|
| ||
| Nasty virus please help hey guys just built my computer and i already have this nasty virus and cant seem to get rid of it. A RUNDLL error message keeps coming up this is the hijachthis result: Logfile of HijackThis v1.99.1 Scan saved at 11:44:43 PM, on 3/9/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\Softwin\BitDefender9\vsserv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\ATITool\ATITool.exe C:\Program Files\Softwin\BitDefender9\bdmcon.exe C:\Program Files\Softwin\BitDefender9\bdnagent.exe C:\Program Files\Softwin\BitDefender9\bdoesrv.exe C:\Program Files\Softwin\BitDefender9\bdswitch.exe C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\Fag\Desktop\HijackThis.exe R3 - Default URLSearchHook is missing O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [ATITool] "C:\Program Files\ATITool\ATITool.exe" -s O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe" O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe" O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe" O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe" O4 - HKLM\..\Run: [AS00_Gear311T] C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe -hide O4 - HKLM\..\RunServices: [Microsoft System Support] spool.exe O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.billingnow.com O15 - Trusted Zone: http://*.reliablestats.com O15 - Trusted Zone: http://*.winantispyware.com O15 - Trusted Zone: http://*.winantivirus.com O15 - Trusted Zone: http://*.winantiviruspro.com O15 - Trusted Zone: http://*.winnanny.com O15 - Trusted Zone: http://*.winsoftware.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1140754406663 O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\gplql3351.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing) O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) Please tell me what I need to do, thanks. Just |
| ||
| Re: Nasty virus please help Alrite, that sounds like a good virus. Fix the following: R3 - Default URLSearchHook is missing O4 - HKLM\..\RunServices: [Microsoft System Support] spool.exe O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe O15 - Trusted Zone: http://*.billingnow.com O15 - Trusted Zone: http://*.reliablestats.com O15 - Trusted Zone: http://*.winantispyware.com O15 - Trusted Zone: http://*.winantivirus.com O15 - Trusted Zone: http://*.winantiviruspro.com O15 - Trusted Zone: http://*.winnanny.com O15 - Trusted Zone: http://*.winsoftware.com After this, install Ewido and CCleaner (both links are in my signature below) and update definitions for both, but DON'T run them yet. After doing this, reboot into safe mode, and first, delete this folder if found: C:\Program Files\Common Files\VCClient Then, run Ewido and CCleaner, fixing everything that's found. Save the Ewido log. Then, reboot into normal mode again, run HJT, and post a new log along with the saved Ewido log. Then, we'll work from there. Thanks. (justdrw, ignore this below) Also (to Mods): Anybody know anything about: O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\gplql3351.dll Looks REAL suspicious to me. |
| |||
| Re: Nasty virus please help Quote:
First uninstall any of the following if found Quote:
Quote:
You'll need to give this a run... Spysweeper http://www.malwareteks.com/dload.php...load&file_id=5 -Update to the latest definitions and run it -Remove everything it finds -Attach the log when you return Also include a new HijackThis log after Spysweeper |
| ||
| Re: Nasty virus please help hey guys thanks for the replys I don't have time tonight but I will give it shot tomorrow and let u know how it works, thanks again. Justin |
| All times are GMT -4. The time now is 5:38 pm. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC