Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Virus in my computer even with Spybot S& D and bitdefender free

  1. #1
    Junior Member 1995ad's Avatar
    Join Date
    Oct 2009
    Posts
    9

    Default Virus in my computer even with Spybot S& D and bitdefender free

    I have windows Xp loaded onto my computer and also had AVG free edition to protect it from Viruses.

    Recently, my computer got infected with some trojan and virus that was very stubborn to remove by my AVG. Then, I removed AVG and installed bit defender free edition and Spybot Search and Destroy , both, to remove this nasty Virus from my computer. Bit defender did a whole system scan but was unable to remove the nasty Virus.

    Spybot also detected a win32 virus along with some backdoor Trojan and showed that it was removed but a reboot and a system scan showed the same threat again. Now my computer becomes very slow after it boots up and mozilla firefox now takes twice the time it used to take while starting up.

    Please suggest me a remedy to cure my computer from the virus.


    The log of my HijackThis is given below:


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:54:40 AM, on 10/3/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\TUProgSt.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Documents and Settings\Owner\Desktop\bitdefender_isecurity.exe
    C:\DOCUME~1\ABHILA~2\LOCALS~1\Temp\IXP000.TMP\setup.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
    O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\ABHILA~2\LOCALS~1\Temp\IXP000.TMP"
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1241594980390
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{ECD29542-29CF-49C2-9A3D-885BB6DD43B4}: NameServer = 208.67.222.222,208.67.220.220
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: xbhactnc - jzjkllk.dll (file missing)
    O23 - Service: Norton2009 Reset (.norton2009Reset) - Unknown owner - C:\Documents and Settings\All Users\Application Data\Norton\Norton2009Reset.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate1c9daaea7381a2a) (gupdate1c9daaea7381a2a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

    --
    End of file - 4861 bytes



    Please help!

  2. #2
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    3,934

    Default

    Hello 1995ad and welcome to the Forums

    At first, please read these:
    File Sharing, otherwise known as Peer To Peer. (P2P)
    We do not support the use of illegal Pirated/Warez/Cracked software.


    I can see signs of both of these on your pc.
    We can help you but we'll get rid of these in the process.

    Do you agree?
    MalWare Removal University - You too could train to help others
    UNITE & ASAP member since 2006

  3. #3
    Junior Member 1995ad's Avatar
    Join Date
    Oct 2009
    Posts
    9

    Default Yes, Sir

    Sir, I do respect your wishes and I agree to remove them from my computer in the process of disinfecting my computer. Please help. I agree that I won't do such a thing again.

  4. #4
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    3,934

    Default

    Hi again, thatís nice to hear.

    Have you fixed any HijackThis entries by yourself?
    Letís begin the cleanings.

    You should print these instructions or save these to a text file. Follow these instructions carefully.

    At first you need to disable a few realtime protections. These may interfere with our cleaning process.
    We'll enable these when you're clean...

    Disable Spybot S&D Teatimer.
    • Run Spybot-S&D in Advanced Mode
    • If it is not already set to do this, go to the Mode menu select "Advanced Mode"
    • On the left hand side, click on Tools
    • Then click on the Resident icon in the list
    • Uncheck "Resident TeaTimer" and OK any prompts.
    • Restart your computer


    Download ATF Cleaner by Atribune to your desktop.
    Do NOT run yet.

    Make your hidden files visible:
    • Go to My Computer
    • Select the Tools menu and click Folder Options
    • Click the View tab.
    • Checkmark the "Display the contents of system folders"
    • Under the Hidden files and folders select "Show hidden files and folders"
    • Uncheck "Hide protected operating system files"
    • Click Apply and then the OK and close My Computer.


    Go to Control Panel -> Add/Remove Programs -> Uninstall the following:
    uTorrent

    Disable the bad service
    • Start
    • Run
    • Type services.msc to the field and press enter.
    • A window opens, scroll down to norton2009Reset
    • Rightclick it and choose Stop
    • Then choose Properties
    • Set Startup to Disabled
    • Click Apply and OK.


    Then, open HijackThis.
    • Open the Misc Tools section
    • Delete an NT service
    • Copy the following line to the box and press OK; .norton2009Reset
    • Answer Yes
    • Close HIjackThis


    Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.

    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O20 - Winlogon Notify: xbhactnc - jzjkllk.dll (file missing)

    Restart your computer

    Go to the My Computer and delete the following folders (if present):
    C:\Program Files\uTorrent
    C:\Documents and Settings\All Users\Application Data\Norton

    Use the Windows search
    • Start
    • Search
    • All files and folders
    • More advanced options
    Checkmark these options:
    • "Search system folders"
    • "Search hidden files and folders"
    • "Search subfolders"
    • Search for this and delete if found: jzjkllk.dll
    • Search for this and delete if found: xbhactnc


    Run ATF Cleaner
    • Under Main choose: Select All
      Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.

    Malwarebytes' Anti-Malware

    • Please download Malwarebytes' Anti-Malware and save it to a convenient location.
    • Double click on mbam-setup.exe to install it.
    • Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
      • Update Malwarebytes' Anti-Malware
        Launch Malwarebytes' Anti-Malware
    • Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
    • Select the Scanner tab. Click on Perform full scan, then click on Scan.
    • Leave the default options as it is and click on Start Scan.
    • When done, you will be prompted. Click OK, then click on Show Results.
    • Checked (ticked) all items and click on Remove Selected.
    • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.


    ================

    When you're ready, please post the following logs to here:
    - MBAM's report
    - a fresh HijackThis log
    MalWare Removal University - You too could train to help others
    UNITE & ASAP member since 2006

  5. #5
    Junior Member 1995ad's Avatar
    Join Date
    Oct 2009
    Posts
    9

    Question Can I?

    According to your instructions, I have removed utorrent and also have removed the Norton trail reset service. I have also downloaded the file which you gave me. But I have another problem.


    > I have already uninstalled Spybot S & D. Should I install it again?

    > I have uninstalled bit defender free edition but have installed the legit version of its internet security suite 2010 .

    > I have tried searching for the files : xbhactnc and jv....dll (something) with the hidden folder search option on but the result suggests that it is not to be found.

    >Since I have bit defender internet security 2010, should I install malwarebytes? Won't it cause any conflicts?

    > Another problem i am currently facing is that the internet sometimes fails to establish a connection.(especially after the installation of Bit defender). Is it due to a virus?

    Besides that, Here is the fresh log of my HijackThis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:37:46 PM, on 10/6/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\TUProgSt.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\PROGRA~1\THEKMP~1\KMPlayer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe"
    O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1241594980390
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{ECD29542-29CF-49C2-9A3D-885BB6DD43B4}: NameServer = 208.67.222.222,208.67.220.220
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate1c9daaea7381a2a) (gupdate1c9daaea7381a2a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe

    --
    End of file - 4703 bytes

    ------------------------------------------------------
    Thanks. Please help as soon as possible.

  6. #6
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    3,934

    Default

    Hi

    Spybot S&D is a great tool and I'd recommend to use it for scanning in future.
    Those files aren't on your pc anymore.
    Yes you should install and run a scan with malwarebytes. Post the log to here when ready.

    The internet connection problem and BitDefender - have you allowed legit applications like Internet Exlporer, Mozilla Firefox etc to connect the internet?

    Please make sure that you don't have the Windows Firewall running along with the BitDefender firewall. Running 2 firewalls can cause problems. Instructions for disabling Windows firewall (when BitDefender's firewall is on) -> Link
    MalWare Removal University - You too could train to help others
    UNITE & ASAP member since 2006

  7. #7
    Junior Member 1995ad's Avatar
    Join Date
    Oct 2009
    Posts
    9

    Arrow Log file of Malware-Bytes'

    Hey, I have posted two log files of Malwarebytes Anti-Malware . The first one is the log file before removing the viruses. The second one is after removing the virus.
    --------------------------------------------------------------------------
    The first one.....


    Malwarebytes' Anti-Malware 1.41
    Database version: 2914
    Windows 5.1.2600 Service Pack 3

    10/7/2009 5:04:25 PM
    mbam-log-2009-10-07 (17-04-19).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 168877
    Time elapsed: 23 minute(s), 32 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 1
    Registry Keys Infected: 7
    Registry Values Infected: 2
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 3

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    \\?\globalroot\systemroot\system32\gasfkyrvitawvb.dll (Trojan.FakeAlert) -> No action taken.

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
    HKEY_CLASSES_ROOT\TypeLib\{d18bbd1f-82bb-4385-bed3-e9d31a3e361e} (Hacktool.KewlButtonz) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{9dc243a5-ee33-4674-8563-89b48e779eb1} (Hacktool.KewlButtonz) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{b3d14cb9-183b-4bc8-8ce4-cba37a6fe8c6} (Hacktool.KewlButtonz) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{d4bbe4c0-bd72-4a33-817c-2e7e16de20bc} (Hacktool.KewlButtonz) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> No action taken.
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\.norton2009Reset (Trojan.Hacktool) -> No action taken.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\KewlButtonz.ocx (Hacktool.KewlButtonz) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> No action taken.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    \\?\globalroot\systemroot\system32\gasfkyrvitawvb.dll (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\KewlButtonz.ocx (Hacktool.KewlButtonz) -> No action taken.
    C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> No action taken.
    _________________________________________________________________

    the second one...

    Malwarebytes' Anti-Malware 1.41
    Database version: 2914
    Windows 5.1.2600 Service Pack 3

    10/7/2009 5:05:15 PM
    mbam-log-2009-10-07 (17-05-15).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 168877
    Time elapsed: 23 minute(s), 32 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 1
    Registry Keys Infected: 7
    Registry Values Infected: 2
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 3

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    \\?\globalroot\systemroot\system32\gasfkyrvitawvb.dll (Trojan.FakeAlert) -> Delete on reboot.

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{d18bbd1f-82bb-4385-bed3-e9d31a3e361e} (Hacktool.KewlButtonz) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{9dc243a5-ee33-4674-8563-89b48e779eb1} (Hacktool.KewlButtonz) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{b3d14cb9-183b-4bc8-8ce4-cba37a6fe8c6} (Hacktool.KewlButtonz) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{d4bbe4c0-bd72-4a33-817c-2e7e16de20bc} (Hacktool.KewlButtonz) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\.norton2009Reset (Trojan.Hacktool) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\KewlButtonz.ocx (Hacktool.KewlButtonz) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    \\?\globalroot\systemroot\system32\gasfkyrvitawvb.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\KewlButtonz.ocx (Hacktool.KewlButtonz) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    --------------------------------------------------------------------------

    Further, I have done what you have said and I personally thank you very much for helping me. Please reply to this post and tell me how I can get rid of that nasty Virus.

  8. #8
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    3,934

    Default

    Hello and sorry for the delay.
    I've had some problems with my Internet service provider...

    Do you know anything about these?
    C:\WINDOWS\system32\KewlButtonz.ocx
    C:\WINDOWS\system32\h@tkeysh@@k.dll

    Might be related to eg some game trainer/hotkey function...

    How is the computer runnning now?
    Any issues?
    I recommend that you update your Bitdefender definitions and run a full system scan with it. Let me know the results.
    MalWare Removal University - You too could train to help others
    UNITE & ASAP member since 2006

  9. #9
    Junior Member 1995ad's Avatar
    Join Date
    Oct 2009
    Posts
    9

    Talking Reply to the earlier post

    Out of the files which you asked me to identify, I do not know them but still I use some trainers for games that I have in my computer such as NFS Most Wanted and GTA San Andreas.

    My computer is quite a bit slow and Firefox hangs for the first few minutes whenever i use it. Apart from that, there is no major threats and bit defender is simply taking too long to scan my computer and I still didn't make it run a full system scan even after a week of installing it.

    Please suggest me a remedy for to get rid of any other infections and also the ones which you mentioned above...


    Thanking you for your help...

  10. #10
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    3,934

    Default

    Ok the pc being slow might not be malware related but let's run 2 more scans to be sure...

    • Download Silent runners by Andrew Aronoff from here
    • Unzip/extract it to a folder on your desktop
    • Double click on Silent Runners.vbs to start Silent runners
    • If your antivirus warns you about a script, allow it to run, this script does not contain malicious code
    • You will be asked if you want skip the supplementary search, click Yes
    • Wait for Silent runners to inform you that it has finished
    • A log will be created in the same folder as Silent Runners.vbs
    • It will have a name of Startup Programs (yourusername) date-time.txt
    • Use notepad to open that file
    • Copy and paste the contents as a reply to this topic


    Download gmer.zip and save to your desktop.
    alternate download site
    • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
    • When you have done this, disconnect from the Internet and close all running programs.
      There is a small chance this application may crash your computer so save any work you have open.
    • Double-click on Gmer.exe to start the program.
    • Allow the gmer.sys driver to load if asked.
    • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
    • Run Gmer again and click on the Rootkit tab.
    • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
    • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
    • Click on the "Scan" and wait for the scan to finish.
      Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
    • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
    • Note: If you have any problems, try running GMER in SAFE MODE"

    Important! Please do not select the "Show all" checkbox during the scan..
    MalWare Removal University - You too could train to help others
    UNITE & ASAP member since 2006

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •