 |  |  |  |  |  |  |  |
Don't know what virus this is, but need help with it.
 |
Hey all,
I'm pretty new here obviously, but I got some really... inconvienent virus on this laptop. I really am not sure what it is, but I know it has something called PROTECTOR.exe in the system32 folder (so not the real one) and I know it runs off the process 'tcpipmon.exe'. If you know what this virus is, please help me. I'm not allowing it access to the internet by firewall but it pops up a firewall window about every 5 seconds which is extremeley annoying, and I don't want it to progress.
So PLEASE help if you can. I THINK it might be New Win32, but I'm not entirely sure.
Thanks in advance,
culmor30
I'm pretty new here obviously, but I got some really... inconvienent virus on this laptop. I really am not sure what it is, but I know it has something called PROTECTOR.exe in the system32 folder (so not the real one) and I know it runs off the process 'tcpipmon.exe'. If you know what this virus is, please help me. I'm not allowing it access to the internet by firewall but it pops up a firewall window about every 5 seconds which is extremeley annoying, and I don't want it to progress.
So PLEASE help if you can. I THINK it might be New Win32, but I'm not entirely sure.
Thanks in advance,
culmor30
•
•
Join Date: Feb 2004
Posts: 10,050
Reputation: 
Solved Threads: 762
Hi and welcome to Daniweb forums 
.
Please download and install AVG antispyware tool
Post the log here.
==
Download HijackThis self-extracting zip version from here. Once downloaded, double click on the file & it will install into it's own, permanent folder.
Start HJT & press the "Do a system scan and save a log file" button. When the scan is finished a window will pop up giving you the option of where to save it. Save it to desktop where it is easy to access. Open the log file and copy the entire contents of the file & paste it into the body of your post. DO NOT FIX ANYTHING YET. Most of what is there is necessary for the running of your system.
.Please download and install AVG antispyware tool
- Close all other Applications Select language click Ok
- Click I Agree
- Click next
- Click Install
- Click Finish
- Wait and AVG antispyware will open to the main screen automatically.
- Wait again a few minutes and AVG antispyware Should Auto update itself. If it doesn't click update at top of screen.
- This is very important to get updates
- When updating has finished. Close AVG antispyware.
- Next, please reboot your computer in Safe Mode by doing the following:
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
- Instead of Windows loading as normal, a menu should appear use arrow up to highlight
- Select the first option, to run Windows in Safe Mode hit enter.
- For additional help in booting into Safe Mode, see the following site: HERE
You MUST manage to get into Safe Mode for the fix to work.
- Run AVG antispyware.
- Click on scanner at top of AVG antispyware sceen.
- Click on Settings.
- Under How to Act click on Recommended Action and choose Quarantine.
- Under How to scan all boxes should be selected.
- Under Possibly unwanted software all boxes should be selected.
- On right side under Reports: click on Automatically generate report after every scan.
- Under What to scan select scan every file.
- Click On scan Tab.
- Click on Complete system scan.
- Let the program scan the machine It can take awhile give it time.
- When scan has finished at bottom of screen click Apply all Actions.
- Click Save report
- Click Save Report as (Save as window's screen should pop up.)
- Click desktop.
- Click Save.
- Exit AVG antispyware.
Post the log here.
==
Download HijackThis self-extracting zip version from here. Once downloaded, double click on the file & it will install into it's own, permanent folder.
Start HJT & press the "Do a system scan and save a log file" button. When the scan is finished a window will pop up giving you the option of where to save it. Save it to desktop where it is easy to access. Open the log file and copy the entire contents of the file & paste it into the body of your post. DO NOT FIX ANYTHING YET. Most of what is there is necessary for the running of your system.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Ok, here's the report:
Hope that helps. Because I really need to get rid of this thing.
--------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 11:35:35 PM 3/2/2007 + Scan result: HKLM\SOFTWARE\Classes\b3d_auto_file -> Adware.BrilliantDigital : Ignored. HKLM\SOFTWARE\Classes\b3d_auto_file\shell -> Adware.BrilliantDigital : Ignored. HKLM\SOFTWARE\Classes\b3d_auto_file\shell\open -> Adware.BrilliantDigital : Ignored. HKLM\SOFTWARE\Classes\b3d_auto_file\shell\open\command -> Adware.BrilliantDigital : Ignored. C:\WINDOWS\system32\sysrdm32.exe -> Backdoor.Bifrose.abj : Ignored. C:\Documents and Settings\Cullin Moran\Local Settings\Temp\Temporary Internet Files\Content.IE5\I1YLM9MR\yimcksaemj[1].txt -> Downloader.Small.ehs : Ignored. C:\Documents and Settings\Cullin Moran\Local Settings\Temporary Internet Files\Content.IE5\O78RSTUV\yimcksaemj[1].txt -> Downloader.Small.ehs : Ignored. C:\Documents and Settings\Cullin Moran\Local Settings\Temp\Temporary Internet Files\Content.IE5\I1YLM9MR\cqriqhchc[1].htm -> Hijacker.Agent.is : Ignored. C:\Documents and Settings\Cullin Moran\Local Settings\Temporary Internet Files\Content.IE5\D1QOFDNU\cqriqhchc[1].htm -> Hijacker.Agent.is : Ignored. C:\WINDOWS\system32\tcpipmon.exe -> Hijacker.Agent.is : Ignored. C:\hlvljisk.exe -> Hijacker.Agent.is : Ignored. C:\Documents and Settings\Cullin Moran\Desktop\Cullin's Stuff\EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : Ignored. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WinOpts -> Proxy.Small : Ignored. C:\WINDOWS\system32\protector.exe -> Proxy.Wopla.ac : Ignored. C:\WINDOWS\system32\ntio256.sys -> Rootkit.Agent.cf : Ignored. :mozilla.65:C:\Documents and Settings\Cullin Moran\Application Data\Mozilla\Firefox\Profiles\gqay6hyv.default\cookies.txt -> TrackingCookie.2o7 : Ignored. :mozilla.66:C:\Documents and Settings\Cullin Moran\Application Data\Mozilla\Firefox\Profiles\gqay6hyv.default\cookies.txt -> TrackingCookie.2o7 : Ignored. :mozilla.67:C:\Documents and Settings\Cullin Moran\Application Data\Mozilla\Firefox\Profiles\gqay6hyv.default\cookies.txt -> TrackingCookie.2o7 : Ignored. :mozilla.68:C:\Documents and Settings\Cullin Moran\Application Data\Mozilla\Firefox\Profiles\gqay6hyv.default\cookies.txt -> TrackingCookie.2o7 : Ignored. :mozilla.69:C:\Documents and Settings\Cullin Moran\Application Data\Mozilla\Firefox\Profiles\gqay6hyv.default\cookies.txt -> TrackingCookie.2o7 : Ignored. C:\Documents and Settings\Cullin Moran\Cookies\cullin moran@2o7[1].txt -> TrackingCookie.2o7 : Ignored. :mozilla.88:C:\Documents and Settings\Cullin Moran\Application Data\Mozilla\Firefox\Profiles\gqay6hyv.default\cookies.txt -> TrackingCookie.Adbrite : Ignored. :mozilla.89:C:\Documents and Settings\Cullin Moran\Application Data\Mozilla\Firefox\Profiles\gqay6hyv.default\cookies.txt -> TrackingCookie.Adbrite : Ignored. :mozilla.20:C:\Documents and Settings\Cullin Moran\Application Data\Mozilla\Firefox\Profiles\gqay6hyv.default\cookies.txt -> TrackingCookie.Adjuggler : Ignored. :mozilla.21:C:\Documents and Settings\Cullin Moran\Application Data\Mozilla\Firefox\Profiles\gqay6hyv.default\cookies.txt -> TrackingCookie.Adjuggler : Ignored. :mozilla.90:C:\Documents and Settings\Cullin Moran\Application Data\Mozilla\Firefox\Profiles\gqay6hyv.default\cookies.txt -> TrackingCookie.Advertising : Ignored. C:\Documents and Settings\Cullin Moran\Cookies\cullin moran@advertising[1].txt -> TrackingCookie.Advertising : Ignored. :mozilla.50:C:\Documents and Settings\Cullin Moran\Application Data\Mozilla\Firefox\Profiles\gqay6hyv.default\cookies.txt -> TrackingCookie.Atdmt : Ignored. C:\Documents and Settings\Cullin Moran\Cookies\cullin moran@atdmt[2].txt -> TrackingCookie.Atdmt : Ignored. :mozilla.59:C:\Documents and Settings\Cullin Moran\Application Data\Mozilla\Firefox\Profiles\gqay6hyv.default\cookies.txt -> TrackingCookie.Bluestreak : Ignored. :mozilla.52:C:\Documents and Settings\Cullin Moran\Application Data\Mozilla\Firefox\Profiles\gqay6hyv.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored. :mozilla.53:C:\Documents and Settings\Cullin Moran\Application Data\Mozilla\Firefox\Profiles\gqay6hyv.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored. :mozilla.54:C:\Documents and Settings\Cullin Moran\Application Data\Mozilla\Firefox\Profiles\gqay6hyv.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored. :mozilla.55:C:\Documents and Settings\Cullin Moran\Application Data\Mozilla\Firefox\Profiles\gqay6hyv.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored. :mozilla.56:C:\Documents and Settings\Cullin Moran\Application Data\Mozilla\Firefox\Profiles\gqay6hyv.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored. :mozilla.51:C:\Documents and Settings\Cullin Moran\Application Data\Mozilla\Firefox\Profiles\gqay6hyv.default\cookies.txt -> TrackingCookie.Doubleclick : Ignored. C:\Documents and Settings\Cullin Moran\Cookies\cullin moran@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignored. :mozilla.22:C:\Documents and Settings\Cullin Moran\Application Data\Mozilla\Firefox\Profiles\gqay6hyv.default\cookies.txt -> TrackingCookie.Falkag : Ignored. C:\Documents and Settings\Cullin Moran\Cookies\cullin moran@ehg-ati.hitbox[2].txt -> TrackingCookie.Hitbox : Ignored. C:\Documents and Settings\Cullin Moran\Cookies\cullin moran@hitbox[2].txt -> TrackingCookie.Hitbox : Ignored. C:\Documents and Settings\Cullin Moran\Cookies\cullin moran@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Ignored. :mozilla.49:C:\Documents and Settings\Cullin Moran\Application Data\Mozilla\Firefox\Profiles\gqay6hyv.default\cookies.txt -> TrackingCookie.Mediaplex : Ignored. :mozilla.26:C:\Documents and Settings\Cullin Moran\Application Data\Mozilla\Firefox\Profiles\gqay6hyv.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Ignored. :mozilla.27:C:\Documents and Settings\Cullin Moran\Application Data\Mozilla\Firefox\Profiles\gqay6hyv.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Ignored. :mozilla.57:C:\Documents and Settings\Cullin Moran\Application Data\Mozilla\Firefox\Profiles\gqay6hyv.default\cookies.txt -> TrackingCookie.Questionmarket : Ignored. C:\Documents and Settings\Cullin Moran\Cookies\cullin moran@questionmarket[2].txt -> TrackingCookie.Questionmarket : Ignored. C:\Documents and Settings\Cullin Moran\Cookies\cullin moran@revsci[1].txt -> TrackingCookie.Revsci : Ignored. C:\Documents and Settings\Cullin Moran\Cookies\cullin moran@edge.ru4[2].txt -> TrackingCookie.Ru4 : Ignored. :mozilla.25:C:\Documents and Settings\Cullin Moran\Application Data\Mozilla\Firefox\Profiles\gqay6hyv.default\cookies.txt -> TrackingCookie.Tribalfusion : Ignored. :mozilla.72:C:\Documents and Settings\Cullin Moran\Application Data\Mozilla\Firefox\Profiles\gqay6hyv.default\cookies.txt -> TrackingCookie.Tribalfusion : Ignored. C:\Documents and Settings\Cullin Moran\Local Settings\Temp\Temporary Internet Files\Content.IE5\I1YLM9MR\eyrab[2].htm -> Trojan.ProcKill.DJ : Ignored. C:\Documents and Settings\Cullin Moran\Local Settings\Temp\Temporary Internet Files\Content.IE5\UFR52CT1\ylzqaoj[1].htm -> Trojan.ProcKill.DJ : Ignored. C:\Documents and Settings\Cullin Moran\Local Settings\Temporary Internet Files\Content.IE5\D1QOFDNU\ylzqaoj[1].htm -> Trojan.ProcKill.DJ : Ignored. C:\Documents and Settings\Cullin Moran\Local Settings\Temporary Internet Files\Content.IE5\O1OLGVWB\eyrab[1].htm -> Trojan.ProcKill.DJ : Ignored. C:\Documents and Settings\Cullin Moran\Local Settings\Temporary Internet Files\Content.IE5\OAQXDNRG\mlzuyupgoe[1].htm -> Trojan.ProcKill.DJ : Ignored. C:\eibkqlk.exe -> Trojan.ProcKill.DJ : Ignored. C:\jiyywtxq.exe -> Trojan.ProcKill.DJ : Ignored. C:\ybaxd.exe -> Trojan.ProcKill.DJ : Ignored. ::Report end
Hope that helps. Because I really need to get rid of this thing.
•
•
Join Date: Feb 2004
Posts: 10,050
Reputation:
Solved Threads: 762
•
•
•
•
Originally Posted by crunchie 
Click on Settings.[*]Under How to Act click on Recommended Action and choose Quarantine.
•
•
•
•
Originally Posted by crunchie
Download HijackThis self-extracting zip version from here. Once downloaded, double click on the file & it will install into it's own, permanent folder.
Start HJT & press the "Do a system scan and save a log file" button. When the scan is finished a window will pop up giving you the option of where to save it. Save it to desktop where it is easy to access. Open the log file and copy the entire contents of the file & paste it into the body of your post. DO NOT FIX ANYTHING YET. Most of what is there is necessary for the running of your system.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Oh I quarantined that. And I think it worked actually. My only question is, is it actually GONE or is it just... supressed?
•
•
Join Date: Feb 2004
Posts: 10,050
Reputation:
Solved Threads: 762
If you take a look at the logfile you posted, every entry was ignored. You need to boot into safe mode again, run AVG anti-spyware, have it scan your system after applying the settings I advised.
I need to see the log produced and a log from hijackthis, that is, if you want to clean up your system.
I need to see the log produced and a log from hijackthis, that is, if you want to clean up your system
. Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
C:\WINDOWS\system32\protector.exe
C:\WINDOWS\system32\ntio256.sys
These two are a malware downloader and the FOOP Rootkit driver that protects it.
I am interested in seeing if AVG Anti-spy can remove it. The Legacy Reg Keys are a pain to remove.
Sp please do have AVG try to clean all it finds!
PP
C:\WINDOWS\system32\ntio256.sys
These two are a malware downloader and the FOOP Rootkit driver that protects it.
I am interested in seeing if AVG Anti-spy can remove it. The Legacy Reg Keys are a pain to remove.
Sp please do have AVG try to clean all it finds!
PP
In some sort of crude sense, which no vulgarity, no humor, no overstatement can quite extinguish, the physicists have known sin; and this is a knowledge which they cannot lose.
~ J. Robert Oppenheimer
ASAP
~ J. Robert Oppenheimer
ASAP
•
•
•
•
Originally Posted by culmor30
I told it to clean all the stuff but the program is a demo so I don't know if it will work...
If it is unable to clean the rootkit components, you may need more detailed assistance.
On the plus side, if AVG is detecting the rootkit, that is cause for optimism.
PP
In some sort of crude sense, which no vulgarity, no humor, no overstatement can quite extinguish, the physicists have known sin; and this is a knowledge which they cannot lose.
~ J. Robert Oppenheimer
ASAP
~ J. Robert Oppenheimer
ASAP
•
•
Join Date: Feb 2004
Posts: 10,050
Reputation:
Solved Threads: 762
•
•
•
•
Originally Posted by culmor30
I told it to clean all the stuff but the program is a demo so I don't know if it will work...
Make sure you run it in safe mode too.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
|
Similar Threads
- 100% CPU Usage - No Virus, No gaming (Windows NT / 2000 / XP)
- Virus Downloader.tooncom (Windows NT / 2000 / XP)
- My auto virus scan just went off (Windows NT / 2000 / XP)
- im stupid (Windows NT / 2000 / XP)
- An available & non_pricy Virus Scanner for Windows Serve (Windows NT / 2000 / XP)
- I think I have a virus (Windows NT / 2000 / XP)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Please view my HJT log
- Next Thread: Generic Host Process for Win32 Error
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
adware anti-malware anti-virussitesaccessissue antivirus apple attack avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial conficker connect control cyber cybercrime cyberwarfare ddos education email europe exam exploit facebook fake fancheckvirus gaming gtaiv gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting report research risk rogueantivirus samhain sans scareware search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
