PDA

View Full Version : W32.Myzor.Fk



Coelho
2006-06-13, 00:26
I'm having some trouble trying to get rid of this thing, anybody knows a sure way of deleting this worm?

Coelho
2006-06-13, 00:37
gfile of HijackThis v1.99.1
Scan saved at 21:36:01, on 12-06-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.exe
c:\programas\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Programas\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
c:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Programas\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\programas\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Programas\Messenger\msmsgs.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\Programas\Spyware Doctor\sdhelp.exe
D:\exe\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Programas\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background
O17 - HKLM\System\CCS\Services\Tcpip\..\{77E383B6-5B78-486C-A618-3D3FBE39CB50}: NameServer = 194.65.100.117
O17 - HKLM\System\CS1\Services\Tcpip\..\{77E383B6-5B78-486C-A618-3D3FBE39CB50}: NameServer = 194.65.100.117
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Programas\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programas\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programas\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programas\Webroot\Spy Sweeper\WRSSSDK.exe

Coelho
2006-06-13, 03:00
I followed very carefully the instructions on this link, http://forums.spybot.info/showthread.php?t=4015 and here are my raports, everything appears to be ok now, but just in case, can you guys take a look at it??!!

SmitFraudFix v2.59

Scan done at 22:09:09,07, 12-06-2006
Run from C:\Documents and Settings\Rui Coelho\Ambiente de trabalho\SmitfraudFix
OS: Microsoft Windows XP [VersÆo 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End





ewido anti-malware - Relatório de verificação
---------------------------------------------------------

+ Criado em: 23:12:00, 12-06-2006
+ Relatório-Checksum: 893B6B

+ Resultado da verificação:

HKLM\SOFTWARE\Classes\AppID\compcln.dll -> Adware.WinFixer : Limpo com backup
HKLM\SOFTWARE\Classes\AppID\FFWraper.DLL -> Adware.WinFixer : Limpo com backup
HKLM\SOFTWARE\Classes\AppID\FixCore.DLL -> Adware.WinFixer : Limpo com backup
HKLM\SOFTWARE\Classes\AppID\MMFixCtrl.DLL -> Adware.WinFixer : Limpo com backup
HKLM\SOFTWARE\Classes\AppID\{287A2BAD-6590-4EFF-9BBC-494385664A73} -> Adware.SysProtect : Limpo com backup
HKLM\SOFTWARE\Classes\CompCleanCore.AppCleaner -> Adware.WinFixer : Limpo com backup
HKLM\SOFTWARE\Classes\CompCleanCore.AppCleaner\CLSID -> Adware.WinFixer : Limpo com backup
HKLM\SOFTWARE\Classes\CompCleanCore.AppCleaner\CurVer -> Adware.WinFixer : Limpo com backup
HKLM\SOFTWARE\Classes\CompCleanCore.AppCleaner.1 -> Adware.WinFixer : Limpo com backup
HKLM\SOFTWARE\Classes\CompCleanCore.CCQuickScan -> Adware.WinFixer : Limpo com backup
HKLM\SOFTWARE\Classes\CompCleanCore.CCQuickScan\CLSID -> Adware.WinFixer : Limpo com backup
HKLM\SOFTWARE\Classes\CompCleanCore.CCQuickScan\CurVer -> Adware.WinFixer : Limpo com backup
HKLM\SOFTWARE\Classes\CompCleanCore.CCQuickScan.1 -> Adware.WinFixer : Limpo com backup
HKLM\SOFTWARE\Classes\CompCleanCore.FileCleaner -> Adware.WinFixer : Limpo com backup
HKLM\SOFTWARE\Classes\CompCleanCore.FileCleaner\CLSID -> Adware.WinFixer : Limpo com backup
HKLM\SOFTWARE\Classes\CompCleanCore.FileCleaner\CurVer -> Adware.WinFixer : Limpo com backup
HKLM\SOFTWARE\Classes\CompCleanCore.FileCleaner.1 -> Adware.WinFixer : Limpo com backup
HKLM\SOFTWARE\Classes\CompCleanCore.InetCleaner -> Adware.WinFixer : Limpo com backup
HKLM\SOFTWARE\Classes\CompCleanCore.InetCleaner\CLSID -> Adware.WinFixer : Limpo com backup
HKLM\SOFTWARE\Classes\CompCleanCore.InetCleaner\CurVer -> Adware.WinFixer : Limpo com backup
HKLM\SOFTWARE\Classes\CompCleanCore.InetCleaner.1 -> Adware.WinFixer : Limpo com backup
HKLM\SOFTWARE\Classes\CompCleanCore.RegCleaner -> Adware.WinFixer : Limpo com backup
HKLM\SOFTWARE\Classes\CompCleanCore.RegCleaner\CLSID -> Adware.WinFixer : Limpo com backup
HKLM\SOFTWARE\Classes\CompCleanCore.RegCleaner\CurVer -> Adware.WinFixer : Limpo com backup
HKLM\SOFTWARE\Classes\CompCleanCore.RegCleaner.1 -> Adware.WinFixer : Limpo com backup
HKLM\SOFTWARE\Classes\CompCleanCore.SystemCleaner -> Adware.WinFixer : Limpo com backup
HKLM\SOFTWARE\Classes\CompCleanCore.SystemCleaner\CLSID -> Adware.WinFixer : Limpo com backup
HKLM\SOFTWARE\Classes\CompCleanCore.SystemCleaner\CurVer -> Adware.WinFixer : Limpo com backup
HKLM\SOFTWARE\Classes\CompCleanCore.SystemCleaner.1 -> Adware.WinFixer : Limpo com backup
HKLM\SOFTWARE\Classes\df_fixer.Fixer -> Adware.WinFixer : Limpo com backup
HKLM\SOFTWARE\Classes\df_fixer.Fixer\CLSID -> Adware.WinFixer : Limpo com backup
HKLM\SOFTWARE\Classes\df_fixer.Fixer\CurVer -> Adware.WinFixer : Limpo com backup
HKLM\SOFTWARE\Classes\df_fixer.Fixer.1 -> Adware.WinFixer : Limpo com backup
HKLM\SOFTWARE\Classes\FFCom.FlFixer -> Adware.WinFixer : Limpo com backup
HKLM\SOFTWARE\Classes\FFCom.FlFixer\Clsid -> Adware.WinFixer : Limpo com backup
HKLM\SOFTWARE\Classes\FFWraper.FFEnginWraper -> Adware.WinFixer : Limpo com backup
HKLM\SOFTWARE\Classes\FFWraper.FFEnginWraper\CLSID -> Adware.WinFixer : Limpo com backup
HKLM\SOFTWARE\Classes\FFWraper.FFEnginWraper\CurVer -> Adware.WinFixer : Limpo com backup
HKLM\SOFTWARE\Classes\FFWraper.FFEnginWraper.1 -> Adware.WinFixer : Limpo com backup
HKLM\SOFTWARE\Classes\FixCore.MMFixCore -> Adware.WinFixer : Limpo com backup
HKLM\SOFTWARE\Classes\FixCore.MMFixCore\CLSID -> Adware.WinFixer : Limpo com backup
HKLM\SOFTWARE\Classes\FixCore.MMFixCore\CurVer -> Adware.WinFixer : Limpo com backup
HKLM\SOFTWARE\Classes\FixCore.MMFixCore.1 -> Adware.WinFixer : Limpo com backup
HKLM\SOFTWARE\Classes\MMFixCtrl.CoFixEngine -> Adware.WinFixer : Limpo com backup
HKLM\SOFTWARE\Classes\MMFixCtrl.CoFixEngine\CLSID -> Adware.WinFixer : Limpo com backup
HKLM\SOFTWARE\Classes\MMFixCtrl.CoFixEngine\CurVer -> Adware.WinFixer : Limpo com backup
HKLM\SOFTWARE\Classes\MMFixCtrl.CoFixEngine.1 -> Adware.WinFixer : Limpo com backup
C:\Programas\Ficheiros comuns\WinSoftware\CrXML.dll -> Adware.Winfixer : Limpo com backup
C:\Programas\Ficheiros comuns\WinSoftware\WFF.exe -> Adware.Winfixer : Limpo com backup
C:\Programas\Ficheiros comuns\WinSoftware\_WFF.exe -> Adware.Winfixer : Limpo com backup
C:\Programas\WinFixer 2005 -> Adware.WinFixer : Limpo com backup
C:\Programas\WinFixer 2005\Download -> Adware.WinFixer : Limpo com backup
C:\Programas\WinFixer 2005\Download\dkbmjprq -> Adware.WinFixer : Limpo com backup
C:\Programas\WinFixer 2005\Download\dkbmjprq\WinFixer2005Update.exe -> Adware.WinFixer : Limpo com backup
C:\WINDOWS\system32\df_kme.exe -> Adware.Winfixer : Limpo com backup
C:\WINDOWS\system32\drivers\WFF.sys -> Adware.Winfixer : Limpo com backup
C:\WINDOWS\system32\drivers\_WFF.sys -> Adware.Winfixer : Limpo com backup
C:\WINDOWS\system32\winbjv32.dll -> Trojan.Agent.vg : Limpo com backup
D:\exe\Adobe.Premiere.Elements.v2.0.MULTI.DVD-BSiSO.by.GEAR.for.www.goldesel.to\keygen.exe -> Hijacker.Small.is : Limpo com backup


::Fim do Relatório






Logfile of HijackThis v1.99.1
Scan saved at 23:51:31, on 12-06-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programas\ewido anti-malware\ewidoctrl.exe
C:\Programas\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
c:\programas\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Programas\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\PROGRA~1\mcafee.com\mps\mscifapp.exe
c:\programas\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Programas\Messenger\msmsgs.exe
C:\Programas\Hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Programas\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programas\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programas\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programas\ewido anti-malware\ewidoguard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programas\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe

CalamityJane
2006-06-17, 02:36
Looks good! How is your computer running now? Seeing any remaining problems?

tashi
2006-06-23, 17:34
This topic is closed due to lack of a response.
If you need it re-opened please send me a pm and provide a link to the thread.