P2P-Worm.Win32.VB.dw

Also, maybe this will help you...after I contacted you and after you gave me some advices I realised that I can start Windows Task Manager again...probably the SYSCLEAN deleted some virus who was stopping Windows Task MAnager...also, at the begining LimeWare "window" was appearing very often and it was giving me "advice" to install LimeWare again, and now it is not appearing any more...

now I am running Avast home! thorough scan so I can send you a log if that is necessary... :)
 
Ok, I got the logs from Sysclean - I'm reviewing them now. I'll be back when I'm done :)
 
I've reviewed your logs and looks like it was successful cleaning your PC, however, that is very damaging worm. :( You need to be aware that it may have stolen information or compromised your system!. Trend-Micro calls this Gaobot.df and it had a write up on it.

Here is a description:
Gaobot.DF
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_GAOBOT.DF&VSect=T
Backdoor Capabilities

Using a random port, this worm connects to the Internet Relay Chat (IRC) server and joins a specific channel, where it listens for the following commands from a remote malicious user:

Download files from a specified URL
Find, delete, rename or execute files
Flush DNS buffer
Get clipboard data
Get network information
Get system information
Initiate a denial of service (DoS) attack
List or delete network shares
List or terminate processes
Logs keystrokes
Perform IRC commands
Redirect connections
Execute commands using a remote shell
Scan for vulnerabilities
Send email messages
Sniff incoming or outgoing packets
Start an FTP, HTTP, or TFTP server
Steal CD keys
Steal passwords
Visit specified URL
It executes these commands locally on an affected system, providing the remote user virtual control over the machine.
Click to expand...

There is more in that link I gave you.

You were likely infected because you are not up to date on critical security updates from windows and you are vulnerable to future attacks as well.

You really need to get SP2 and ALL critical security updates from Microsoft
http://update.microsoft.com/microsoftupdate/

Some final Clean up steps

Go to Start > Run and type in the box: cleanmgr
This will run the Windows disk cleanup utility. Wait while it scans your system and then it will present a list of files/folders to to delete. Make sure these 3 are checkmarked and press *ok* to delete them:

Temporary Files

Temporary Internet Files

Recycle bin

Next: Please reset your system restore in Windows XP
Now that your PC is clean, make sure all programs are running properly and then you'll need to reset your restore point in Windows XP.......why?

One of the best features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is necessary after malware removal.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(winXP)

1. Turn off System Restore.
Go to Start > Run, click on *My Computer*.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
Go to Start > Run, click on *My Computer*.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;310405

Let me know if you are seeing any remaining problems. You may want to consider a reformat/reinstall as an option if you are able to save your important data and have the original disks to reinstall (but get SP2 first and save it to CD or other removable media) so that you can install SP2 before connecting to the internet after reinstall.

Also be aware of the dangers of using P2P programs. Tashi has written up some very good info here:

File Sharing, otherwise known as Peer To Peer. (P2P)
http://forums.spybot.info/showthread.php?t=282

I hope that is all a help to you. :)
 
Thank you for your help...

I have just finished avast scan and it found about 6-7 viruses...one of them was adware and the rest were trojans...I have deleted them all successfully...

Also, I am not sure I have deleted the P2P-Worm.Win32.VB.dw...is that the other name for WORM GAOBOT?

I still have some pop-ups like Webalize and 1revenue...

I have tried instelling Windows XP Servise Pack 2 earlier but something allways get wrong...I even ordered CD...anyway, I´ll try to install it again because I see it is very important...

I will not use any P2P programes any more...they only brings trouble ;)
 
Rock Princess said:
Also, I am not sure I have deleted the P2P-Worm.Win32.VB.dw...is that the other name for WORM GAOBOT?
Click to expand...
Yes, each of the AV companies has different name for it.


see the Aliases at the bottom of this page:
http://vil.nai.com/vil/content/v_133690.htm

It is also sometimes called the Alcra/Alcan worm, but that is the first "fix" we ran to clean your computer (Alcra Remover)

Likely these scanners will find additional remaining odd files and/or registry keys.
I still have some pop-ups like Webalize and 1revenue...
Click to expand...
You may have some remaining adware/spywares that were installed by this worm. It may help to run the tools listed in this instruction:
http://forums.spybot.info/showthread.php?t=4015

I have tried instelling Windows XP Servise Pack 2 earlier but something allways get wrong...I even ordered CD...anyway, I´ll try to install it again because I see it is very important...
Click to expand...
Yes, very important. The infections you had may have been preventing the install of SP2. After running the cleaners above in the link I posted, let me know if you are able to install SP2?

I will not use any P2P programes any more...they only brings trouble ;)
Click to expand...
Smart move. It is not worth the headaches! :bigthumb:
 
Thank you very much for everything :)

I have downloaded SmitfraudFix,and I have got a rapport.exe log

Now I am downloading ewido,and I will do the rest of "cleaning process"...

I have a Windows SP 2 on a CD and I have tried to install it today but it couldn´t...it gave me a message "Maybe the key is invalid" or something like that...when I bought this computer (new) i have got this Windows XP on it and I have been using it since then....

I will try to install it later after I use all this malware removal tools

I will contact you here then ;)
 
Ok, Here are some links for how to validate your windows so you can get the updates:

These links should help with that process

Microsoft Genuine Windows
http://www.microsoft.com/genuine/default.mspx?displaylang=en

Genuine Windows FAQ
http://www.microsoft.com/genuine/downloads/FAQ.aspx?displaylang=en

Windows Validation Assistant
http://www.microsoft.com/resources/howtotell/ww/windows/default.mspx

Microsoft Product Activation
http://www.microsoft.com/resources/howtotell/en/mpa.mspx

If you are still having a problem, contract Microsoft's tech support (it is a free service, to help you get your updates issues straightened out)

For support outside the United States and Canada, please contact your Microsoft Help and Support worldwide. Go to this page and choose your region from the box:
http://support.microsoft.com/common/international.aspx
 
Thank you one more time for saving me and my computer :)

I have done everything you said and here are reports and log files

I will try to install Windows Servise Pack 2 tomorrow and then I will contact you and Microsoft Help and Support center...

Please, have a look at my log files from Hijackthis, Spybot S&D and SmitfraudFix (Clean) and see is it everything allright...

Thanks...
 
Ok, couple more things we need to do.

1. Please download and unzip Ren-cmdservice to your desktop.
It will only work correctly if the folder is placed on your desktop and extracted.
http://downloads.subratam.org/Lon/ren-cmdservice.zip
Open the ren-cmdservice folder and doubleclick the
ren-cmdservice.bat file to run the program.
A text will open when it is finished, Post it please.
Then restart the PC run SpyBot check for and fix any problems found.

2. Go to your Control Panel. Look in Add/Remove Programs. Find these two Sun Java programs listed:

Java 2 Runtime Environment, SE v1.4.2_03 1.4.2_03

J2SE Runtime Environment 5.0 Update 3 1.5.0.30

Highlight and press *remove*

Then get the latest version of Sun Java here:
http://www.java.com/en/download/windows_automatic.jsp

or here (manual download):
http://www.java.com/en/download/manual.jsp

And in the future, remember to remove older versions of Java when you automatically update to a newer version to avoid exploitation of older versions left on your system.
 
Ok, here is the log file from cmdservice :).Is this going to delete cmd service(a problem in Spybot S&D)?I hope it is!:)

Running from C:\Documents and Settings\x\Desktop\ren-cmdservice
No Image Path Listed in Registry

Original perms.

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Effective permissions for Registry key HKLM\SYSTEM\CurrentControlSet\Services\cmdservice:
Read NT AUTHORITY\INTERACTIVE
Full access BUILTIN\Administrators


-----------------
Adjusted permisions

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Effective permissions for Registry key HKLM\SYSTEM\CurrentControlSet\Services\cmdservice:
Full access BUILTIN\Administrators
Full access NT AUTHORITY\INTERACTIVE
Read BUILTIN\Users
Read BUILTIN\Power Users
Full access NT AUTHORITY\SYSTEM


-----------------
Deleting cmdservie key
[SWSC] DeleteService FAIL
Delete Network Monitor if present
[SWSC] DeleteService FAIL
-----------------
Commandline utilities (SWReg and SWSC)
Written by Bobbi Flekman © 2005
-----------------
A Backup made was made, bakhive
Finised, Post the logit.txt then restart your PC please
ren-cmdservice.bat edited 2-4-2006
-----------------


Now I will remove Java and download what you said....
 
I have deinstalated Java and its update and I have downloaded new Java Runtime 5 Update 6 or something like that...I have followed the link you gave me :)

Is there anything else I should do?
 
I have followed the links you gave me to Microsoft pages and I have done smoe validating of my Windows and I have found out that I was a victim of software counterfeiting and that my version of Windows is not genuine...what should I do now?I suppose that was the reason I couldn´t upgrade my Windows XP with SP2....:confused:
 
ok, so you are good to go on all items except genuine windows and the updates?

In the Genuine Windows FAQ Page:
Validation Failure: What if my Microsoft software is not genuine?
http://www.microsoft.com/genuine/downloads/FAQ.aspx?displaylang=en#Question5Label

Q: What if my copy of Windows or Office fails the validation process or I believe I have received pirated software?
A:
In either case, Microsoft recommends the following actions:

* See your reseller and ask for genuine Microsoft software, using the report provided during the validation session for support. The report explains why your system was unable to validate and provides instructions for further follow-up.
* Visit the Microsoft How to Tell website to learn how to recognize genuine Microsoft software.
* Turn on Automatic Updates to make sure your system is being protected while you are resolving the problem.

Q: Do security updates require validation?
A:
Security updates are not part of WGA or OGA. You can install security updates using the Windows Automatic Updates feature or download them from the Download Center.

A:
Automatic Updates helps you keep your Windows installation current with the latest security updates. Using Automatic Updates does not require validation. Visit Protect Your PC to learn more.
.............
And scoll down a bit to this section on that same page:
What is the genuine Windows offer?

Q: What is the genuine Windows offer?
A:
The Microsoft genuine Windows offer is designed to help customers who unknowingly purchased counterfeit versions of Windows XP by offering those who qualify a complimentary copy or electronic license key for a genuine copy of Windows XP.

Q: What are the details of the genuine Windows offer?
A:
To help customers who unknowingly purchased a counterfeit version of Windows XP, Microsoft has created two genuine Windows offers for those who qualify:

* Complimentary offer: Microsoft will make a complimentary copy of Windows XP available to customers who have been sold counterfeit Windows. Customers will be required to submit a proof of purchase, the counterfeit CD, and a counterfeit report with details of their purchase. Only high-quality counterfeit Windows will qualify for the complimentary offer.
* Electronic License Key Offer: Microsoft will offer an alternative for customers who find out via the WGA validation process that they are not running genuine Windows, but do not qualify for, or choose not to take advantage of, the complimentary offer. These customers will be able to license a Windows Genuine Advantage Kit for Windows XP online for a price of $99 for Windows XP Home edition or $149 for Windows XP Professional. The Windows Genuine Advantage Kit for Windows XP will include a new 25-character Product Key and a Windows Product Key Update tool that will allow customers to convert their counterfeit copy to genuine Windows XP electronically.


Q: How is the Windows Genuine Advantage Kit for Windows XP different from the product available from resellers?
A:
Windows Genuine Advantage Kit for Windows XP is packaged differently and is only distributed by Microsoft directly to customers who qualify for the genuine Windows offer. It is not intended for resale.

Q: Can I install updates for Windows XP if am using Windows Genuine Advantage Kit for Windows XP?
A:
Yes.

And follow on down to the next section to those Q & A
Requirements and limitations of the genuine Windows offer

http://www.microsoft.com/genuine/downloads/FAQ.aspx?displaylang=en
 
Yes, I solved every problem on my computer (with your help ;)).Now it is clean :D

I owe you a lot...I don´t know how can I repay you...I you need anything just e-mail me and I will be happy to help you ;)
 
Yes, I solved every problem on my computer (with your help ;)).Now it is clean :D

I owe you a lot...I don´t know how can I repay you...If you need anything just e-mail me and I will be happy to help you ;)
 
Glad we could help Rock Princess! :)

Since your issues appear to be resolved, I'll go ahead and archive this thread. should need any further assistance please feel free to start a new topic or PM me to open this one back up.
 
You must log in or register to reply here.
Back
Top