Worm/VB.DW Alerts!!

[Nabin]

When I boot my computer, Antivir alerts me of a file with Worm/VB.DW signature in temp/temp1.tmp. When I choose to delete this, it then alerts me of the same in temp2.tmp and continues to temp8.tmp and then to tempA.tmp to tempF.tmp

I have run scan with AntiVir, Spybot, Adware, Windows Defender, AVG, Panda, and Norton. Norton once alerted me of Alcra when I disabled Antivir alerts. Bitdefender showed Trojan Maccess when I scanned in safemode but it did not remove the trojan. I had saved the log in desktop of safemode but I cannot find in normal mode.

Here is my HJT

Logfile of HijackThis v1.99.1
Scan saved at 18:53:20, on 2006/09/03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Justsystem\OpenMG BeatJam\Plugin\bgsvclib.exe
C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServer.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Panasonic\PSSCore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panasonic\TVfunSTUDIO\VrService.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fujitsu\Mr.WLANner\Xwlanner.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Fujitsu\IndicatorUtility\IndicatorUty.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Fujitsu\Fujitsu Quick Touch\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\リモコンマネージャー\IRRCManager.exe
C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCKAPLEXE.exe
C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCDaemon.exe
C:\Program Files\Fujitsu\chitose\updatenv.exe
C:\Program Files\FUJITSU\Mr.WLANner\mwlanrun.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\program files\softwin\bitdefender8\bdnagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Panasonic\TVfunSTUDIO\eTVtimer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\デスクトップ\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Toolbar Browser Helper Objects - {B37B14B8-699F-4002-9254-D1AB00FD07B5} - C:\Program Files\@nifty toolbar\nbho.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AzbyClubツールバー(&A) - {3DB1C21B-A7E0-4C3F-B39E-E00DD8792D90} - C:\Program Files\@nifty toolbar\ntoolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [LoadFUJ02E3] "C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe"
O4 - HKLM\..\Run: [High Definition Audio プロパティ ページ ショートカット] HDAShCut.exe
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [IndicatorUtility] "C:\Program Files\Fujitsu\IndicatorUtility\IndicatorUty.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] "C:\Program Files\Fujitsu\Fujitsu Quick Touch\QuickTouch.exe"
O4 - HKLM\..\Run: [LoadBtnHnd] "C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe"
O4 - HKLM\..\Run: [IRRCManager] "C:\Program Files\Fujitsu\リモコンマネージャー\IRRCManager.exe"
O4 - HKLM\..\Run: [PUSCKAPLEXE] "C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCKAPLEXE.exe"
O4 - HKLM\..\Run: [LoadPUSCDaemon] "C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCDaemon.exe"
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\chitose\updatenv.exe
O4 - HKLM\..\Run: [WLANNER] "C:\Program Files\FUJITSU\Mr.WLANner\mwlanrun.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: @nifty: @searchで検索 - res://C:\Program Files\@nifty toolbar\ntoolbar.dll/atsearch.htm
O8 - Extra context menu item: @nifty: ページを日本語に翻訳 - res://C:\Program Files\@nifty toolbar\ntoolbar.dll/en_to_jp.htm
O8 - Extra context menu item: @nifty: 選択範囲を日本語に翻訳 - res://C:\Program Files\@nifty toolbar\ntoolbar.dll/en_to_jp_txt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun の Java コンソール - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: PUSCSRVC - C:\WINDOWS\SYSTEM32\PUSCSRVC.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: BeatJam Music Server - HTTP (BeatJamMusicStreamingServer) - Justsystem Corporation - C:\Program Files\Justsystem\BeatJam Music Server\BeatJamHttpService.exe
O23 - Service: BeatJam Music Server - UPnP (BeatJamUPnPMusicServer) - Justsystem Corporation - C:\Program Files\Justsystem\BeatJam Music Server\BeatJamUPnPService.exe
O23 - Service: B's Recorder GOLD Library Service (bgsvclib) - B.H.A Corporation - C:\Program Files\Justsystem\OpenMG BeatJam\Plugin\bgsvclib.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MyMedia Server - DigiOn - C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServer.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PSS Core - Matsushita Electric Industry Co., LTD. - C:\Program Files\Common Files\Panasonic\PSSCore.exe
O23 - Service: PowerUtility Remote Power Management Service (putlrsrv) - FUJITSU LIMITED - C:\PROGRA~1\Fujitsu\POWERU~1\remote\PUTLRSRV.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VRService - Matsushita Electric Industrial Co., Ltd. - C:\Program Files\Panasonic\TVfunSTUDIO\VrService.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
O23 - Service: Mr.WLANner Service (Xwlanner) - FUJITSU LIMITED - C:\Program Files\Fujitsu\Mr.WLANner\Xwlanner.exe

[LonnyRJones]

Hi Nabin

While we can use more than one antispyware program to cleanup a pc its not a good idea to have more than one antivirus or firewall programs installed much less running at the same time.

Uninstall all but one antivirus and firewall program, If and when promped by the uninstaller to restart the PC do so.
(Personal opinion, uninstall norton/symantec)

[Nabin]

Hi!

Thank you LRJ!

I did that and the problem is no more there. The computer is as healthy as it was always. So, was it that Antivir did not want Norton to be there?

So, now I have Antivir only. Will that be okay?

Thank you so much for the help.

Nabin

[LonnyRJones]

Hi

If your keeping Antivir did you uninstall bitdefender to ?

[Nabin]

I uninstalled all except antivir, spybot and windows defender

[LonnyRJones]

Good

A firewall is a good idea
several are mentioned here, dont install more than one though
http://forums.spybot.info/showthread.php?t=279

[Nabin]

Thank you so much!

It was so stupid to keep so many.

Nabin

[LonnyRJones]

Think Prevention: Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file:
http://www.mvps.org/winhelp2002/hosts2.htm
Repeat that proccess about once or twice a month

To help avoid reinfection see "So how did I get infected in the first place?"
http://forums.spybot.info/showthread.php?t=279

[tashi]

As the problem appears to be resolved this topic has been archived.

If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread; this applies only to the original topic starter.

Glad we could help, cheers.