Program Files\Hitware Popup Killer Lite\HitwarePKLite.exe
O4 - HKCU\..\Run: [Rnab] "C:\windows\System32\SKS~1\winword.exe" -vt yazr
O4 - Startup: Webshots.lnk.disabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Whistle - {220E39C3-B081-4719-AB1A-9A884DCBD05C} - C:\Program Files\WhistleSoftware\WselServices\webband.dll (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4749/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{207B6A2C-4336-4830-B070-FED1A5F974F7}: NameServer = 212.39.98.162 195.29.150.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{207B6A2C-4336-4830-B070-FED1A5F974F7}: NameServer = 212.39.98.162 195.29.150.3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Control Panel - C:\windows\system32\l00u0ad9ed0.dll (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 
In the mean time I have done a McAfee Virus Scan and this is what it said:

C:\Documents and Settings\...\QXPP~1.EXE Adware-ClickSpring
C:\ Armin_Van_Buuren-A_State_Of_Trance_245_(Fre... W32/Generic.m
C:\Documents and Settings\x\Complete\ Games.zip W32/Generic.m
C:\Documents and Settings\x\Complete\ Music.zip W32/Generic.m
C:\Documents and Settings\x\Complete\ Software.zip W32/Generic.m
C:\(PS2)Fighters megamix 5-in-1 (CVS2,MVC2,MVC2... W32/Generic.m
C:\...\100+ Raven Riley pics SULiik.zip W32/Generic.m
C:\...\100+ Tara Reid pics SULiik.zip W32/Generic.m
C:\...\1400+ Pics of Mariah Carey.zip W32/Generic.m
C:\...\20+ Jessica Alba pics SULiik.zip W32/Generic.m
C:\...\32 AMG Wallpapers SULiik.zip W32/Generic.m
C:\...\3D Stereograms - 3rd Release.zip W32/Generic.m
C:\...\50 Carmen Electra pics SULiik.zip W32/Generic.m
C:\...\56 Ford GT40 Wallpapers SULiik.zip W32/Generic.m
C:\...\60+ Elisha Cuthbert pics SULiik.zip W32/Generic.m
C:\...\70+ Jennifer Lopez pics SULiik.zip W32/Generic.m
C:\...\About CNET Networks.zip W32/Generic.m
C:\Acronis True Image Workstation v9 1 3567 Inc... W32/Generic.m
C:\...\Advanced search.zip W32/Generic.m
C:\Air America Radio - The Laura Flanders Show ... W32/Generic.m
C:\Air America Radio - The Laura Flanders Show ... W32/Generic.m
C:\Documents and Settings\...\All RSS feeds.zip W32/Generic.m
C:\Documents and Settings\...\All Software.zip W32/Generic.m
C:\American Dad S02E13 PDTV XviD-LOL [eztv].zip... W32/Generic.m
C:\Anime Shaman King Full Episodes Complete.zip... W32/Generic.m

Also, I am sorry if I have some English mistakes, I am not from English speaking area :)
 
The clickspring looks right (I've got that on my list to have you do next). But I'm not sure about the others McAfee found.

Hold on while I'm still writing up the next steps to take.

You had a LOT of different malwares on there.
 
Make a copy of these instructions

Close all browser and any open windows.

Open HijackThis and do a *Scan Only*. When it finishes, checkmark all of these entries, and then press the *fix checked* button

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: (no name) - {0AB9ABC1-A7EA-4F65-8C18-C01C0D794542} - C:\Program Files\Windows NT\mefo.dll

O4 - HKCU\..\Run: [Dme] C:\Documents and Settings\x\My Documents\s?stem\w?crtupd.exe

O4 - HKCU\..\Run: [Rnab] "C:\windows\System32\SKS~1\winword.exe" -vt yazr

O20 - Winlogon Notify: Control Panel - C:\windows\system32\l00u0ad9ed0.dll (file missing)

If this is not your ISP, then checkmark these to fix these also
O17 - HKLM\System\CCS\Services\Tcpip\..\{207B6A2C-4336-4830-B070-FED1A5F974F7}: NameServer = 212.39.98.162 195.29.150.3

O17 - HKLM\System\CS1\Services\Tcpip\..\{207B6A2C-4336-4830-B070-FED1A5F974F7}: NameServer = 212.39.98.162 195.29.150.3
...................................
Get this tool from Trend-Micro
Damage Cleanup Engine / Template

NOTE: You must download the tool AND the updates (pattern file) - so follow these instructions carefuly.

http://www.trendmicro.com/download/dcs.asp
Get the Sysclean Package for non-Trend customers.

Grab a copy of the instructions here:
please download the following files
http://www.trendmicro.com/ftp/products/tsc/readme.txt

NOTE:
For instructions on how to use this package, consult the "How to Use" section of the readme file, readme_sysclean.txt. This file also contains the description and the different features of this package.

Note that for the Trend Micro Sysclean Package to be effective, you must download and place the latest pattern file in the same folder as the Trend Micro Sysclean Package.


DCT CONTROL RELEASE
Download Latest DCT Control Release
http://www.trendmicro.com/download/pattern-dcs-disclaimer.asp

The Damage Cleanup Template (DCT) Control Release is a pre-release version of Damage Cleanup Template (DCT) and is updated by TrendLabs almost as often as new samples come in. Since it is designed to clean registries and system files from 'in-the-wild' malware infections, DCT Control release receives only preliminary testing. DCT Control Release also must be deployed manually to your product.

Click the link above for additional information and deployment instructions. Users are advised to read the succeeding disclaimer carefully before downloading the current DCT Control Release.

I. Description

This self-extracting archive is a stand-alone fix package that
incorporates the Damage Cleanup Engine and Template. It replaces the
traditional fix tool by addressing a wide variety of system infections
rather than a specific malware infection.


This tool supports the following features:

o Terminate all malware instances in memory
o Remove malware registry entries
o Remove malware entries from system files
o Scan for and delete all malware copies in all local hard drives



II. File List

o sysclean.com - the main executable module
o readme.txt - this file
o lpt$vpn.XXX - downloadable component (see Requirements)



III. Requirements

1. Download the latest pattern file lpt$vpn.XXX in ZIP format as
lptXXX.ZIP from the following location:

<http://www.trendmicro.com/download/pattern.asp>

This file must be saved in the same folder where you run
this fix package.

2. This tool is designed to run under Windows 9x/ME/NT/2000/XP.

For users running Windows NT 4.0, you need to copy the file, PSAPI.DLL,
to the Windows system directory, which is usually C:\WINNT\system32.
You can find the file in the Windows NT 4.0 Setup CD at the
following locations:

\Support\Debug\i386\PSAPI.DLL



IV. Parameters

/NOGUI No GUI (runs the tool in console mode)
/SILENT Run in silent mode (no output display)
<folder> The folder where the tool begins scanning. If
unspecified, this tool scans all local hard drives
/Y Automatically answers yes to all prompts
/? Displays help information



V. How to Use

1. Create a temporary folder and copy SYSCLEAN.COM into this folder.

NOTE: This temporary folder should be created on a local or mapped drive.

2. Download latest pattern file. Extract the downloaded ZIP pattern
file into the created folder.

3. Close all applications running on your system, including any
antivirus software.

4. Run the executable file, SYSCLEAN.COM, by either:

a. Double-clicking the tool in Windows Explorer.
b. Executing it via command prompt using syntax based on the
aforementioned parameters.

4. Enable any antivirus software that is installed on your system and
perform a manual scan.

NOTE: This fix tool generates the log file, SYSCLEAN.LOG, in its
current folder.


Next, post the SYSCLEAN.LOG results back here please.
 
I have done everithing you have told me and I have followed each step and I´ve got the SYSCLEAN log file but it is too long to copy it here...is there any other way to post that log here?can I post files on this forum?

I will describe what happened...SYSCLEAN scaned the system and it found a virus WORM GAOBOT.DF and it also cleaned it...

I hope this will help you to help me...

I will come here tomorrow to see what are we going to do next ;)

Thank you one more time for helping me and for patience :)
 
EDIT:When you saw a log file from a McAfee virus scan you saw ClickSpring and it looked right, but you weren´t sure about the rest?

Well, now I realised that all the rest was from the folder C:\Documents and Settings\x\Complete\ and SYSCLEAN cleaned viruses from THAT folder...and also I think that LimeWare was saving downloaded informations there :scratch:...I think thaht I have downloaded a viruses from LimeWare....

Maybe that will help you...don´t forget the virus in the title of this theme...I don´t is it deleted....

Thanks
 
You're welcome. We have lots of patience around here :)

Please compress (i.e. put into a zip file) the Sysclean.log and attach to your next reply. In Windows XP right-click the file and select "send to compressed (zipped) folder".

When you press the *Reply* Button scoll down a bit under *Additional Options*

The second section is called "Attach Files" - press the *Manage Attachments* button. Browse to the sysclean.zip file and attach it to your reply. I can then download and review it.

Next, please scan once more with HijackThis and post a fresh HijackThis log too :)
 
Here is the hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 13:49:01, on 30.4.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MEDIAK~1\MagicKey.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hitware Popup Killer Lite\HitwarePKLite.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MEDIAK~1\OSD.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\windows\System32\nvsvc32.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\windows\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\x\Desktop\HIJACKTHIS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Mario Forever Toolbar - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - C:\Program Files\Mario Forever Toolbar\v2.0.0.3\Mario_Forever_Toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MagicKey] C:\PROGRA~1\MEDIAK~1\MagicKey.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [HitwarePKLite] C:\Program Files\Hitware Popup Killer Lite\HitwarePKLite.exe
O4 - Startup: Webshots.lnk.disabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Whistle - {220E39C3-B081-4719-AB1A-9A884DCBD05C} - C:\Program Files\WhistleSoftware\WselServices\webband.dll (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4749/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{207B6A2C-4336-4830-B070-FED1A5F974F7}: NameServer = 212.39.98.162 195.29.150.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{207B6A2C-4336-4830-B070-FED1A5F974F7}: NameServer = 212.39.98.162 195.29.150.3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Also, my zipped SYSCLEAN file is about 45 kb big, and the forum limit is about 39 kb....
 
I have splited log file on two files, and then those "halves" compressed and here their are :):

First half and the second half of a SYSCLEAN log file:
 
You must log in or register to reply here.
Back
Top