Hi I am new to this site i joined becase iv been readin all these threads about how popular this problem is and it seems that every one has to do it a certain way. if any one could give me some pointers on how i get the proces of releaving my computer of these trojans started your help would be greatly apresheated. just like al who have this problem i cant use my AIM and i just dont like those things being on my add/remove programs list.
Thanks 4 Ur time
~Calcutta~ :cheesy:
Jump to PostHi Calcutta22, welcome to DaniWeb :D
Please follow the recommendations in these threads to help protect, and start the cleanup process, of your system:
http://www.daniweb.com/techtalkforums/thread27519.html
http://www.daniweb.com/techtalkforums/thread27570.html
Include Ewido in the list of suggestions, scan with it in Safe Mode, and pay attention to where …
Hi Calcutta22, welcome to DaniWeb :D
Please follow the recommendations in these threads to help protect, and start the cleanup process, of your system:
http://www.daniweb.com/techtalkforums/thread27519.html
http://www.daniweb.com/techtalkforums/thread27570.html
Include Ewido in the list of suggestions, scan with it in Safe Mode, and pay attention to where the log is saved so you can include it in your next reply.
Empty your Recycle Bin and reboot normally.
Download, install, update, and run these utilities:
CWShredder -- http://www.intermute.com/spysubtract/cwshredder_download.html
HSRemove -- http://www.majorgeeks.com/download4286.html
After you've completed that, get the self-extracting version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html
Then, close any open browser windows, 'Scan and Save Log' with HijackThis, and then copy and paste the log here along with the Ewido log.
Hey im back iv been falowign all those steps you sent me over the last couple of days it took like 2 for ewido to get rid of everything i had over 7000 files that i needed to get rid of thatnks for your help thus far. unfortunatly i didnt make it through one scan i had some problems and reinstalled the sofwwear redid the scan when there was only 2000 left :) o and another problem im not to sure what happned to my file of it i saved one but its not where i saved it. but i do have the hijackthis file so here it is
Logfile of HijackThis v1.99.1
Scan saved at 4:08:25 PM, on 7/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\WDC\SetIcon.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\Cal\LOCALS~1\Temp\Rar$EX01.297\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {78D2558B-C478-86C4-EC3A-2EDBEA964B5A} - C:\WINDOWS\system32\ntjv32.dll (file missing)
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Corel Painter 8f] C:\Program Files\Common Files\Corel\Registration\EN\Registration.exe /title="Corel Painter 8" /date=071705 serial=PF08CTD-9999999-KHN
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [atlhj32.exe] C:\WINDOWS\atlhj32.exe
O4 - HKLM\..\Run: [sdkfi32.exe] C:\WINDOWS\sdkfi32.exe
O4 - HKLM\..\Run: [netmk32.exe] C:\WINDOWS\system32\netmk32.exe
O4 - HKLM\..\Run: [winupdate] C:\Program Files\winupdate\winupdate.exe /auto
O4 - HKLM\..\Run: [ntkx.exe] C:\WINDOWS\ntkx.exe
O4 - HKLM\..\Run: [systq32.exe] C:\WINDOWS\systq32.exe
O4 - HKLM\..\Run: [Bydbelfr] C:\Program Files\Kwfzg\Ovauk.exe
O4 - HKLM\..\Run: [sdkls32.exe] C:\WINDOWS\system32\sdkls32.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [addsj32.exe] C:\WINDOWS\addsj32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ntam.exe] C:\WINDOWS\system32\ntam.exe
O4 - HKLM\..\Run: [javaph.exe] C:\WINDOWS\system32\javaph.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [winfd32.exe] C:\WINDOWS\winfd32.exe
O4 - HKLM\..\Run: [apigp.exe] C:\WINDOWS\apigp.exe
O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe
O4 - HKLM\..\Run: [winar32.exe] C:\WINDOWS\winar32.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - C:\Documents and Settings\Cal\Desktop\SFUninstaller.exe" service (file missing)
if i have posted this incorrectly please feel free to yell at me in Caps lock :) ill be around thank you very very much
~Calcutta~
Please go to this thread and follow the instructions for using HijackThis:
http://www.daniweb.com/techtalkforums/thread28196.html
After you've finished the general cleanup and program removal steps, go to post #6.
After you've completed the steps in post #6, post a new HJT log and try again to post the Ewido log (remember to scan in Safe Mode with Ewido).
hi , i m a new member in this community, i have been downloading three movies in ares, which stopped in between, i know that they may have been affected by some malware or spywares or viruses may be, but how can i delete them , i removed and totally uninstalled ares and again installed it again and again, but they are not removed ,do u suggest nething to do?
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.