We're a community of 1077K IT Pros here for help, advice, solutions, professional growth and fun. Join us!
1,076,235 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Start New Discussion Reply to this Discussion
Ad: Join Spiceworks today for free - all IT pros welcome!
2 Years Ago
0

Please check my computer system

I'm new on this forum and I don't know if I post it at the correct thread or topic but just want to know if my system is infected of virus or is there any software running in my computer that is harmful to my computer. I was attack by win32/sality.AM ones..and I don't know if I completely removed it in my system.please help. heres what HiJack This scanned for me.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:58:28 AM, on 1/14/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\system32\nvsvc32.exe
C:\windows\Explorer.EXE
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\PC1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\MODEM Mobile Connection\UIMain.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\PC1\Desktop\Security\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Download Accelerator Plus Integration - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O3 - Toolbar: MyFaceSounds Toolbar - {8B52078D-B630-4B00-A0AB-54D51CEDD9AA} - C:\Program Files\MyFaceSounds Toolbar\tbcore3.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HBLiteSA] "C:\Program Files\HBLite\bin\11.0.326.0\HBLiteSA.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [USBFW] C:\Program Files\Net Studio\USB FireWall\USB FireWall.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\PC1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [JP595IR86O] C:\DOCUME~1\PC1\LOCALS~1\Temp\Oxw.exe
O4 - HKCU\..\Run: [zehel] C:\Documents and Settings\PC1\zehel.exe /r
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{046E90F5-F159-4889-BB50-D907848745E7}: NameServer = 202.138.128.50 202.138.128.54
O17 - HKLM\System\CS1\Services\Tcpip\..\{046E90F5-F159-4889-BB50-D907848745E7}: NameServer = 202.138.128.50 202.138.128.54
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe

--
End of file - 8139 bytes


what do you think? Is there any malicious software there? Please reply. I'm confused!

6
Contributors
11
Replies
1 Month
Discussion Span
2 Years Ago
Last Updated
12
Views
Question
Answered
seikeun
Newbie Poster
3 posts since Jan 2011
Reputation Points: 10
Solved Threads: 0
Skill Endorsements: 0
2 Years Ago
0

get the newest malware bytes anti malware program, reboot into windows safe mode and scan again. or use an online scanner in safe mode. like pandasecurity.com/directscan i think is the url.

jlego
Posting Pro
531 posts since Mar 2009
Reputation Points: 31
Solved Threads: 41
Skill Endorsements: 0
jlego
Posting Pro
531 posts since Mar 2009
Reputation Points: 31
Solved Threads: 41
Skill Endorsements: 0
2 Years Ago
1

I was attack by win32/sality.AM ones.

If you were infected by the Sality virus and you did not reformat your computer, then you are still infected!
There is no fix for the Sality/Virut virus' other than to do a complete reformat.

crunchie
Most Valuable Poster
Moderator
20,101 posts since Feb 2004
Reputation Points: 1,142
Solved Threads: 985
Skill Endorsements: 3
mjdodd
Practically a Master Poster
621 posts since Sep 2007
Reputation Points: 36
Solved Threads: 53
Skill Endorsements: 0
Question Answered as of 2 Years Ago by jlego, crunchie and mjdodd
2 Years Ago
0

http://remove-malware.com/antimalware/anti-malware-howto/how-to-remove-a-patching-virus-w32virut-w32sality/

if it not too late have a look at this video!
M

Easier and safer to reformat :).

crunchie
Most Valuable Poster
Moderator
20,101 posts since Feb 2004
Reputation Points: 1,142
Solved Threads: 985
Skill Endorsements: 3
2 Years Ago
0

If you were infected by the Sality virus and you did not reformat your computer, then you are still infected!
There is no fix for the Sality/Virut virus' other than to do a complete reformat.

thanks for your reply, I followed your advice, reformat is the best solution.. now my system is clean and very fast..

seikeun
Newbie Poster
3 posts since Jan 2011
Reputation Points: 10
Solved Threads: 0
Skill Endorsements: 0
2 Years Ago
0

thanks for all the replies.. I do appreciate them :) I'm enjoying with my Daniweb Family :)

seikeun
Newbie Poster
3 posts since Jan 2011
Reputation Points: 10
Solved Threads: 0
Skill Endorsements: 0
2 Years Ago
0

You're welcome :)

crunchie
Most Valuable Poster
Moderator
20,101 posts since Feb 2004
Reputation Points: 1,142
Solved Threads: 985
Skill Endorsements: 3
2 Years Ago
0

Oh, i never knew it would be like that. Will it be okay if it was been blocked and deleted by the anti-virus?

Swordstech
Newbie Poster
20 posts since Jan 2011
Reputation Points: 10
Solved Threads: 0
Skill Endorsements: 0
2 Years Ago
0

If you were infected by the Sality virus and you did not reformat your computer, then you are still infected!
There is no fix for the Sality/Virut virus' other than to do a complete reformat.

Hi! Uhm would be okay if the sality virus was blocked and deleted by the anti-virus? i mean is my pc already clean? I got those viruses on my flash disk.

Swordstech
Newbie Poster
20 posts since Jan 2011
Reputation Points: 10
Solved Threads: 0
Skill Endorsements: 0
2 Years Ago
0

Make sure to use Internet Explorer for this

Please go to VirSCAN.org FREE on-line scan service

Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
c:\windows\system32\userinit.exe


Click on the Upload button

If a pop-up appears saying the file has been scanned already, please select the ReScan button.

Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.

Paste the contents of the Clipboard in your next reply.

Also scan these,
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe


============

If they come back infected, you're in trouble.

crunchie
Most Valuable Poster
Moderator
20,101 posts since Feb 2004
Reputation Points: 1,142
Solved Threads: 985
Skill Endorsements: 3

This question has already been solved: Start a new discussion instead

Post: Markdown Syntax: Formatting Help
 
You
Hardware and Software > Microsoft Windows > Viruses, Spyware and other Nasties
View similar articles that have also been tagged:
 
© 2013 DaniWeb® LLC
Page rendered in 0.1250 seconds using 3.14MB