Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Monday 10.3.2025 / 19:15
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > hijackthis identified as a worm by avg anti-virus, help!
Show topics
 
Forums
Forums
HijackThis identified as a worm by AVG Anti-virus, Help!
  Jump to:
 
Posted Message
tmr250z
Account closed as per user's own request
_ 		8. September 2007 @ 09:28 _ Link to this message    Send private message to this user   
I'm on Windows XP SP2. Over the last two days, explorer.exe has been crashing every time I shutdown my computer. Then last night svchost.exe crashed, so I tried to run HijackThis and see what the problem was, but it wouldn't run, saying that windows could not run it. Then AVG pops up saying that HijackThis.exe is a worm (see pic below) and moves it to the virus vault.




So I turned off System restore, deleted all the restore points and rebooted in Safe Mode. I ran full scans of AVG Anti-virus, AVG Anti-Spyware, Ad-Aware SE, and Spybot Search & Destroy. They all came up clean, so I emptied the AVG vault and rebooted in normal mode.

But I'm sure there is something wrong. I heard that there is are virus or spyware that prevents HijackThis from running, so I'm wondering if that's what I got. I haven't tried downloading and running HijackThis again until I get a better understanding of what's going on.

Can someone help me out?
[ + quote]
bluecoal
Suspended due to non-functional email address
_ 		11. September 2007 @ 06:01 _ Link to this message    Send private message to this user   
Hi,

Maybe there was a false positive for some reason.

You can also delete your current copy and get a new one here:

http://www.bleepingcomputer.com/files/hijackthis.php

Although I am not sure about this, the impression that I had was that there is malware programmed to hide from the name hijackthis, not to actually infect the file.

After you have downloaded a fresh copy, rename it to scanner.exe or some other name of your choice and try running it that way.

You can also try this removal tool, Virtumonde is one of the things that will hide sometimes:
http://www.bleepingcomputer.com/forums/topic18610.html

Hope this helps.
bluecoal
[ + quote]
tmr250z
Account closed as per user's own request
_ 		11. September 2007 @ 07:47 _ Link to this message    Send private message to this user   
Okay, I think that was a false positive because yesterday I deleted it, uninstall AVG, installed Kaspersky Internet Security, scanned my computer and it didn't find anything.

But I followed you instructions anyway to make sure my comp was clean and the Vundo Fix and VirtumundoBegone logs came up as clean. I've posted them at the bottom so you can see for yourself. I also reinstalled HijackThis per your instructions, so could you have a look at it and make sure it's clean?


VundoFix V6.5.8

Checking Java version...

Scan started at 11:16:29 AM 9/11/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...




[09/11/2007, 11:25:01] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Owner\Desktop\VirtumundoBeGone.exe" )
[09/11/2007, 11:25:09] - Detected System Information:
[09/11/2007, 11:25:09] - Windows Version: 5.1.2600, Service Pack 2
[09/11/2007, 11:25:09] - Current Username: Owner (Admin)
[09/11/2007, 11:25:09] - Windows is in SAFE mode with Networking.
[09/11/2007, 11:25:09] - Searching for Browser Helper Objects:
[09/11/2007, 11:25:09] - BHO 1: {00011268-E188-40DF-A514-835FCD78B1BF} (IE7Pro BHO)
[09/11/2007, 11:25:09] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[09/11/2007, 11:25:09] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/11/2007, 11:25:09] - BHO 4: {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} (Loader Class)
[09/11/2007, 11:25:09] - Finished Searching Browser Helper Objects
[09/11/2007, 11:25:09] - Finishing up...
[09/11/2007, 11:25:09] - Nothing found! Exiting...



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:56 AM, on 9/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\RK Launcher\RKLauncher.exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\TClock\tclock.exe
C:\Program Files\YzShadow\YzShadow.exe
C:\Program Files\Avedesk\AVEDESK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gatewaybiz.com/
O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Loader Class - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - C:\Program Files\FindeXer Nightly V1.1.0.4-411\FindeXer.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [AVEDESK] "C:\Program Files\Avedesk\AVEDESK.EXE"
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Startup: RK Launcher.lnk = ?
O4 - Startup: Styler.lnk = ?
O4 - Startup: TClock.lnk = C:\Program Files\TClock\tclock.exe
O4 - Startup: YzShadow.lnk = C:\Program Files\YzShadow\YzShadow.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1184452671593
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

--
End of file - 5495 bytes
[ + quote]
Advertisement
_ 		__
 
_
bluecoal
Suspended due to non-functional email address
_ 		11. September 2007 @ 13:30 _ Link to this message    Send private message to this user   
The logs all look ok to me too.
[ + quote]
Related links
Download the latest version of HijackThis now!
 
Related forum topics Posts Last post Forum room
HijackThis 101 1 11. September 2013 Windows - Virus and spyware problems
Had Department of Justice money pack virus. Now computer is acting strange. Could someone take a look at my hijackthis log? 64 6. January 2013 Windows - Virus and spyware problems
ComboFix/HIJackThis Log Help 9 10. April 2012 Windows - Virus and spyware problems
Please review HiJackThis log and help 1 11. November 2011 Windows - Virus and spyware problems
HijackThis Log File! 3 27. June 2011 Windows - Virus and spyware problems
please help read hijackthis log 1 7. April 2011 Windows - Virus and spyware problems
HijackThis Log, Please Help ! 5 4. April 2011 Windows - Virus and spyware problems
HiJackThis log...pls help 1 2. April 2011 Windows - Virus and spyware problems
My Hijackthis log file, please help 2 20. February 2011 Windows - Virus and spyware problems
Malware help! hijackthis log provided. 6 29. September 2010 Windows - Virus and spyware problems

 
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > hijackthis identified as a worm by avg anti-virus, help!
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork