Problem with viruses , please help

Advertise at AfterDawn.com

Link to us!

Private messages

Compose a private message

List of all updated threads

Threads without replies

Search messages

Wednesday 11.12.2024 / 16:00

Search AfterDawn Forums:

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > problem with viruses , please help

Browse by topic

Forums

Start a new thread

Problem with viruses , please help

Jump to:

Posted

Message

AndyLaz

Junior Member

10. July 2012 @ 04:13

Link to this message

Hello all , I already have one java script virus sitting in the quarantine in Avira anti- virus premium .

A while ago I must have installed a program called 1 - click down loader and the computer is running super slow at times , and I receive a pop up message letting me know a " script is running and to click yes or no to stop it .

Does this sound like a worm virus , and any suggestions and how to remove it because Avira , Malware-bytes , Combo - fix , and even Super-anti- spyware have not detected this virus .

[ + quote]

aldan

Senior Member

10. July 2012 @ 04:52

Link to this message

see if you can uninstall 1click,then download,update and run hijack this and post a log.do not fix anything with hjt.

[ + quote]

AndyLaz

Junior Member

10. July 2012 @ 12:28

Link to this message

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dts.search-results.com/sr?src=ie...q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: BHO_PROJECT - {47CEEE9C-3B9B-492C-95CA-1AC3A99D154C} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Citrix\GoToMyPC\g2svc.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\pev.3XE (file missing)
O24 - Desktop Component 0: (no name) - http://v5-static.ehowcdn.com/media/images/logos/logo.png
O24 - Desktop Component 1: (no name) - http://img.ehowcdn.com/other-people/eho...ter-180x180.jpg
O24 - Desktop Component 2: (no name) - http://www.ironmagazineforums.com/galle...edium/hot17.jpg

--
End of file - 4485 bytes Here is the log .

[ + quote]

aldan

Senior Member

10. July 2012 @ 16:09

Link to this message

run hijack this again and delete the following.

O2 - BHO: BHO_PROJECT - {47CEEE9C-3B9B-492C-95CA-1AC3A99D154C} - (no file)
O24 - Desktop Component 0: (no name) - http://v5-static.ehowcdn.com/media/images/logos/logo.png
O24 - Desktop Component 1: (no name) - http://img.ehowcdn.com/other-people/eho...ter-180x180.jpg
O24 - Desktop Component 2: (no name) - http://www.ironmagazineforums.com/galle...edium/hot17.jpg

after doing this run another av scan.then run malwarebytes and superantispyware and delete what you find.then run hijack this again and post another log.also let us know how your computer is running.

[ + quote]

AndyLaz

Junior Member

11. July 2012 @ 23:37

Link to this message

Originally posted by aldan:
run hijack this again and delete the following.

O2 - BHO: BHO_PROJECT - {47CEEE9C-3B9B-492C-95CA-1AC3A99D154C} - (no file)
O24 - Desktop Component 0: (no name) - http://v5-static.ehowcdn.com/media/images/logos/logo.png
O24 - Desktop Component 1: (no name) - http://img.ehowcdn.com/other-people/eho...ter-180x180.jpg
O24 - Desktop Component 2: (no name) - http://www.ironmagazineforums.com/galle...edium/hot17.jpg

after doing this run another av scan.then run malwarebytes and superantispyware and delete what you find.then run hijack this again and post another log.also let us know how your computer is running.

I think I may have a worm virus infecting my computer . This is what I see in a pop-up box when the computer starts to freeze : Warning : unresponsive script . Script :http//yahoo .eye blaster .com /pl- yahoo/big scripts /eb banner -2-5-2-1.js:1 I ran a W32.blaster.worm removal tool after disabling system restore and the internet connection and was told this worm is not on my computer so any suggestions because this is odd no anti- virus or spyware program can detect this worm . I was supposed to install a patch from microsoft only my operating system is too up to date and won't install and I don't know if that would have made a difference . All I know is Avira is detecting more viruses all of a sudden .

[ + quote]

aldan

Senior Member

12. July 2012 @ 11:31

Link to this message

and?need to see your new hjt log.

[ + quote]

AndyLaz

Junior Member

12. July 2012 @ 19:49

Link to this message

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:46:47 PM, on 7/12/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5503)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dts.search-results.com/sr?src=ie...q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: BHO_PROJECT - {47CEEE9C-3B9B-492C-95CA-1AC3A99D154C} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKUS\S-1-5-21-299502267-261903793-839522115-1004\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED (User '?')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Citrix\GoToMyPC\g2svc.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: McAfee ScanAndRepair Svc - McAfee, Inc. - C:\Program Files\McAfeeScanAndRepair\McAfeeScanRepairSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\pev.3XE (file missing)

--
End of file - 4345 bytes

I just did a full scan with Avira premium today in safe mode and no viruses detected and the computer still running slow and freezing up .

[ + quote]

aldan

Senior Member

12. July 2012 @ 20:43

Link to this message

did you check repair on the items in your hjt log that i posted on earlier?

[ + quote]

AndyLaz

Junior Member

12. July 2012 @ 22:27

Link to this message

Originally posted by aldan:
did you check repair on the items in your hjt log that i posted on earlier?

Yes , the items checked were deleted . I may have to have this looked at by my local computer shop . Do you think I should try another anti- virus ?

[ + quote]

JST1946

Senior Member

12. July 2012 @ 23:22

Link to this message

Have you tried any programs like AD-Aware or Malwarebytes?Just make sure you do an update to them before you run them.

[ + quote]

20 Year U.S.Army Veteran.Vietnam 1969-1972 101st Abn.Div.

This message has been edited since posting. Last time this message was edited on 12. July 2012 @ 23:24

aldan

Senior Member

13. July 2012 @ 00:11

Link to this message

try one more time.run hjt and check fix the following.

O2 - BHO: BHO_PROJECT - {47CEEE9C-3B9B-492C-95CA-1AC3A99D154C} - (no file)

after doing this run hjt and post another log.

[ + quote]

AndyLaz

Junior Member

23. July 2012 @ 19:36

Link to this message

Originally posted by aldan:
try one more time.run hjt and check fix the following.

O2 - BHO: BHO_PROJECT - {47CEEE9C-3B9B-492C-95CA-1AC3A99D154C} - (no file)

after doing this run hjt and post another log.

Hi , I know it's been 11 days since I last posted because I uninstalled Mozilla Firefox and changed to Google Chrome and installed Avast anti-virus free and wanted to see how this worked and everything's moving along much better now . No more script messages and 1 Trojan found and quarantined with Avast . Thanks for the help .

[ + quote]

aldan

Senior Member

24. July 2012 @ 03:35

Link to this message

Originally posted by AndyLaz:

Originally posted by aldan:
try one more time.run hjt and check fix the following.

O2 - BHO: BHO_PROJECT - {47CEEE9C-3B9B-492C-95CA-1AC3A99D154C} - (no file)

after doing this run hjt and post another log.
Hi , I know it's been 11 days since I last posted because I uninstalled Mozilla Firefox and changed to Google Chrome and installed Avast anti-virus free and wanted to see how this worked and everything's moving along much better now . No more script messages and 1 Trojan found and quarantined with Avast . Thanks for the help .

right on.good to know you got it working again.cheers

[ + quote]

Start a new thread

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > problem with viruses , please help


		User name	Password

		Not registered yet? Register here. Lost your password? Click here.