1,105,594 Community Members

Please check my computer system

Member Avatar
seikeun
Newbie Poster
3 posts since Jan 2011
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

I'm new on this forum and I don't know if I post it at the correct thread or topic but just want to know if my system is infected of virus or is there any software running in my computer that is harmful to my computer. I was attack by win32/sality.AM ones..and I don't know if I completely removed it in my system.please help. heres what HiJack This scanned for me.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:58:28 AM, on 1/14/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\system32\nvsvc32.exe
C:\windows\Explorer.EXE
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\PC1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\MODEM Mobile Connection\UIMain.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\PC1\Desktop\Security\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Download Accelerator Plus Integration - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O3 - Toolbar: MyFaceSounds Toolbar - {8B52078D-B630-4B00-A0AB-54D51CEDD9AA} - C:\Program Files\MyFaceSounds Toolbar\tbcore3.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HBLiteSA] "C:\Program Files\HBLite\bin\11.0.326.0\HBLiteSA.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [USBFW] C:\Program Files\Net Studio\USB FireWall\USB FireWall.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\PC1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [JP595IR86O] C:\DOCUME~1\PC1\LOCALS~1\Temp\Oxw.exe
O4 - HKCU\..\Run: [zehel] C:\Documents and Settings\PC1\zehel.exe /r
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{046E90F5-F159-4889-BB50-D907848745E7}: NameServer = 202.138.128.50 202.138.128.54
O17 - HKLM\System\CS1\Services\Tcpip\..\{046E90F5-F159-4889-BB50-D907848745E7}: NameServer = 202.138.128.50 202.138.128.54
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe

--
End of file - 8139 bytes


what do you think? Is there any malicious software there? Please reply. I'm confused!

Member Avatar
jlego
Posting Pro
531 posts since Mar 2009
Reputation Points: 15 [?]
Q&As Helped to Solve: 39 [?]
Skill Endorsements: 0 [?]
 
0
 

get the newest malware bytes anti malware program, reboot into windows safe mode and scan again. or use an online scanner in safe mode. like pandasecurity.com/directscan i think is the url.

Member Avatar
jlego
Posting Pro
531 posts since Mar 2009
Reputation Points: 15 [?]
Q&As Helped to Solve: 39 [?]
Skill Endorsements: 0 [?]
 
0
 
Member Avatar
crunchie
Most Valuable Poster
13,079 posts since Feb 2004
Reputation Points: 990 [?]
Q&As Helped to Solve: 1,031 [?]
Skill Endorsements: 5 [?]
Team Colleague
Featured
 
1
 

I was attack by win32/sality.AM ones.

If you were infected by the Sality virus and you did not reformat your computer, then you are still infected!
There is no fix for the Sality/Virut virus' other than to do a complete reformat.

Member Avatar
mjdodd
Practically a Master Poster
635 posts since Sep 2007
Reputation Points: 27 [?]
Q&As Helped to Solve: 55 [?]
Skill Endorsements: 0 [?]
 
0
 
Question Answered as of 3 Years Ago by jlego, crunchie and mjdodd
Member Avatar
crunchie
Most Valuable Poster
13,079 posts since Feb 2004
Reputation Points: 990 [?]
Q&As Helped to Solve: 1,031 [?]
Skill Endorsements: 5 [?]
Team Colleague
Featured
 
0
 

http://remove-malware.com/antimalware/anti-malware-howto/how-to-remove-a-patching-virus-w32virut-w32sality/

if it not too late have a look at this video!
M

Easier and safer to reformat :).

Member Avatar
seikeun
Newbie Poster
3 posts since Jan 2011
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

If you were infected by the Sality virus and you did not reformat your computer, then you are still infected!
There is no fix for the Sality/Virut virus' other than to do a complete reformat.

thanks for your reply, I followed your advice, reformat is the best solution.. now my system is clean and very fast..

Member Avatar
seikeun
Newbie Poster
3 posts since Jan 2011
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

thanks for all the replies.. I do appreciate them :) I'm enjoying with my Daniweb Family :)

Member Avatar
crunchie
Most Valuable Poster
13,079 posts since Feb 2004
Reputation Points: 990 [?]
Q&As Helped to Solve: 1,031 [?]
Skill Endorsements: 5 [?]
Team Colleague
Featured
 
0
 

You're welcome :)

Member Avatar
Swordstech
Newbie Poster
20 posts since Jan 2011
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Oh, i never knew it would be like that. Will it be okay if it was been blocked and deleted by the anti-virus?

Member Avatar
Swordstech
Newbie Poster
20 posts since Jan 2011
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

If you were infected by the Sality virus and you did not reformat your computer, then you are still infected!
There is no fix for the Sality/Virut virus' other than to do a complete reformat.

Hi! Uhm would be okay if the sality virus was blocked and deleted by the anti-virus? i mean is my pc already clean? I got those viruses on my flash disk.

Member Avatar
crunchie
Most Valuable Poster
13,079 posts since Feb 2004
Reputation Points: 990 [?]
Q&As Helped to Solve: 1,031 [?]
Skill Endorsements: 5 [?]
Team Colleague
Featured
 
0
 

Make sure to use Internet Explorer for this

Please go to VirSCAN.org FREE on-line scan service

Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
c:\windows\system32\userinit.exe


Click on the Upload button

If a pop-up appears saying the file has been scanned already, please select the ReScan button.

Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.

Paste the contents of the Clipboard in your next reply.

Also scan these,
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe


============

If they come back infected, you're in trouble.

You
This question has already been solved: Start a new discussion instead
Post:
Start New Discussion
View similar articles that have also been tagged: