PDA

View Full Version : I need some assistance with cleaning up after a worm...



Ralathor
2006-12-03, 19:09
Yesterday i got infected with a worm...
You know, the type that send a message
with "check*link to worm*" to all your MSN
contacts... I got it from a friend of mine,
who got it from a friend, who got it....
You get the picture ;)

I didn't think it too much through
and clicked the link...

I got rid of the worm by un-installing
MSN, deleting the folder, then installing
again... But i don't think my PCs clean
yet... I have downloaded a lot of anti-malwares,
but i wondered if you could give me a hand?

Here's my HJT-log:

Logfile of HijackThis v1.99.1
Scan saved at 18:06:41, on 03.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
C:\Programfiler\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe
C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Programfiler\PowerISO\SCDEmuApp.exe
C:\Programfiler\Fellesfiler\Logitech\LComMgr\Communications_Helper.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Logitech\QuickCam10\QuickCam10.exe
C:\Programfiler\Fellesfiler\Logitech\LComMgr\LVComSX.exe
C:\Programfiler\DAEMON Tools\daemon.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programfiler\Windows Defender\MSASCui.exe
C:\Programfiler\Fellesfiler\{CCDEFBAF-0B6E-1044-1111-05030806002f}\Update.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
C:\Programfiler\MSN Messenger\MsnMsgr.Exe
C:\Programfiler\OpenOffice.org 2.0\program\soffice.exe
C:\Programfiler\OpenOffice.org 2.0\program\soffice.BIN
C:\Programfiler\Logitech\QuickCam10\COCIManager.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Berntsen\Skrivebord\Programmer\Security\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {7D2BE249-7EA0-7F23-F29F-74D58870B896} - C:\WINDOWS\system32\atvxutf.dll (file missing)
O4 - HKLM\..\Run: [Snarvei til egenskapsside for High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [SCDEmuApp.exe] C:\Programfiler\PowerISO\SCDEmuApp.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programfiler\Fellesfiler\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programfiler\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Programfiler\Fellesfiler\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [updateMgr] "C:\Programfiler\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programfiler\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: @c:\Programfiler\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @c:\Programfiler\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installdrivecleanerstart_no.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EagleEyeOS One Service - EagleEyeOS Nemzetkozi Kereskedelmi es Szolgaltato Kft. - C:\Programfiler\EagleEyeOS\One\Binary\EEOSOne.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programfiler\Fellesfiler\Ulead Systems\DVD\ULCDRSvr.exe



Please help me get rid of the disease that is
threatning my computer...

Ralathor

Ralathor
2006-12-05, 18:48
I have still not gotten rid of
all the malware...

Cannot anybody help me?
Please?

I am starting to get worried...

LonnyRJones
2006-12-11, 12:58
Welcome Ralathor

If your not recieving help elsewhere ? continue here
Post a combofix log
1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
If the log is large You might need to post half in one reply half in another.

tashi
2006-12-18, 20:54
This topic has been closed to prevent others with similar issues posting in it.

If you have not resolved the problem, please send me a private message (pm) to re-open the thread and provide a link to this thread. :)