|
|
|
Windows Errors Attack
|
|
|
akmon911
Newbie
|
15. April 2009 @ 18:30 |
Link to this message
|
i've followed the steps here:
http://forums.afterdawn.com/thread_view.cfm/671553
I've done steps 1,3,4,5. (read below for #2)
I just had a major virus attack, which i managed to clear after scanning using AVG. However i'm left with a few problems which i'm unable to fix.
1# I'm unable to complete Step #2 on the above link as i'm unable to connect to sites such as: Kapsersky WebSacanner, Symantec, Trend Micro HouseCall, etc.
2# I'm unable to preform a system restore, no matter how many times i click the next button it wont work.
3# I recieve a popup message from the icon tray stating: The file or directory C:\WINDOWS\System32\Drivers\restore.sys is corrupt and unreadable. Please run Chkdsk Utility.
4# I'm unable to run Chkdsk Utility on drive C: as i'm given the error: Disk Defragmenter has detected that Chkdsk is scheduled to run on the volume: (C:). Please run Chkdsk /f. (which i've done and still have this problem).
5# I'm unable to start the Error-checking Tool, i receive a error: Windows was unable to complete the disk check.
6# I keep receiving Internet Explorer crashes, even though i haven't launched it.
----------------- Hijack This Log ----------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:26:02, on 15/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\3361\SVCHOST.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MioNet\MioNetManager.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\MioNet\jvm\bin\MioNet.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Admin\reader_s.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Xfire\Xfire.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\5.tmp
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\6.tmp
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\services.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 3\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\Admin\LOCALS~1\Temp\995042894.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\svchost.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {c0a148e3-b5d6-4119-8ea9-ce2877231186} - C:\WINDOWS\system32\kijanufu.dll
O2 - BHO: C:\WINDOWS\system32\zfgh83jg3.dll - {D5BF49A0-94F3-42BD-F434-3604812C8955} - C:\WINDOWS\system32\zfgh83jg3.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [svchost.exe] "C:\WINDOWS\system32\3361\SVCHOST.exe"
O4 - HKLM\..\Run: [Rburowowo] rundll32.exe "C:\WINDOWS\ogaxifokelod.dll",e
O4 - HKLM\..\Run: [vuwebiyoye] Rundll32.exe "C:\WINDOWS\system32\wigofota.dll",s
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [6079846b] rundll32.exe "C:\WINDOWS\system32\devudaza.dll",b
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MioNet] C:\Program Files\MioNet\MioNetLauncher.exe /p
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKLM\..\Run: [CPM634ab7f7] Rundll32.exe "c:\windows\system32\mafiyeso.dll",a
O4 - HKLM\..\RunOnce: [svchost.exe] "C:\WINDOWS\system32\3361\SVCHOST.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [] C:\DOCUME~1\Admin\LOCALS~1\Temp\f0ukpmqkb.exe
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Admin\reader_s.exe
O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\Admin\LOCALS~1\Temp\995042894.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [vuwebiyoye] Rundll32.exe "C:\WINDOWS\system32\wigofota.dll",s (User '?')
O4 - HKUS\S-1-5-21-796845957-1303643608-1801674531-1003\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User '?')
O4 - HKUS\S-1-5-21-796845957-1303643608-1801674531-1003\..\Run: [] C:\DOCUME~1\Admin\LOCALS~1\Temp\f0ukpmqkb.exe (User '?')
O4 - HKUS\S-1-5-21-796845957-1303643608-1801674531-1003\..\Run: [reader_s] C:\Documents and Settings\Admin\reader_s.exe (User '?')
O4 - HKUS\S-1-5-21-796845957-1303643608-1801674531-1003\..\Run: [Diagnostic Manager] C:\DOCUME~1\Admin\LOCALS~1\Temp\995042894.exe (User '?')
O4 - HKUS\S-1-5-21-796845957-1303643608-1801674531-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\alu4ahf.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [] C:\WINDOWS\TEMP\alu4ahf.exe (User 'Default user')
O4 - S-1-5-21-796845957-1303643608-1801674531-1003 Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (User '?')
O4 - S-1-5-18 Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (User '?')
O4 - .DEFAULT Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspkcu.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...b?1212323504049
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O20 - AppInit_DLLs: mjuort.dll vghyeo.dll c:\progra~1\ThunMail\testabd.dll C:\WINDOWS\system32\fenedemu.dll c:\windows\system32\mafiyeso.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\mafiyeso.dll
O22 - SharedTaskScheduler: jkxg983iksnf934uitmgs3gt - {B2BA40A2-74F3-42BD-F434-2604812C8954} - C:\WINDOWS\system32\hsf73ikmdf3f.dll
O22 - SharedTaskScheduler: lkjf9873jhifjnsfi8w3fe - {D5BF49A0-94F3-42BD-F434-3604812C8955} - C:\WINDOWS\system32\zfgh83jg3.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\mafiyeso.dll
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: COM+ System Application (COMSysApp) - Unknown owner - C:\WINDOWS\system32\dllhost.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: MioNet - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe (file missing)
O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINDOWS\system32\msiexec.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: QoS RSVP (RSVP) - Unknown owner - C:\WINDOWS\system32\rsvp.exe (file missing)
O23 - Service: Smart Card (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - Unknown owner - C:\WINDOWS\system32\dllhost.exe (file missing)
O23 - Service: Performance Logs and Alerts (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe (file missing)
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
--
End of file - 10079 bytes
|
|
Advertisement
|
|
|
|
AfterDawn Addict
|
16. April 2009 @ 00:12 |
Link to this message
|
Hi akmon911,
This is the largest collection of Trojans/Malware/Backdoors/Worms/Spyware that I have seen in years. There is NO AntiVirus and NO Firewall, if the windows firewall is turned on it is probably disabled?
My best assessment would be to Re-Formal/Re-Install your OS?..
If you don?t have the means or ability to do that, I can assist you in trying to clean it..
That will take some time, I will give it my best shot, but is NOT guaranteed to solve All the problems?
Let me know what you decide?.
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
Thesaint2
Newbie
|
16. April 2009 @ 06:03 |
Link to this message
|
i had my friend create this thread for me earlier, i'm currently running virus/spyware scanner to try clean up the computer.
Scanning With:
Malwarebyte, Avast, Spybot Search And Destroy, SuperAntiSpyware, and currently scanning with Avira & Google Updater (which include a spyware doctor). (recomended by a friend)
I know i may have to re-install os, but i'm attempting to clear up before i do, and too keep this as a last resort.
Are there any other clean up steps i could take?
And if i do re-install OS what scanners/firewalls are recomended that i install?
thank you for your quick reply.
J
This message has been edited since posting. Last time this message was edited on 16. April 2009 @ 06:18
|
AfterDawn Addict
|
20. April 2009 @ 22:49 |
Link to this message
|
Thesaint2,
Hey, sorry for the delay, I?ve been out of town and pretty busy??. : )
If you intend to re-install your OS, I wouldn?t even bother with trying to clean it.
When you re-install, I?ll recommend 3 programs to keep you on the clean side..
Avira Antivir ? free
Comodo BoClean ? Free
SpywareBlaster ? Free
I have tested and used these for years and they work!
If you decide you want to clean it, just let me know and post some logs.
I?ll lend as much help as I can..
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
Thesaint2
Newbie
|
25. April 2009 @ 18:47 |
Link to this message
|
Sorry for the late reply, i've re-installed Windows and its seemed to have fixed all the errors, however 1-2 weeks later i noticed that my windows firewall kept turning off even though i turned it back on, i hope that this isn't another attack.
Heres my new Hijack this list:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:47:04 PM, on 4/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\xnev.exe
C:\Program Files\Xfire\Xfire.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Downloads\Software\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\lsass.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://atlantica.ndoorsgames.com/
O2 - BHO: C:\WINDOWS\system32\sjg9s8guigjs.dll - {b2ba40a2-74f0-42bd-f434-12345a2c8953} - C:\WINDOWS\system32\sjg9s8guigjs.dll
O2 - BHO: (no name) - {C471F537-5D60-4C5B-AE21-652ADE3C8ACF} - c:\windows\system32\ttsnlje.dll
O4 - HKLM\..\Run: [3501] C:\xnev.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - S-1-5-18 Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\dopifadi.dll,c:\progra~1\ThunMail\testabd.dll
O20 - Winlogon Notify: tovaozxu - C:\WINDOWS\SYSTEM32\ttsnlje.dll
O22 - SharedTaskScheduler: jso8joigm409gopgmrlgd - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\sjg9s8guigjs.dll
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
--
End of file - 4258 bytes
Thanks for your help
|
|
Advertisement
|
|
|
AfterDawn Addict
|
26. April 2009 @ 12:45 |
Link to this message
|
You are infected again?
Here is my analysis of your Log:
c:\lsass.exe BACKDOOR ADDED BY Troj/DwnLdr-GWE
O2 - BHO: C:\WINDOWS\system32\sjg9s8guigjs.dll - {b2ba40a2-74f0-42bd-f434-12345a2c8953} - C:\WINDOWS\system32\sjg9s8guigjs.dll ROGUE SECURITY PROGRAM
O2 - BHO: (no name) - {C471F537-5D60-4C5B-AE21-652ADE3C8ACF} - c:\windows\system32\ttsnlje.dll UNKNOWN TROJAN
O20 - AppInit_DLLs: C:\WINDOWS\system32\dopifadi.dll,c:\progra~1\ThunMail\testabd.dll WORM
O20 - Winlogon Notify: tovaozxu - C:\WINDOWS\SYSTEM32\ttsnlje.dll UNKNOWN TROJAN
O22 - SharedTaskScheduler: jso8joigm409gopgmrlgd - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\sjg9s8guigjs.dll FRAUDULENT SECRUITY PROGRAM
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\ ??? PROBABLY MESSING UP YOUR UPDATES
I don?t see an AntiVirus or an Anti Trojan like BoClean. MalwareBytes is great for cleaning your machine but doesn?t really offer very good protection. I do not recommend Spy Sweeper, Spyware Doctor, Spybot, or Ad-Aware. At one time all of them were considered premier tools. A lot has changed over the years, as malware has become much more complex, and all of the aforementioned programs have inferior detection/removal capabilities compared to the newer tools. Please do not waste your time using them.
As I suggested; Avira Antivir, SpywareBlaster, Comodo BoClean and the windows firewall is just about the minimum protection you should have before going on the internet.
The unidentified Trojan that I see in your Log may be FWKillr. It will kill your firewall and allow More Trojans to enter and infect your machine. If you had installed BoClean, it would have stopped it and the other infections that you now have?
I?ll be off for a few days, so if you want to clean your machine, just give me a Go and I?ll work up a set of Fixes.. If you can follow my instructions and install the software that I?ll recommend you won?t have to come back for a very long time.. : )
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
