virus wont let me open my microsoft documents!!!

Question

lioness726 0 Newbie Poster

17 Years Ago

hi,

about a month ago my computer was infected with a spyaxe virus (with the little virus alert icon in the notification area). i thought it was fixed but recently i tried to open some of my microsoft word documents and none of them will open!! same goes for my excel documents. a window will pop up saying that the document is not available. :sad:when i close microsoft word it tries to make changes to the template "normal", which i always cancel or say no to. using yet another virus scan program (AVG Anti-virus) i fount a trojan virus named tracert.exe in my documents folder within a folder named microsoft but it cant delete it.
i think this infection happened when i was infected with the other virus because i dont think i've downloaded anything suspicious since then but i'm not sure since i have not used microsoft word or excel since then. can someone please help me!

Logfile of HijackThis v1.99.1
Scan saved at 8:48:33 PM, on 6/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\WService.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ZVolume Pro\ZVolume.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Erin B. Howey\Desktop\HijackThis.exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ZVolume] C:\Program Files\ZVolume Pro\ZVolume.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,77/mcinsctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,18/mcgdmgr.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: STOPzilla Local Service - Unknown owner - C:\Program Files\STOPzilla!\szntsvc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

windows-virus

2 Contributors
2 Replies
165 Views
7 Hours Discussion Span
Latest Post 17 Years Ago Latest Post by lioness726

All 2 Replies

tayspen 28 <Insert title here>

17 Years Ago

Not seeing much in your log, though that doesn't mean its not here. Lets see if ewido picks it up.

Please download ewido anti-malware it is a free version of the program.

Install ewido anti-malware
When installing, under "Additional Options" uncheck..
- Install background guard
- Install scan via context menu
Launch ewido, there should be an icon on your desktop, double-click it.
The program will now open to the main screen.
When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
You will need to update ewido to the latest definition files.
- On the left hand side of the main screen click update.
- Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful" )

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:

Open up Ewido
Click on scanner
Click on Complete System Scan and the scan will begin.
You will be prompted to clean the first infection.
Select "Perform action on all infections", then proceed.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido anti-malware.

Reboot.

Post back with the ewido log, and a new HJT log

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

lioness726 0 Newbie Poster · Answer 1 · 2006-06-14T09:17:13+00:00

I was running ewido while writing the first post. Here's what it found. These same cookies (all 48 of them!) were there when i ran the scan a few days ago....does that indicate anything??

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:06:35 PM, 6/13/2006
+ Report-Checksum: A67773BB

+ Scan result:

:mozilla.6:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP288\A0045467.exe -> Downloader.Zlob.im : Cleaned with backup
C:\WINDOWS\Sуmantec\аttrib.exe -> Adware.PurityScan : Cleaned with backup

::Report End

virus wont let me open my microsoft documents!!!

Recommended Answers Collapse Answers

All 2 Replies

Recommended Answers