virus wont let me open my microsoft documents!!!

Expand Post »

hi,

about a month ago my computer was infected with a spyaxe virus (with the little virus alert icon in the notification area). i thought it was fixed but recently i tried to open some of my microsoft word documents and none of them will open!! same goes for my excel documents. a window will pop up saying that the document is not available.

when i close microsoft word it tries to make changes to the template "normal", which i always cancel or say no to. using yet another virus scan program (AVG Anti-virus) i fount a trojan virus named tracert.exe in my documents folder within a folder named microsoft but it cant delete it.
i think this infection happened when i was infected with the other virus because i dont think i've downloaded anything suspicious since then but i'm not sure since i have not used microsoft word or excel since then. can someone please help me!

Logfile of HijackThis v1.99.1
Scan saved at 8:48:33 PM, on 6/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\WService.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ZVolume Pro\ZVolume.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Erin B. Howey\Desktop\HijackThis.exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ZVolume] C:\Program Files\ZVolume Pro\ZVolume.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/sh...7/mcinsctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/sh...18/mcgdmgr.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: STOPzilla Local Service - Unknown owner - C:\Program Files\STOPzilla!\szntsvc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

Similar Threads

cannot open any files of documents!!help in Viruses, Spyware and other Nasties
anti-virus and firewall programs wont start or eve open in Windows Software
Virus Alert! icon in the Notification Bar <<HELP>> in Viruses, Spyware and other Nasties
How to open pdf documents from a Microsoft Access Form and Creation of Browser in MS Access and FileMaker Pro
key board virus in Viruses, Spyware and other Nasties

lioness726

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

7 posts
since May 2006

Permalink

Jun 13th, 2006

Re: virus wont let me open my microsoft documents!!!

Not seeing much in your log, though that doesn't mean its not here. Lets see if ewido picks it up.

Please download ewido anti-malware it is a free version of the program.

Install ewido anti-malware
When installing, under "Additional Options" uncheck..
- Install background guard
- Install scan via context menu
Launch ewido, there should be an icon on your desktop, double-click it.
The program will now open to the main screen.
When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
You will need to update ewido to the latest definition files.
- On the left hand side of the main screen click update.
- Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful" )

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:

Open up Ewido
Click on scanner
Click on Complete System Scan and the scan will begin.
You will be prompted to clean the first infection.
Select "Perform action on all infections", then proceed.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido anti-malware.

Reboot.

Post back with the ewido log, and a new HJT log

tayspen

Team Colleague

Reputation Points: 84

Solved Threads: 99

Offline

1,542 posts
since Jul 2005

Permalink

Jun 14th, 2006

Re: virus wont let me open my microsoft documents!!!

I was running ewido while writing the first post. Here's what it found. These same cookies (all 48 of them!) were there when i ran the scan a few days ago....does that indicate anything??

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:06:35 PM, 6/13/2006
+ Report-Checksum: A67773BB

+ Scan result:

:mozilla.6:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP288\A0045467.exe -> Downloader.Zlob.im : Cleaned with backup
C:\WINDOWS\Sуmantec\аttrib.exe -> Adware.PurityScan : Cleaned with backup

::Report End

lioness726

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

7 posts
since May 2006

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.

Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: Need some help fixing up my computer [hijackthis log inside]

Next Thread in Viruses, Spyware and other Nasties Forum Timeline: QuickTime Error, could be spyware related??? Hijack log included

DaniWeb Message

Cancel Changes

User Name
Password