 |  |  |  |  |  |  |  |
Unable to completely remove HackTool.Rootkit virus
Thread Solved
 |
Hi,
My PC had recently been attacked by HackTool.Rootkit virus. I went through some of the instructions that were posted in this forum and was able to remove it partially. But the virus is still lurking somewhere in my PC and i'm unable to remove it completely. Well, here's what i've done till now -
- I've installed MS Anti-Spyware (Beta) and removed all spyware from my comp.
- I found out that msdirectx.sys was the troublemaker and removed all occurrances of it from the registry and deleted all physical instances of the file too.
- I've run all the possible antivirus programs available - Stinger, AVG, NAV, McAfee 2005 - but in vain.
The problem now is that some malicious process shows up in my task manager (see HijackThis log below) called bwgo0000*.exe. I kill it each time and delete the program from the %temp% dir, but each time i reboot the system, it shows up again and tries to connect to the internet. Please help...!!
Logfile of HijackThis v1.99.1
Scan saved at 9:05:28 AM, on 5/13/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
E:\Program Files\Logitech\Video\LogiTray.exe
E:\Program Files\Microsoft AntiSpyware\gcasServ.exe
E:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.Exe
E:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
E:\DOCUME~1\Adithya\LOCALS~1\Temp\bwgo0000bee6.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe
E:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
D:\Downloads\HijackThis.exe
E:\WINDOWS\System32\rasautou.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] E:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] E:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] E:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [gcasServ] "E:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [McAfee Managed Services Tray] E:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.Exe
O4 - HKLM\..\Run: [MVS Splash] E:\Program Files\McAfee\Managed VirusScan\VScan\Splash.exe
O4 - HKCU\..\Run: [LDM] E:\Program Files\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Logitech Desktop Messenger Agent.lnk = E:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Download with &DAP - E:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - E:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - E:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yaho...opper1_4us.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{41174515-8D66-4B49-82FD-6EDED8F5CCF5}: NameServer = 202.144.95.4,202.144.66.6
O18 - Protocol: bw+0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Program Files\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: myrm - {4D034FC3-013F-4B95-B544-44D49ABE3E76} - E:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt3.0.0.624.dll
O18 - Protocol: offline-8876480 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: McShield - Network Associates, Inc. - E:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe
O23 - Service: McAfee Managed Services Agent (myAgtSvc) - McAfee, Inc. - E:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
Thanks in advance
Hi adion, welcome to DaniWeb 
Your system most likely has been severely compromised; can you use System Restore to return it to a date before you were infected? (http://securityresponse.symantec.com...l.rootkit.html) You may need to consider reinstalling XP; if you do, get SP2 as soon as possible thereafter.
You can try the following to see if it helps any:
Go to Windows Update and get SP1a for both XP and IE.
Check for, and delete, the files listed here:
http://vil.mcafeesecurity.com/vil/content/v_102335.htm
Go to Start, Run, and type in services.msc; when the Services window opens, disable (for the time being at least) any entries that say Remote Access... (To disable them, first right-click on the entry, go to Properties, and next to Startup type, use the drop-down arrow and select Disable.
Scan with hijackthis and have it fix the following entries:
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
For every User listed under C:\Documents and Settings, delete the entire contents of these folders (not the folders themselves):
Local Settings\Temp
Cookies
History
Local Settings\Temporary Internet Files\Content.IE5
Delete the entire contents of your C:\Windows\Temp folder.
Delete the entire contents of your C:\Temp folder (if you have one).
Do a search for *.tmp and delete all entries found.
(Note: if any of these temporary files cannot be deleted while in ‘normal mode,’ try Safe Mode.
Empty your Recycle Bin.
Cross your fingers, reboot, and see if there is any improvement.
Your system most likely has been severely compromised; can you use System Restore to return it to a date before you were infected? (http://securityresponse.symantec.com...l.rootkit.html) You may need to consider reinstalling XP; if you do, get SP2 as soon as possible thereafter.
You can try the following to see if it helps any:
Go to Windows Update and get SP1a for both XP and IE.
Check for, and delete, the files listed here:
http://vil.mcafeesecurity.com/vil/content/v_102335.htm
Go to Start, Run, and type in services.msc; when the Services window opens, disable (for the time being at least) any entries that say Remote Access... (To disable them, first right-click on the entry, go to Properties, and next to Startup type, use the drop-down arrow and select Disable.
Scan with hijackthis and have it fix the following entries:
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
For every User listed under C:\Documents and Settings, delete the entire contents of these folders (not the folders themselves):
Local Settings\Temp
Cookies
History
Local Settings\Temporary Internet Files\Content.IE5
Delete the entire contents of your C:\Windows\Temp folder.
Delete the entire contents of your C:\Temp folder (if you have one).
Do a search for *.tmp and delete all entries found.
(Note: if any of these temporary files cannot be deleted while in ‘normal mode,’ try Safe Mode.
Empty your Recycle Bin.
Cross your fingers, reboot, and see if there is any improvement.
Links to help you help yourself :
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
Try out f-secure rootkit removal product, it´s still in beta phase but may detect/remove this rootkit of yours.http://www.f-secure.com/blacklight/
wiiwoo
•
•
•
•
Originally Posted by adion
Hi,
My PC had recently been attacked by HackTool.Rootkit virus. I went through some of the instructions that were posted in this forum and was able to remove it partially. But the virus is still lurking somewhere in my PC and i'm unable to remove it completely. Well, here's what i've done till now -
- I've installed MS Anti-Spyware (Beta) and removed all spyware from my comp.
- I found out that msdirectx.sys was the troublemaker and removed all occurrances of it from the registry and deleted all physical instances of the file too.
- I've run all the possible antivirus programs available - Stinger, AVG, NAV, McAfee 2005 - but in vain.
The problem now is that some malicious process shows up in my task manager (see HijackThis log below) called bwgo0000*.exe. I kill it each time and delete the program from the %temp% dir, but each time i reboot the system, it shows up again and tries to connect to the internet. Please help...!!
Logfile of HijackThis v1.99.1
Scan saved at 9:05:28 AM, on 5/13/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
E:\Program Files\Logitech\Video\LogiTray.exe
E:\Program Files\Microsoft AntiSpyware\gcasServ.exe
E:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.Exe
E:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
E:\DOCUME~1\Adithya\LOCALS~1\Temp\bwgo0000bee6.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe
E:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
D:\Downloads\HijackThis.exe
E:\WINDOWS\System32\rasautou.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] E:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] E:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] E:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [gcasServ] "E:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [McAfee Managed Services Tray] E:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.Exe
O4 - HKLM\..\Run: [MVS Splash] E:\Program Files\McAfee\Managed VirusScan\VScan\Splash.exe
O4 - HKCU\..\Run: [LDM] E:\Program Files\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Logitech Desktop Messenger Agent.lnk = E:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Download with &DAP - E:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - E:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - E:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yaho...opper1_4us.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{41174515-8D66-4B49-82FD-6EDED8F5CCF5}: NameServer = 202.144.95.4,202.144.66.6
O18 - Protocol: bw+0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Program Files\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: myrm - {4D034FC3-013F-4B95-B544-44D49ABE3E76} - E:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt3.0.0.624.dll
O18 - Protocol: offline-8876480 - {EFB3559C-6EEF-4748-A86F-EFA5CBBE25B9} - E:\Program Files\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: McShield - Network Associates, Inc. - E:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe
O23 - Service: McAfee Managed Services Agent (myAgtSvc) - McAfee, Inc. - E:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
Thanks in advance
Hi,
I tried all of the solutions that you guys have given but in vain!
I don't have any System Restore points because I reset it myself as the infection had crept into my _RESTORE directory also. F-Secure (Beta) couldn't find the virus. Do I have ANY other alternative other than reinstalling XP?
Thanks a ton for the help!
I tried all of the solutions that you guys have given but in vain!
I don't have any System Restore points because I reset it myself as the infection had crept into my _RESTORE directory also. F-Secure (Beta) couldn't find the virus. Do I have ANY other alternative other than reinstalling XP?Thanks a ton for the help!
I don't think so myself, but you can wait and see if there are any other opinions...
Links to help you help yourself :
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
|
Similar Threads
- For Kali2005: HackTool.Rootkit - Help Needed (Viruses, Spyware and other Nasties)
- Unable to completely remove HackTool.Rootkit virus (Viruses, Spyware and other Nasties)
- Unable to completely remove HackTool.Rootkit virus (Viruses, Spyware and other Nasties)
- Unable to completely remove HackTool.Rootkit virus (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Removing Aurora and other Nasties
- Next Thread: An Ad-aware problem
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare domains e-mafia education email europe exam facebook fancheckvirus gaming gtaiv halloween hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses war warning windows worm yahoo zeroday