|
| ||
| Please assist with New Poly Win32 Virus In the last couple days, my desktop has been running REALLY SLOW! I'm fairly computer literate, just need a step-by-step. I also know my way around the registry with 'walk through' assistance. (HJT log is at the end of the thread). THANKS! I have McAfee running in the background (from startup), as well as their Privacy Service and Personal Firewall programs. I ran their antivirus and it didn't detect anything. I also ran the following: *BitDefender Scan Online -- while this program was running, a red alert dialog box from the McAfee antivirus application popped up saying it found the New Poly Win32 Virus. It wouldn't clean, quarantine, or delete it. * CWShredder -- it found nothing. * Ran 'Clean Up' application. * Registry Mechanic (Trial Version) -- It found 234 items, and fixed 4 of them. * Ad-Aware SE Personal -- it found, and quarantined, ALEXA virus. NOTE: When I attempt going in to Safe Mode the system 'hangs' before it gets to the bare bones desktop. I'm also unable to locate my Windows 2000 CDs. Also, I use Firefox as my main browser. I only use Internet Explorer if a website doesn't like Firefox. HERE'S THE HJT LOG: Logfile of HijackThis v1.99.1 Scan saved at 2:58:47 PM, on 5/16/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\SMC\SMC.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\PROGRA~1\mcafee.com\mps\mscifapp.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE C:\Program Files\Hijack This\HijackThis2.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [SMC] C:\SMC\SMC.exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Sh...2/ComCtl32.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/Sha...in/AvSniff.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/produc...ed/mvt/mvt.cab O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/pro...tor/WebAAS.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe THANKS MUCH FOR THE HELP ! Brent |
| ||
| Re: Please assist with New Poly Win32 Virus Hi, and welcome to DaniWeb. That log looks short. If you ran it in safe mode, which, judging by how you said it hangs while going into safe mode I don't think you did, or if you have latley or in the pass disabled startup items, please re-enable them and then in Normal mode, please run another HJT scan. That current log showed no sign of infection. ____________________________________________________________ Also please do this... Please download ewido anti-malware it is a free version of the program.
ewido manual updates Once the updates are installed do the following:
Reboot. Then post the HJT log, and the ewido log |
| ||
| Re: Please assist with New Poly Win32 Virus tayspen, Thanks for the quick reply! Yes, the first HJT log was done in Normal mode rather than Safe Mode. I haven't disabled any startup items recently. I've installed ewido. It might take awhile for the scan. When it's finished, I'll save the ewido log, re-boot, get a current HJT log and post both of them. Thanks! |
| ||
| Re: Please assist with New Poly Win32 Virus You are welcome. We will be waiting :) |
| ||
| Re: Please assist with New Poly Win32 Virus OK, I've done the following, in order: 1. Scanned with ewido and saved the report. 2. Rebooted. 3. Saved new HJT log. **It was still running slow, so I defragged, saved the defrag report and re-booted. It's still slooow. HJT log, ewido log, and defrag log are below: HJT log: Logfile of HijackThis v1.99.1 Scan saved at 5:44:45 PM, on 5/16/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\SMC\SMC.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\PROGRA~1\mcafee.com\mps\mscifapp.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Hijack This\HijackThis2.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [SMC] C:\SMC\SMC.exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Sh...2/ComCtl32.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/Sha...in/AvSniff.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/produc...ed/mvt/mvt.cab O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/pro...tor/WebAAS.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe -------------------------------------------- ewido log: --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 5:34:58 PM, 5/16/2006 + Report-Checksum: A3689DF5 + Scan result: :mozilla.6:C:\Documents and Settings\Brent\Application Data\Mozilla\Firefox\Profiles\hedtf2qh.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup :mozilla.14:C:\Documents and Settings\Brent\Application Data\Mozilla\Firefox\Profiles\hedtf2qh.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup :mozilla.15:C:\Documents and Settings\Brent\Application Data\Mozilla\Firefox\Profiles\hedtf2qh.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup :mozilla.16:C:\Documents and Settings\Brent\Application Data\Mozilla\Firefox\Profiles\hedtf2qh.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup :mozilla.61:C:\Documents and Settings\Brent\Application Data\Mozilla\Firefox\Profiles\hedtf2qh.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.62:C:\Documents and Settings\Brent\Application Data\Mozilla\Firefox\Profiles\hedtf2qh.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.138:C:\Documents and Settings\Brent\Application Data\Mozilla\Firefox\Profiles\hedtf2qh.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup :mozilla.139:C:\Documents and Settings\Brent\Application Data\Mozilla\Firefox\Profiles\hedtf2qh.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup ::Report End ------------------------------------------------------- defrag log: Volume (C:): Volume size = 9,750 MB Cluster size = 4 KB Used space = 5,371 MB Free space = 4,378 MB Percent free space = 44 % Volume fragmentation Total fragmentation = 0 % File fragmentation = 0 % Free space fragmentation = 0 % File fragmentation Total files = 20,497 Average file size = 337 KB Total fragmented files = 8 Total excess fragments = 40 Average fragments per file = 1.00 Pagefile fragmentation Pagefile size = 1,000 MB Total fragments = 3 Directory fragmentation Total directories = 2,105 Fragmented directories = 1 Excess directory fragments = 1 Master File Table (MFT) fragmentation Total MFT size = 31,381 KB MFT record count = 22,675 Percent MFT in use = 72 % Total MFT fragments = 2 -------------------------------------------------------------------------------- Fragments File Size Files that did not defragment 18 1 KB \WINNT\system32\config\software.LOG 2 1 KB \WINNT\system32\config\default.LOG 2 1 KB \WINNT\system32\config\SECURITY.LOG 2 1,171 KB \WINNT\ShellIconCache 2 1 KB \Documents and Settings\Brent\ntuser.dat.LOG 2 16 KB \Documents and Settings\Brent\Local Settings\Temp\~DF207D.tmp 3 18 KB \Program Files\McAfee.com\Agent\Data\Logs\TaskScheduler\McTskshd000.log ***Did you want me to re-scan with BitDefender and see if McAfee still kicks up a 'New Poly Win32' virus warning message? Thanks ! Brent |
| ||
| Re: Please assist with New Poly Win32 Virus Hmm alrite, another clean log. We're gonna try 2 things: 1) Running Ccleaner: Begin by downloading CCleaner, and specifically choosing the most recent version. Then, follow these steps: 1. Close all programs so that you are at your desktop. 2. Double-click on the "My Computer" icon. 3. Select the "Tools" menu and click "Folder Options". 4. After the new window appears select the "View" tab. 5. Place a checkmark in the checkbox labeled "Display the contents of system folders". 6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders". 7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types". 8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer. 10. Now your computer is configured to show all hidden files. Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it): C:\Windows\Temp C:\Temp C:\Documents and Settings\<Every user listed>\Local Settings\Temp C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5 C:\Documents and Settings\<Every user listed>\Local Settings\History C:\Documents and Settings\<Every user listed>\Cookies C:\Windows\Prefetch After doing this, move back to the 'Cleaner' tab, and inside this, be sure your open to the 'Windows' tab. Inside, check the box labeled 'Custom Files and Folders'. Next, after following all of these steps, you're ready to scan. Run scans in both the 'Cleaner' and 'Issues'. Note: It might take several scans in each to remove all of the junk. ___________________ And running SpySweeper (link in sig below) Download, update its latest definitions, and run a full scan, saving the log. Post back with the SpySweeper log and a new HJT log. Thanks :) |
| ||
| Re: Please assist with New Poly Win32 Virus OK, ran CCleaner and SpySweeper. SpySweeper and new HJT logs follow: SpySweeper log: ******** 12:02 PM: | Start of Session, Wednesday, May 17, 2006 | 12:02 PM: Spy Sweeper started 12:02 PM: Sweep initiated using definitions version 678 12:02 PM: Starting Memory Sweep 12:31 PM: Memory Sweep Complete, Elapsed Time: 00:29:03 12:31 PM: Starting Registry Sweep 12:33 PM: Found Adware: navexcel navhelper 12:33 PM: HKCR\appid\nhelper.dll\ (1 subtraces) (ID = 135511) 12:33 PM: HKLM\software\classes\appid\nhelper.dll\ (1 subtraces) (ID = 135525) 12:34 PM: Registry Sweep Complete, Elapsed Time:00:02:49 12:34 PM: Starting Cookie Sweep 12:34 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01 12:34 PM: Starting File Sweep 12:56 PM: Found Adware: coolwebsearch (cws) 12:56 PM: muninst.exe:acaydb (ID = 54051) 12:56 PM: Found Adware: cws_ns3 12:56 PM: muninst.exe:rxdlem (ID = 56451) 1:18 PM: Warning: Failed to open file "c:\documents and settings\brent\start menu\programs\ccleaner\ccleaner.lnk". Access is denied 1:57 PM: twunk_32.exe:sfwhxh (ID = 56287) 1:58 PM: Warning: Failed to open file "c:\documents and settings\brent\start menu\programs\internet explorer.lnk". Access is denied 2:05 PM: pfbmz.dll:wgzqtp (ID = 54051) 2:07 PM: uninst.exe:lgpmrj (ID = 56451) 3:12 PM: mfche32.dll:ekfuck (ID = 56451) 4:02 PM: nbcie.dll:scsdfl (ID = 56287) 4:03 PM: ieuninst.exe:trmtet (ID = 56287) 4:10 PM: Warning: Failed to open file "c:\documents and settings\brent\start menu\programs\ccleaner\ccleaner homepage.url". Access is denied 4:16 PM: Warning: Failed to open file "c:\documents and settings\brent\start menu\programs\ccleaner\uninstall ccleaner.lnk". Access is denied 4:25 PM: wmsyspr9.prx:zdorfo (ID = 54051) 4:31 PM: yuuhq.dll:kyogea (ID = 56287) 4:32 PM: psuah.dll:phkvnr (ID = 56287) 4:32 PM: trnjh.dll:aeebvx (ID = 54051) 4:32 PM: koowd.dll:mjnpaa (ID = 56287) 4:34 PM: ydbar.dll:nyjmwx (ID = 54051) 4:34 PM: nbcie.dll:yeuwel (ID = 54051) 4:34 PM: nkqmf.dll:qfnjyv (ID = 56287) 4:34 PM: yuuhq.dll:dbkaih (ID = 54051) 4:34 PM: zcwtg.dll:wjayif (ID = 56451) 4:34 PM: bwyco.dll:fweymx (ID = 56451) 4:34 PM: mqzbq.dll:zxlgcc (ID = 56287) 4:34 PM: bbzpl.dll:nvtssv (ID = 56287) 4:34 PM: yuuhq.dll:dihtgu (ID = 56287) 4:34 PM: zcwtg.dll:dzylgl (ID = 56451) 4:35 PM: koowd.dll:fsacvq (ID = 56451) 4:37 PM: File Sweep Complete, Elapsed Time: 04:02:31 4:37 PM: Full Sweep has completed. Elapsed time 04:28:42 4:37 PM: Traces Found: 28 4:45 PM: Removal process initiated 4:45 PM: Quarantining All Traces: cws_ns3 4:45 PM: Quarantining All Traces: coolwebsearch (cws) 4:45 PM: Quarantining All Traces: navexcel navhelper 4:46 PM: Removal process completed. Elapsed time 00:00:59 ******** 11:56 AM: | Start of Session, Wednesday, May 17, 2006 | 11:56 AM: Spy Sweeper started 11:59 AM: Messenger service has been disabled. 12:02 PM: Your spyware definitions have been updated. 12:02 PM: | End of Session, Wednesday, May 17, 2006 | HJT Log: Logfile of HijackThis v1.99.1 Scan saved at 4:49:34 PM, on 5/17/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\SMC\SMC.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\PROGRA~1\mcafee.com\mps\mscifapp.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\Hijack This\HijackThis2.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [SMC] C:\SMC\SMC.exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Sh...2/ComCtl32.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/Sha...in/AvSniff.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/produc...ed/mvt/mvt.cab O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/pro...tor/WebAAS.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe ********************* Brent |
| ||
| Re: Please assist with New Poly Win32 Virus Still having problems with a slow-motion PC. I think I found the culprit...a temp directory (tmp00000171). That directory was referenced when I got the McAfee Red Alert saying I had the New Poly Win32 virus when I originally ran the BitDefender Online scan. (See earlier posts in this thread). I tried Killbox, but that didn't work. I ran a new Spysweeper scan. I think it says it fixed the problem, but it didn't. See log below. I also went in to Command Prompt (I can't go in to Safe Mode) and tried to delete it that way but it wouldn't let me do that, either. (See text below from Command Prompt screen.) ******** 12:33 PM: | Start of Session, Thursday, May 18, 2006 | 12:33 PM: Spy Sweeper started 12:33 PM: Sweep initiated using definitions version 680 12:33 PM: Starting Memory Sweep 1:00 PM: Memory Sweep Complete, Elapsed Time: 00:26:10 1:00 PM: Starting Registry Sweep 1:02 PM: Registry Sweep Complete, Elapsed Time:00:02:34 1:02 PM: Starting Cookie Sweep 1:02 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00 1:02 PM: Starting File Sweep 1:24 PM: Warning: Failed to open file "c:\documents and settings\brent\start menu\programs\ccleaner\ccleaner.lnk". Access is denied 1:45 PM: Warning: Failed to open file "c:\documents and settings\brent\start menu\programs\internet explorer.lnk". Access is denied 3:49 PM: Warning: Failed to open file "c:\documents and settings\brent\start menu\programs\ccleaner\ccleaner homepage.url". Access is denied 3:54 PM: Warning: Failed to open file "c:\documents and settings\brent\start menu\programs\ccleaner\uninstall ccleaner.lnk". Access is denied 5:19 PM: Found System Monitor: potentially rootkit-masked files 5:19 PM: tmp00000000 (ID = 0) 5:29 PM: File Sweep Complete, Elapsed Time: 04:26:43 5:29 PM: Full Sweep has completed. Elapsed time 04:55:35 5:29 PM: Traces Found: 1 5:30 PM: Removal process initiated 5:30 PM: Quarantining All Traces: potentially rootkit-masked files 5:30 PM: potentially rootkit-masked files is in use. It will be removed on reboot. 5:30 PM: tmp00000000 is in use. It will be removed on reboot. 5:31 PM: Preparing to restart your computer. Please wait... 5:31 PM: Removal process completed. Elapsed time 00:01:29 12:33 PM: | End of Session, Thursday, May 18, 2006 **************** C:\Documents and Settings\Brent\Local Settings\Temp>dir Volume in drive C has no label. Volume Serial Number is 3CB1-784C Directory of C:\Documents and Settings\Brent\Local Settings\Temp 05/18/2006 07:02p <DIR> . 05/18/2006 07:02p <DIR> .. 05/18/2006 07:02p 65 kb.log 05/16/2006 01:24p <DIR> tmp00000171 1 File(s) 65 bytes 3 Dir(s) 4,589,318,144 bytes free C:\Documents and Settings\Brent\Local Settings\Temp>rd tmp00000171 Access is denied. This is really starting to annoy me. ANY HELP IS APPRECIATED! Thanks Brent |
| ||
| Re: Please assist with New Poly Win32 Virus Quote:
|
| ||
| Re: Please assist with New Poly Win32 Virus I rebooted before, and just rebooted again. When I rebooted this time, I got an error message saying 'The Spysweeper installation has been damaged. Please re-install product.' Should I uninstall and re-install Spysweeper? Thanks |
| All times are GMT -4. The time now is 7:52 am. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC