Hi,
I have 4 viruses which I am unable to remove using spybot.
Basically the sybot fixes these errors after scanning. But when I scan them again, these viruses are still to be seen.
The log file is a bit long, so I have just pasted a part of it.
The log file shows that the registry key is fixed but still it will repeat when i do the rescanning
PLZ HELP
TinyBar.C: [SBI $1BB1339D] Browser helper object (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
TinyBar.C: [SBI $32F9D995] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
TinyBar.C: [SBI $D87CA6BD] Class ID (Registry value, fixed)
HKEY_CLASSES_ROOT\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\InprocServer32\=...C:\WINDOWS\SYSTEM32\yayvVLCS.dll...
TinyBar.C: [SBI $8F2A4A7E] Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
Virtumonde: [SBI $4D2BC948] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim
Virtumonde: [SBI $779C9C0D] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP
Virtumonde: [SBI $FD08B4B7] Configuration file (File, fixed)
C:\WINDOWS\system32\gQXyaGgh.ini2
Properties.size=34176
Properties.md5=FCCDBDD5F6790579FAD3A579C6C86AF3
Properties.filedate=1238860028
Properties.filedatetext=2009-04-04 19:47:08
Virtumonde: [SBI $2A2DCEAC] Configuration file (File, fixed)
C:\WINDOWS\system32\gQXyaGgh.ini
Properties.size=34786
Properties.md5=089F6F688D4F7DA2E78799800C09D786
Properties.filedate=1238860103
Properties.filedatetext=2009-04-04 19:48:22
Virtumonde.prx: [SBI $3F9F40D4] Autorun settings (48582fb9) (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\48582fb9
Virtumonde.sci: [SBI $C49500CA] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yayvVLCS
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2009-04-04 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-01-22 Includes\Adware.sbi (*)
2009-03-25 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-03-31 Includes\Dialer.sbi (*)
2009-03-25 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-02-10 Includes\Hijackers.sbi (*)
2009-03-03 Includes\HijackersC.sbi (*)
2009-03-17 Includes\Keyloggers.sbi (*)
2009-03-17 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-03-25 Includes\Malware.sbi (*)
2009-03-31 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-03-31 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-03-23 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-01-28 Includes\Spyware.sbi (*)
2009-01-28 Includes\SpywareC.sbi (*)
2009-03-25 Includes\Tracks.uti
2009-03-30 Includes\Trojans.sbi (*)
2009-03-31 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Hotfix for Windows XP (KB915865)
/ XML Paper Specification Shared Components Pack 1.0: XML Paper Specification Shared Components Pack 1.0
--- Startup entries list ---
Located: HK_LM:Run, Google Desktop Search
command: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
file: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
size: 29744
MD5: 6542DC2E93BCE4D4289FA70A4D367DC2
Located: HK_LM:Run, MSConfig
command: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
file: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
size: 158208
MD5: 4FD22142F54692463A7B98B7DE175573
Located: HK_LM:Run, Network Associates Error Reporting Service
command: "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
file: C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
size: 147514
MD5: 78915C3AD0024BACD46F41BF02EE4415
Located: HK_LM:Run, ShStatEXE
command: "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
file: C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
size: 90112
MD5: 29B6DCE167D45EE7C246D3552191D651
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-484763869-776561741-725345543-1003...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
Located: HK_CU:Run, DAEMON Tools Lite
where: S-1-5-21-484763869-776561741-725345543-1003...
command: "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
file: C:\Program Files\DAEMON Tools Lite\daemon.exe
size: 687560
MD5: 2AC015CD0D8AA59E4AAD8EFFE29798EF
Located: HK_CU:Run, RocketDock
where: S-1-5-21-484763869-776561741-725345543-1003...
command: "C:\WINDOWS\Resources\Themes\RocketDock\RocketDock.exe"
file: C:\WINDOWS\Resources\Themes\RocketDock\RocketDock.exe
size: 630784
MD5: 4AC28B51530D3A93B3F27EB7A72F575F
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-484763869-776561741-725345543-1003...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2144088
MD5: 896A1DB9A972AD2339C2E8569EC926D1
Located: Startup (disabled), Adobe Gamma Loader (DISABLED)
command: C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
file: C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
size: 113664
MD5: C2FF17734176CD15221C10044EF0BA1A
Located: Startup (disabled), Adobe Reader Speed Launch (DISABLED)
command: C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE
file: C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE
size: 29696
MD5: DFCB9ADE94A4F8A7C42EEF41101A30AD
Located: Startup (disabled), AutoCAD Startup Accelerator (DISABLED)
command: C:\PROGRA~1\COMMON~1\AUTODE~1\ACSTAR~2.EXE
file: C:\PROGRA~1\COMMON~1\AUTODE~1\ACSTAR~2.EXE
size: 11000
MD5: AD61C37E1D1E56FAFC5FF7E3CB2D3EFA
Located: Startup (disabled), WinZip Quick Pick (DISABLED)
command: C:\PROGRA~1\WinZip\WZQKPICK.EXE
file: C:\PROGRA~1\WinZip\WZQKPICK.EXE
size: 118784
MD5: BB272E4A58C563EBF40F8CB1173DA1DA
Located: Startup (disabled), OneNote 2007 Screen Clipper and Launcher (DISABLED)
command: C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE /tsr
file: C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE
size: 98632
MD5: D91AFB6D2A0DA7539B74FB5838775D94
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
I have 4 viruses which I am unable to remove using spybot.
Basically the sybot fixes these errors after scanning. But when I scan them again, these viruses are still to be seen.
The log file is a bit long, so I have just pasted a part of it.
The log file shows that the registry key is fixed but still it will repeat when i do the rescanning
PLZ HELP
TinyBar.C: [SBI $1BB1339D] Browser helper object (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
TinyBar.C: [SBI $32F9D995] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
TinyBar.C: [SBI $D87CA6BD] Class ID (Registry value, fixed)
HKEY_CLASSES_ROOT\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\InprocServer32\=...C:\WINDOWS\SYSTEM32\yayvVLCS.dll...
TinyBar.C: [SBI $8F2A4A7E] Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
Virtumonde: [SBI $4D2BC948] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim
Virtumonde: [SBI $779C9C0D] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP
Virtumonde: [SBI $FD08B4B7] Configuration file (File, fixed)
C:\WINDOWS\system32\gQXyaGgh.ini2
Properties.size=34176
Properties.md5=FCCDBDD5F6790579FAD3A579C6C86AF3
Properties.filedate=1238860028
Properties.filedatetext=2009-04-04 19:47:08
Virtumonde: [SBI $2A2DCEAC] Configuration file (File, fixed)
C:\WINDOWS\system32\gQXyaGgh.ini
Properties.size=34786
Properties.md5=089F6F688D4F7DA2E78799800C09D786
Properties.filedate=1238860103
Properties.filedatetext=2009-04-04 19:48:22
Virtumonde.prx: [SBI $3F9F40D4] Autorun settings (48582fb9) (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\48582fb9
Virtumonde.sci: [SBI $C49500CA] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yayvVLCS
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2009-04-04 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-01-22 Includes\Adware.sbi (*)
2009-03-25 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-03-31 Includes\Dialer.sbi (*)
2009-03-25 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-02-10 Includes\Hijackers.sbi (*)
2009-03-03 Includes\HijackersC.sbi (*)
2009-03-17 Includes\Keyloggers.sbi (*)
2009-03-17 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-03-25 Includes\Malware.sbi (*)
2009-03-31 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-03-31 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-03-23 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-01-28 Includes\Spyware.sbi (*)
2009-01-28 Includes\SpywareC.sbi (*)
2009-03-25 Includes\Tracks.uti
2009-03-30 Includes\Trojans.sbi (*)
2009-03-31 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Hotfix for Windows XP (KB915865)
/ XML Paper Specification Shared Components Pack 1.0: XML Paper Specification Shared Components Pack 1.0
--- Startup entries list ---
Located: HK_LM:Run, Google Desktop Search
command: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
file: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
size: 29744
MD5: 6542DC2E93BCE4D4289FA70A4D367DC2
Located: HK_LM:Run, MSConfig
command: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
file: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
size: 158208
MD5: 4FD22142F54692463A7B98B7DE175573
Located: HK_LM:Run, Network Associates Error Reporting Service
command: "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
file: C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
size: 147514
MD5: 78915C3AD0024BACD46F41BF02EE4415
Located: HK_LM:Run, ShStatEXE
command: "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
file: C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
size: 90112
MD5: 29B6DCE167D45EE7C246D3552191D651
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-484763869-776561741-725345543-1003...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
Located: HK_CU:Run, DAEMON Tools Lite
where: S-1-5-21-484763869-776561741-725345543-1003...
command: "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
file: C:\Program Files\DAEMON Tools Lite\daemon.exe
size: 687560
MD5: 2AC015CD0D8AA59E4AAD8EFFE29798EF
Located: HK_CU:Run, RocketDock
where: S-1-5-21-484763869-776561741-725345543-1003...
command: "C:\WINDOWS\Resources\Themes\RocketDock\RocketDock.exe"
file: C:\WINDOWS\Resources\Themes\RocketDock\RocketDock.exe
size: 630784
MD5: 4AC28B51530D3A93B3F27EB7A72F575F
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-484763869-776561741-725345543-1003...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2144088
MD5: 896A1DB9A972AD2339C2E8569EC926D1
Located: Startup (disabled), Adobe Gamma Loader (DISABLED)
command: C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
file: C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
size: 113664
MD5: C2FF17734176CD15221C10044EF0BA1A
Located: Startup (disabled), Adobe Reader Speed Launch (DISABLED)
command: C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE
file: C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE
size: 29696
MD5: DFCB9ADE94A4F8A7C42EEF41101A30AD
Located: Startup (disabled), AutoCAD Startup Accelerator (DISABLED)
command: C:\PROGRA~1\COMMON~1\AUTODE~1\ACSTAR~2.EXE
file: C:\PROGRA~1\COMMON~1\AUTODE~1\ACSTAR~2.EXE
size: 11000
MD5: AD61C37E1D1E56FAFC5FF7E3CB2D3EFA
Located: Startup (disabled), WinZip Quick Pick (DISABLED)
command: C:\PROGRA~1\WinZip\WZQKPICK.EXE
file: C:\PROGRA~1\WinZip\WZQKPICK.EXE
size: 118784
MD5: BB272E4A58C563EBF40F8CB1173DA1DA
Located: Startup (disabled), OneNote 2007 Screen Clipper and Launcher (DISABLED)
command: C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE /tsr
file: C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE
size: 98632
MD5: D91AFB6D2A0DA7539B74FB5838775D94
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!