Results 1 to 10 of 17

Thread: Virus in my computer even with Spybot S& D and bitdefender free

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Junior Member 1995ad's Avatar
    Join Date
    Oct 2009
    Posts
    9

    Default Virus in my computer even with Spybot S& D and bitdefender free

    I have windows Xp loaded onto my computer and also had AVG free edition to protect it from Viruses.

    Recently, my computer got infected with some trojan and virus that was very stubborn to remove by my AVG. Then, I removed AVG and installed bit defender free edition and Spybot Search and Destroy , both, to remove this nasty Virus from my computer. Bit defender did a whole system scan but was unable to remove the nasty Virus.

    Spybot also detected a win32 virus along with some backdoor Trojan and showed that it was removed but a reboot and a system scan showed the same threat again. Now my computer becomes very slow after it boots up and mozilla firefox now takes twice the time it used to take while starting up.

    Please suggest me a remedy to cure my computer from the virus.


    The log of my HijackThis is given below:


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:54:40 AM, on 10/3/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\TUProgSt.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Documents and Settings\Owner\Desktop\bitdefender_isecurity.exe
    C:\DOCUME~1\ABHILA~2\LOCALS~1\Temp\IXP000.TMP\setup.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
    O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\ABHILA~2\LOCALS~1\Temp\IXP000.TMP"
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1241594980390
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{ECD29542-29CF-49C2-9A3D-885BB6DD43B4}: NameServer = 208.67.222.222,208.67.220.220
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: xbhactnc - jzjkllk.dll (file missing)
    O23 - Service: Norton2009 Reset (.norton2009Reset) - Unknown owner - C:\Documents and Settings\All Users\Application Data\Norton\Norton2009Reset.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate1c9daaea7381a2a) (gupdate1c9daaea7381a2a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

    --
    End of file - 4861 bytes



    Please help!

  2. #2
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    3,934

    Default

    Hello 1995ad and welcome to the Forums

    At first, please read these:
    File Sharing, otherwise known as Peer To Peer. (P2P)
    We do not support the use of illegal Pirated/Warez/Cracked software.


    I can see signs of both of these on your pc.
    We can help you but we'll get rid of these in the process.

    Do you agree?
    MalWare Removal University - You too could train to help others
    UNITE & ASAP member since 2006

  3. #3
    Junior Member 1995ad's Avatar
    Join Date
    Oct 2009
    Posts
    9

    Default Yes, Sir

    Sir, I do respect your wishes and I agree to remove them from my computer in the process of disinfecting my computer. Please help. I agree that I won't do such a thing again.

  4. #4
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    3,934

    Default

    Hi again, that’s nice to hear.

    Have you fixed any HijackThis entries by yourself?
    Let’s begin the cleanings.

    You should print these instructions or save these to a text file. Follow these instructions carefully.

    At first you need to disable a few realtime protections. These may interfere with our cleaning process.
    We'll enable these when you're clean...

    Disable Spybot S&D Teatimer.
    • Run Spybot-S&D in Advanced Mode
    • If it is not already set to do this, go to the Mode menu select "Advanced Mode"
    • On the left hand side, click on Tools
    • Then click on the Resident icon in the list
    • Uncheck "Resident TeaTimer" and OK any prompts.
    • Restart your computer


    Download ATF Cleaner by Atribune to your desktop.
    Do NOT run yet.

    Make your hidden files visible:
    • Go to My Computer
    • Select the Tools menu and click Folder Options
    • Click the View tab.
    • Checkmark the "Display the contents of system folders"
    • Under the Hidden files and folders select "Show hidden files and folders"
    • Uncheck "Hide protected operating system files"
    • Click Apply and then the OK and close My Computer.


    Go to Control Panel -> Add/Remove Programs -> Uninstall the following:
    uTorrent

    Disable the bad service
    • Start
    • Run
    • Type services.msc to the field and press enter.
    • A window opens, scroll down to norton2009Reset
    • Rightclick it and choose Stop
    • Then choose Properties
    • Set Startup to Disabled
    • Click Apply and OK.


    Then, open HijackThis.
    • Open the Misc Tools section
    • Delete an NT service
    • Copy the following line to the box and press OK; .norton2009Reset
    • Answer Yes
    • Close HIjackThis


    Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.

    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O20 - Winlogon Notify: xbhactnc - jzjkllk.dll (file missing)

    Restart your computer

    Go to the My Computer and delete the following folders (if present):
    C:\Program Files\uTorrent
    C:\Documents and Settings\All Users\Application Data\Norton

    Use the Windows search
    • Start
    • Search
    • All files and folders
    • More advanced options
    Checkmark these options:
    • "Search system folders"
    • "Search hidden files and folders"
    • "Search subfolders"
    • Search for this and delete if found: jzjkllk.dll
    • Search for this and delete if found: xbhactnc


    Run ATF Cleaner
    • Under Main choose: Select All
      Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.

    Malwarebytes' Anti-Malware

    • Please download Malwarebytes' Anti-Malware and save it to a convenient location.
    • Double click on mbam-setup.exe to install it.
    • Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
      • Update Malwarebytes' Anti-Malware
        Launch Malwarebytes' Anti-Malware
    • Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
    • Select the Scanner tab. Click on Perform full scan, then click on Scan.
    • Leave the default options as it is and click on Start Scan.
    • When done, you will be prompted. Click OK, then click on Show Results.
    • Checked (ticked) all items and click on Remove Selected.
    • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.


    ================

    When you're ready, please post the following logs to here:
    - MBAM's report
    - a fresh HijackThis log
    MalWare Removal University - You too could train to help others
    UNITE & ASAP member since 2006

  5. #5
    Junior Member 1995ad's Avatar
    Join Date
    Oct 2009
    Posts
    9

    Question Can I?

    According to your instructions, I have removed utorrent and also have removed the Norton trail reset service. I have also downloaded the file which you gave me. But I have another problem.


    > I have already uninstalled Spybot S & D. Should I install it again?

    > I have uninstalled bit defender free edition but have installed the legit version of its internet security suite 2010 .

    > I have tried searching for the files : xbhactnc and jv....dll (something) with the hidden folder search option on but the result suggests that it is not to be found.

    >Since I have bit defender internet security 2010, should I install malwarebytes? Won't it cause any conflicts?

    > Another problem i am currently facing is that the internet sometimes fails to establish a connection.(especially after the installation of Bit defender). Is it due to a virus?

    Besides that, Here is the fresh log of my HijackThis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:37:46 PM, on 10/6/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\TUProgSt.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\PROGRA~1\THEKMP~1\KMPlayer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe"
    O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1241594980390
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{ECD29542-29CF-49C2-9A3D-885BB6DD43B4}: NameServer = 208.67.222.222,208.67.220.220
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate1c9daaea7381a2a) (gupdate1c9daaea7381a2a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe

    --
    End of file - 4703 bytes

    ------------------------------------------------------
    Thanks. Please help as soon as possible.

  6. #6
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    3,934

    Default

    Hi

    Spybot S&D is a great tool and I'd recommend to use it for scanning in future.
    Those files aren't on your pc anymore.
    Yes you should install and run a scan with malwarebytes. Post the log to here when ready.

    The internet connection problem and BitDefender - have you allowed legit applications like Internet Exlporer, Mozilla Firefox etc to connect the internet?

    Please make sure that you don't have the Windows Firewall running along with the BitDefender firewall. Running 2 firewalls can cause problems. Instructions for disabling Windows firewall (when BitDefender's firewall is on) -> Link
    MalWare Removal University - You too could train to help others
    UNITE & ASAP member since 2006

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •