Results 1 to 3 of 3

Thread: [Help]To remove this VIRUS!! Plz (hjt Log inside)

  1. 2009-05-17, 16:15 #1
    drspirit
    drspirit is offline
    Junior Member
    Join Date
    May 2009
    Posts
    1

    Default [Help]To remove this VIRUS!! Plz (hjt Log inside)

    plz anyone help i have this virus for over 5 months now ..

    and still cant remove it ..

    the virus makes a copy of svchost.exe<<< the System one

    makes over 3 or 2 rundll32.exe process & IEXPLORER.exe even when im not using IE (internet explorer) sometimes it makes 2 or only 1

    and i just formated my whole PC even my Stuff ALL GONE!! because of this virus

    when i formated i got some stuff from my other pc so i think it got here from it ..

    or its from my network connection ..

    this is the first time i make a thread cuz of a virus ..

    i posted here cause i thought this forum looks Helpfull

    so plz HELP ME!!

    this is the HJT Log :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 05:14:46 م, on 17/05/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\USB Disk Security\USBGuard.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\AirLive WL-5480USB WLAN USB\AirLive WL-5480USB WLAN USB\WlanUtil.exe
    C:\Program Files\GIGABYTE\Gamer HUD Lite\HUD.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [memo trust dumb cast] C:\Documents and Settings\All Users\Application Data\chic web memo trust\upload log.exe
    O4 - HKLM\..\Run: [MPKrnl] rundll32 "C:\WINDOWS\MPKrnl.dll",KrnlMsgProc
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Phone Online] C:\DOCUME~1\ADMINI~1\APPLIC~1\TIMEAN~1\Fourlies.exe
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKLM\..\Policies\Explorer\Run: [MPMKrnl] rundll32 "C:\WINDOWS\MKMKrnl.dll",KMainProc
    O4 - Startup: GIGABYTE Gamer HUD Lite.lnk = C:\Program Files\GIGABYTE\Gamer HUD Lite\HUD.exe
    O4 - Global Startup: AirLive WL-5480USB WLAN USB Utility.lnk = C:\Program Files\AirLive WL-5480USB WLAN USB\AirLive WL-5480USB WLAN USB\WlanUtil.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O21 - SSODL: msnmsg - {DA191DE0-AA86-4ED0-4B87-293D48B2AE99} - C:\Program Files\Messenger\msgmr.dll
    O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 3662 bytes
  2. 2009-05-18, 18:59 #2
    peku006
    peku006 is offline
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hello and welcome to Safer Networking

    My name is peku006 and I will be helping you to remove any infection(s) that you may have.
    I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

    Please observe these rules while we work:

    • I f you don't know or understand something please don't hesitate to ask
    • Please DO NOT run any other tools or scans whilst I am helping you.
    • It is important that you reply to this thread. Do not start a new topic.
    • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    • Absence of symptoms does not mean that everything is clear.


    1 - Download and Run ComboFix

    We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    This tool is not a toy and not for everyday use.
    ComboFix SHOULD NOT be used unless requested by a forum helper

    http://www.bleepingcomputer.com/comb...o-use-combofix

    Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    If you need help to disable your protection programs see here.

    When finished, it will produce a log for you
    Please include the C:\ComboFix.txt in your next reply for further review.

    2 - Run Hijackthis
    Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

    3 - Status Check
    Please reply with

    1. the ComboFix log(C:\ComboFix.txt)
    2. a fresh HijackThis log

    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.
  3. 2009-05-24, 11:26 #3
    peku006
    peku006 is offline
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Due to inactivity, this thread will now be closed.

    Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

    If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules