Member Avatar for Freakedout

This is related to the new win32 virus.I read a lot of threads where you have requested the users to collect Hijackthis log...And i see that in the log that they give, the malwares are reported only from the c drive or the drive from where the windows is installed.Here is where my problem differs.Once this issue was encountered I formatted the drive that had XP and reinstalled it again.Then a couple of days later I saw that all my valid exes in the System32 folder started to show up as virus on ZoneAlarm. From which I came to the conclusion that the the virus must be present on a different drive. How can I remove or detect the virus from different drives...?
I have attached the Hijackthis log for your reference.Let me know if aany more info is needed.Please help me...:S

P.s I used "exterminate it" to determine any malacious content in the registry as well as the installed drive(only scans the OS drive :'( and found reader_s.exe and servises.exe in the registry as well as windows folder and deleted it)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56:32 PM, on 10/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\WINDOWS\system32\slserv.exe
D:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\cmd.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - D:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 1802 bytes
  • 2 Contributors
  • 1 Reply
  • 60 Views
  • 6 Hours Discussion Span
  • Latest Post Latest Post by PhilliePhan
Member Avatar for PhilliePhan

How can I remove or detect the virus from different drives...?
I have attached the Hijackthis log for your reference.Let me know if aany more info is needed.Please help me..

Do steps #8 & #9 in the linky below and post the logs:
http://www.daniweb.com/forums/thread134865.html

Do the Full Scan with MBAM - It will allow you to choose any and all drives you want to scan.

I am a bit overextended at the moment, but if you post the logs I'm sure somebody will be able to advise you further.

Best Luck :)
PP

Edited by PhilliePhan because: The Usual.....
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.