We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Virus help! And also can't delete AVG free edition??!
DEBTMONKEY1A
Posts: 1,496 Forumite
in Techie Stuff
Hi all,
Have eight virus's/malware etc that I can't shift! Initially I had some sort of virus whereby if I did a google search when I clicked on one of the search results it would bring me up a completely different page or an advert??!!
Anyway, after doing a bit of web research (& after running avg & a2 squared-no virus's found) I tried combifix (reccomended as being 'hard-core' in rooting out trojans/malware etc), also intstalled & ran superantispyware free edition, malwarebytes anti-malware & TRIED to uninstall AVG & have replaced this with avira antivirus. Also installed & ran latest version of spybot.
Malwarebytes picked up a few, spybot one nasty & superspyware a few too.
Again on the advice of one of the forums tried a second on-line scanner (did kasperspy after ran all above & came back completely clean!)-panda & got TWELVE virus's! Posted log below.
Also have tried to uninstall AVG (no longer runnung as disabled it on startup with winpatrol) but I keep getting this error message (& I know/think it inteferes with the new antivrus-avira?).
Local machine: installation failed
Installation:
Error: Action failed for file avi7.avg: creating backup....
Error 0x80070020 %DESTINATION% = "C:\WINDOWS\System32\Drivers\Avg\avi7.avg.install_backup", %SOURCE% = "C:\WINDOWS\System32\Drivers\Avg\avi7.avg"
Error 0x80004004
Please also see below log for panda scan. If anyone can help can you reply in relatively 'newbie' terminolagy???! I'm getting better but not an expert! Thanks for taking the time to help me!
Panda log below
;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-05-18 17:01:45
PROTECTIONS: 2
MALWARE: 6
SUSPECTS: 4
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Anti-Virus Free 8.5 Yes Yes
AntiVir Desktop 9.0.1.26 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00034463 adware/wupd Adware No 0 Yes No c:\program files\windows controlad
00055522 Eicar.Mod Virus No 0 No No C:\Program Files\PestPatrol\Help.chm[/HowCanITestDetection.html]
00132710 dialer.xd Dialers No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF3F0F03-0F01-131A-A3F9-08F02B23E0CC}
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\chris adams\Local Settings\Temp\Cookies\chris [EMAIL="adams@statcounter"]adams@statcounter[/EMAIL][1].txt
00921467 W32/Virutas.C Virus No 1 No No C:\Documents and Settings\chris adams\Desktop\SmitfraudFix\404Fix.exe
00921467 W32/Virutas.C Virus No 1 No No C:\Documents and Settings\chris adams\Desktop\ISO\SmitfraudFix\404Fix.exe
03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\Program Files\a-squared Free\Quarantine\B7D819023899FB342F7FE7E68325D65628288A8D.a2q[Program Files/Disk Checker/uninstall.exe]
03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\Program Files\a-squared Free\Quarantine\036603CEC6FA1CCF57612A442624BC5B0DF7C23D.a2q[Program Files/Disk Checker/update.exe]
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No C:\Documents and Settings\chris adams\Desktop\ISO\QWEETY.exe[32788R22FWJFW\n.com]
No C:\Documents and Settings\chris adams\Desktop\ISO\QWEETY.exe[32788R22FWJFW\NirCmd.cfexe]
No C:\Program Files\DVDFab 5\CrashRpt.dll
No C:\WINDOWS\NIRCMD.exe
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================
Have eight virus's/malware etc that I can't shift! Initially I had some sort of virus whereby if I did a google search when I clicked on one of the search results it would bring me up a completely different page or an advert??!!
Anyway, after doing a bit of web research (& after running avg & a2 squared-no virus's found) I tried combifix (reccomended as being 'hard-core' in rooting out trojans/malware etc), also intstalled & ran superantispyware free edition, malwarebytes anti-malware & TRIED to uninstall AVG & have replaced this with avira antivirus. Also installed & ran latest version of spybot.
Malwarebytes picked up a few, spybot one nasty & superspyware a few too.
Again on the advice of one of the forums tried a second on-line scanner (did kasperspy after ran all above & came back completely clean!)-panda & got TWELVE virus's! Posted log below.
Also have tried to uninstall AVG (no longer runnung as disabled it on startup with winpatrol) but I keep getting this error message (& I know/think it inteferes with the new antivrus-avira?).
Local machine: installation failed
Installation:
Error: Action failed for file avi7.avg: creating backup....
Error 0x80070020 %DESTINATION% = "C:\WINDOWS\System32\Drivers\Avg\avi7.avg.install_backup", %SOURCE% = "C:\WINDOWS\System32\Drivers\Avg\avi7.avg"
Error 0x80004004
Please also see below log for panda scan. If anyone can help can you reply in relatively 'newbie' terminolagy???! I'm getting better but not an expert! Thanks for taking the time to help me!
Panda log below
;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-05-18 17:01:45
PROTECTIONS: 2
MALWARE: 6
SUSPECTS: 4
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Anti-Virus Free 8.5 Yes Yes
AntiVir Desktop 9.0.1.26 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00034463 adware/wupd Adware No 0 Yes No c:\program files\windows controlad
00055522 Eicar.Mod Virus No 0 No No C:\Program Files\PestPatrol\Help.chm[/HowCanITestDetection.html]
00132710 dialer.xd Dialers No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF3F0F03-0F01-131A-A3F9-08F02B23E0CC}
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\chris adams\Local Settings\Temp\Cookies\chris [EMAIL="adams@statcounter"]adams@statcounter[/EMAIL][1].txt
00921467 W32/Virutas.C Virus No 1 No No C:\Documents and Settings\chris adams\Desktop\SmitfraudFix\404Fix.exe
00921467 W32/Virutas.C Virus No 1 No No C:\Documents and Settings\chris adams\Desktop\ISO\SmitfraudFix\404Fix.exe
03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\Program Files\a-squared Free\Quarantine\B7D819023899FB342F7FE7E68325D65628288A8D.a2q[Program Files/Disk Checker/uninstall.exe]
03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\Program Files\a-squared Free\Quarantine\036603CEC6FA1CCF57612A442624BC5B0DF7C23D.a2q[Program Files/Disk Checker/update.exe]
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No C:\Documents and Settings\chris adams\Desktop\ISO\QWEETY.exe[32788R22FWJFW\n.com]
No C:\Documents and Settings\chris adams\Desktop\ISO\QWEETY.exe[32788R22FWJFW\NirCmd.cfexe]
No C:\Program Files\DVDFab 5\CrashRpt.dll
No C:\WINDOWS\NIRCMD.exe
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================
0
Comments
-
Anyone? ....0
-
Download AVG Remover from here
This will tidy up the un-install of AVG, then you may be able to run your new AV.0 -
You shouldnt just run combofix on a whim.
Uninstall Avira
Uninstall AVG (if it wont then REINSTALL avg THEN uninstall)
Use the AVG removal tool
Reinstall Avira
Please open malwarebytes, goto LOGS and post the WHOLE of the last log
Please goto C drive and find COMBOFIX.TXT and post the entire log
then reboot and ~
Download HIJACK THIS (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_hijackthis/
Click DO A SCAN AND SAVE A LOGFILE (Takes seconds) then post the log so we can see whats running
(do NOT do anything else with Hijack but scan and post the FULL log):idea:0 -
I'd try out Avira AntiRootkit Tool - you'll have to copy and paste the link and replace 'DOT' with '.' because it won't let me post links yet because I'm new:
wwwDOTfree-av.com/en/products/4/avira_antirootkit_tool.html
That's a pretty hardcore tool, so before that, I'd try this new free AV from Sophos - I've just found it and been telling everyone to check it out. Sophos usually only sells business software, so this is a good chance to get some professional software a go without paying.
wwwDOTsophos.com/newtool/betatest/
You'll need to click on the English version link.
Would be interesting to know how it goes. Another good tool is 'CCleaner' - prob won't help clean up the infection, but is a good free tool to keep your computer running smoothly.0 -
Thanks for replies! JONM-already use ccleaner-great tool! Will not try antirootkit YET as does seem a bit 'hard-core' for someone with my limited experience. Sophos looks interesting-will have a look later.
Managed to uninstall AVG & have re-installed & updated avira. Not run any scanners today yet.
Malwarebytes log
Malwarebytes' Anti-Malware 1.36
Database version: 2146
Windows 5.1.2600 Service Pack 3
18/05/2009 11:32:37
mbam-log-2009-05-18 (11-32-37).txt
Scan type: Full Scan (C:\|)
Objects scanned: 128097
Time elapsed: 1 hour(s), 44 minute(s), 45 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{4ED1FC0D-CA73-46E3-AA12-1DC25AE478B4}\RP1712\A0206212.vxd (Rogue.SysCleanerPro) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4ED1FC0D-CA73-46E3-AA12-1DC25AE478B4}\RP1712\A0206213.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4ED1FC0D-CA73-46E3-AA12-1DC25AE478B4}\RP1712\A0206214.VXD (Adware.WinButler) -> Quarantined and deleted successfully.
COMBOFIX LOG
ComboFix 09-05-16.05 - chris adams 17/05/2009 16:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.631.438 [GMT 1:00]
Running from: c:\docume~1\CHRISA~1\Desktop\ISO\QWEETY.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\CHRISA~1\LOCALS~1\Temp\{902E47C2-9390-4D01-A20E-5BF8F6610399}\{A899DA1F-D626-401C-8651-F2921E3B4CB3}\IconHacker.exe
c:\documents and settings\chris adams\Local Settings\Temp\{902E47C2-9390-4D01-A20E-5BF8F6610399}\{A899DA1F-D626-401C-8651-F2921E3B4CB3}\IconHacker.exe
c:\documents and settings\chris adams\My Documents\My Documents.url
c:\documents and settings\chris adams\My Documents\My Music\My Music.url
c:\documents and settings\chris adams\My Documents\My Videos\My Video.url
C:\WA6P
c:\windows\box boat blue.ico
c:\windows\regedit.com
c:\windows\system32\158117
c:\windows\system32\drivers\gxvxcuxvypafvaswrtuwyksiexjlnqlolepyb.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcgyfrqftpuyrvkiasiqxumbpjpdwmtfol.dll
c:\windows\system32\skinboxer43.dll
c:\windows\system32\stera.log
c:\windows\system32\taskmgr.com
c:\windows\system32\tmp.reg
c:\windows\system32\uninstall.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
\Service_GXVXCSERV.SYS
\Legacy_FOPN
\Legacy_ZESOFT
((((((((((((((((((((((((( Files Created from 2009-04-17 to 2009-05-17 )))))))))))))))))))))))))))))))
.
2009-05-17 12:34 . 2009-05-17 12:34
dc----w c:\documents and settings\chris adams\Application Data\Birdstep Technology
2009-05-17 12:33 . 2007-05-28 17:00 10240
w c:\windows\system32\drivers\mdvrmng.sys
2009-05-17 12:33 . 2008-03-16 12:47 872192 ----a-w c:\windows\system32\drivers\mod7700.sys
2009-05-17 12:33 . 2008-01-22 13:09 100992 ----a-w c:\windows\system32\drivers\ewusbnet.sys
2009-05-17 12:33 . 2008-03-17 09:56 103168 ----a-w c:\windows\system32\drivers\ewusbfake.sys
2009-05-17 12:33 . 2008-03-17 09:03 101376 ----a-w c:\windows\system32\drivers\ewusbmdm.sys
2009-05-17 12:33 . 2007-08-09 02:13 24448 ----a-w c:\windows\system32\drivers\ewdcsc.sys
2009-05-17 12:32 . 2009-05-17 12:32 76118 ----a-w c:\windows\Huawei ModemsUninstall.exe
2009-05-17 12:32 . 2009-05-17 12:32
d
w c:\program files\Huawei Modems
2009-05-17 10:14 . 2009-05-17 10:14
d
w c:\program files\AntiTwin
2009-05-17 09:12 . 2009-05-17 09:12 4 -c--a-w C:\WINDOWSRegDefrag.dat
2009-05-17 09:07 . 2009-05-17 09:07
dc----w c:\documents and settings\chris adams\Application Data\Systweak
2009-05-17 09:00 . 2009-05-17 09:00
d
w c:\program files\Advanced System Optimizer
2009-05-17 08:39 . 2009-05-17 08:42
dc----w c:\documents and settings\All Users\Application Data\DriverScanner
2009-05-17 08:39 . 2009-05-17 08:39
dc----w c:\documents and settings\chris adams\Application Data\Uniblue
2009-05-17 08:39 . 2009-05-17 08:39
d
w c:\program files\Uniblue
2009-05-17 08:37 . 2009-05-17 08:39
dc-h--w c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-05-17 08:13 . 2009-05-17 08:13
dc----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-17 08:11 . 2009-05-17 13:38
d
w c:\program files\SUPERAntiSpyware
2009-05-17 08:11 . 2009-05-17 08:11
dc----w c:\documents and settings\chris adams\Application Data\SUPERAntiSpyware.com
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-17 15:12 . 2004-12-03 19:24
d
w c:\program files\Spybot - Search & Destroy
2009-05-17 15:12 . 2004-11-24 14:51
d--h--w c:\program files\InstallShield Installation Information
2009-05-17 10:41 . 2009-01-26 12:13
d
w c:\program files\isposure
2009-05-17 10:22 . 2006-08-06 12:06
d
w c:\program files\a-squared Free
2009-05-17 09:49 . 2007-01-30 14:03
d
w c:\program files\PestPatrol
2009-05-17 09:49 . 2006-04-29 08:12
d
w c:\program files\FlightScanner
2009-05-17 09:49 . 2005-03-25 12:47
d
w c:\program files\UFly4Less
2009-05-17 09:49 . 2004-12-13 17:18
d
w c:\program files\Email Automator
2009-05-17 09:49 . 2006-10-17 17:36
d
w c:\program files\GoldWave
2009-05-17 09:49 . 2006-08-27 14:25
d
w c:\program files\SSC Service Utility
2009-05-17 09:49 . 2006-01-03 16:49
d
w c:\program files\NetSupport Manager
2009-05-17 09:49 . 2004-11-25 01:53
d
w c:\program files\Free History Eraser
2009-05-17 09:11 . 2009-05-17 09:11 36864 ----a-w c:\windows\system32\ROF97F.tmp
2009-05-17 08:11 . 2008-10-15 08:52
d
w c:\program files\Common Files\Wise Installation Wizard
2009-05-17 07:26 . 2004-11-25 01:54 4212 -c-ha-w c:\windows\system32\zllictbl.dat
2009-05-17 07:09 . 2004-11-25 03:32
d
w c:\program files\CCleaner
2009-05-12 08:52 . 2009-01-30 11:17 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-12 08:52 . 2009-01-30 11:17 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-12 08:52 . 2009-01-30 11:17 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-03-06 14:22 . 2003-03-31 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-20 08:10 . 2004-08-24 04:32 666112 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:10 . 2004-11-25 21:02 81920 ----a-w c:\windows\system32\ieencode.dll
2006-11-04 19:44 . 2006-11-04 19:44 0 -c--a-w c:\program files\Common Files\err.log
2007-06-19 21:58 . 2007-06-19 21:56 80 -csh--r c:\windows\system32\DD6EF5A57D.dll
2006-05-03 10:06 . 2007-01-23 14:12 163328 -csha-r c:\windows\system32\flvDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2009-05-07 1561840]
"PopUpStopperFreeEdition"="c:\progra~1\PANICW~1\POP-UP~2\PSFree.exe" [2003-04-29 524288]
"Free Internet Eraser"="c:\program files\PrivacyEraser Computing\Free Internet Eraser\InternetEraser.exe" [2004-04-18 523776]
"SPSTEALT"="c:\program files\Free History Eraser\HistoryEraser.exe" [2004-11-25 327680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2007-10-26 292152]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Update Agent.lnk - c:\program files\3\3Connect\AutoUpdateSrv.exe [2009-5-17 479232]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-12 08:52 11952 ----a-w c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera\0lsdelete
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\NetSupport Manager\\client32.exe"=
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [30/01/2009 12:17 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [14/05/2009 14:22 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [14/05/2009 14:22 72944]
R2 mdvrmng;Mobile IP Route Manager;c:\windows\system32\drivers\mdvrmng.sys [17/05/2009 13:33 10240]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [30/01/2009 12:17 325896]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [30/01/2009 12:16 298776]
S2 isposure_svc;IsposureAgent;c:\program files\isposure\IsposureAgent.exe [23/10/2008 09:43 729088]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [14/05/2009 14:22 7408]
.
Contents of the 'Scheduled Tasks' folder
2009-05-17 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-25 22:18]
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{4FDDEB42-B849-4CBB-88D2-6D365CB942AC} - (no file)
.
Supplementary Scan
.
uStart Page = hxxp://news.sky.com/skynews/home
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-17 16:30
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(520)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
- - - - - - - > 'explorer.exe'(244)
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\program files\Free History Eraser\sphook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Other Running Processes
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\progra~1\NETSUP~1\client32.exe
c:\windows\system32\WebUpdateSvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-05-17 16:33 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-17 15:32
Pre-Run: 17,066,008,576 bytes free
Post-Run: 17,161,707,520 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
183 --- E O F --- 2009-05-16 08:15
HIJACK THIS LOG AFTER RE-BOOT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:01:50, on 19/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\PROGRA~1\NETSUP~1\client32.exe
C:\WINDOWS\system32\WebUpdateSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe
C:\Program Files\Free History Eraser\HistoryEraser.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\3\3Connect\AutoUpdateSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.sky.com/skynews/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe"
O4 - HKCU\..\Run: [Free Internet Eraser] C:\Program Files\PrivacyEraser Computing\Free Internet Eraser\InternetEraser.exe /Startup
O4 - HKCU\..\Run: [SPSTEALT] "C:\Program Files\Free History Eraser\HistoryEraser.exe" /stealt
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Update Agent.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Client32 - NetSupport Ltd - C:\PROGRA~1\NETSUP~1\client32.exe
O23 - Service: IsposureAgent (isposure_svc) - Epitiro Ltd. - C:\Program Files\isposure\IsposureAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Web Update Service by Data Perceptions (WebUpdate) - Data Perceptions - C:\WINDOWS\system32\WebUpdateSvc.exe
O24 - Desktop Component 0: (no name) - (no file)
--
End of file - 4664 bytes
Thanks guys! Hope you can help? Will be in & out today but will check for replies every hour or so. THANKS AGAIN!0 -
Im concerned about files like this ~
c:\windows\system32\drivers\ewusbfake.sys. But it was made on 2008-03-17. So if they ARE nasty, then youve been infected for quite a while
TICK these in hijack and FIX them ~
C:\WINDOWS\system32\WebUpdateSvc.exe
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O23 - Service: Web Update Service by Data Perceptions (WebUpdate) - Data Perceptions - C:\WINDOWS\system32\WebUpdateSvc.exe
You might also wanna uninstall 'isposure' as when I googled it, it appears to cause a few problems
Run CCLEANER again to clean out the TEMP files as im under the impression some are still infected
Run LSPFIX
Then id suggest updating and running a FULL scan with Avira:idea:0 -
Im concerned about files like this ~
c:\windows\system32\drivers\ewusbfake.sys. But it was made on 2008-03-17. So if they ARE nasty, then youve been infected for quite a while
TICK these in hijack and FIX them ~
C:\WINDOWS\system32\WebUpdateSvc.exe
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O23 - Service: Web Update Service by Data Perceptions (WebUpdate) - Data Perceptions - C:\WINDOWS\system32\WebUpdateSvc.exe
You might also wanna uninstall 'isposure' as when I googled it, it appears to cause a few problems
Run CCLEANER again to clean out the TEMP files as im under the impression some are still infected
Run LSPFIX
Then id suggest updating and running a FULL scan with Avira
Hi Alienrick, firstly can't uninstall ispsure-get an error message. Googled & apparenly a common problem. I suppose i could open up the programme file in the 'c' drive & delete the contents or is that not the best idea??!
The entries you asked me to tick & delete in hijack this-did them all except the 1st one (I highlighted it in red at top of this post). Maybe i need glasses but can't see it in the new hijack this log (after other items deleted) which is below?
Also in the log below I notice that entry 023-Service:web update is STILL THERE??!
Will update this post in an hour or so after Avira /ccleaner & lspfix run-will re-boot before I run Avira.
Again-thanks for your help.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:15, on 19/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\PROGRA~1\NETSUP~1\client32.exe
C:\WINDOWS\system32\WebUpdateSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe
C:\Program Files\Free History Eraser\HistoryEraser.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\3\3Connect\AutoUpdateSrv.exe
C:\Program Files\3\3Connect\Wilog.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.sky.com/skynews/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe"
O4 - HKCU\..\Run: [Free Internet Eraser] C:\Program Files\PrivacyEraser Computing\Free Internet Eraser\InternetEraser.exe /Startup
O4 - HKCU\..\Run: [SPSTEALT] "C:\Program Files\Free History Eraser\HistoryEraser.exe" /stealt
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Update Agent.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F323F089-1491-468F-93D8-4CAAEEFDD0EC}: NameServer = 195.27.1.1 141.1.1.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Client32 - NetSupport Ltd - C:\PROGRA~1\NETSUP~1\client32.exe
O23 - Service: IsposureAgent (isposure_svc) - Epitiro Ltd. - C:\Program Files\isposure\IsposureAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Web Update Service by Data Perceptions (WebUpdate) - Data Perceptions - C:\WINDOWS\system32\WebUpdateSvc.exe
O24 - Desktop Component 0: (no name) - (no file)
--
End of file - 4526 bytes0 -
DEBTMONKEY1A wrote: »Hi Alienrick, firstly can't uninstall ispsure-get an error message. Googled & apparenly a common problem. I suppose i could open up the programme file in the 'c' drive & delete the contents or is that not the best idea??!
The entries you asked me to tick & delete in hijack this-did them all except the 1st one (I highlighted it in red at top of this post). Maybe i need glasses but can't see it in the new hijack this log (after other items deleted) which is below?
Also in the log below I notice that entry 023-Service:web update is STILL THERE??!
Will update this post in an hour or so after Avira /ccleaner & lspfix run-will re-boot before I run Avira.
Again-thanks for your help.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:15, on 19/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\PROGRA~1\NETSUP~1\client32.exe
C:\WINDOWS\system32\WebUpdateSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe
C:\Program Files\Free History Eraser\HistoryEraser.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\3\3Connect\AutoUpdateSrv.exe
C:\Program Files\3\3Connect\Wilog.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.sky.com/skynews/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: IEPlugin Class - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe"
O4 - HKCU\..\Run: [Free Internet Eraser] C:\Program Files\PrivacyEraser Computing\Free Internet Eraser\InternetEraser.exe /Startup
O4 - HKCU\..\Run: [SPSTEALT] "C:\Program Files\Free History Eraser\HistoryEraser.exe" /stealt
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Update Agent.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F323F089-1491-468F-93D8-4CAAEEFDD0EC}: NameServer = 195.27.1.1 141.1.1.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Client32 - NetSupport Ltd - C:\PROGRA~1\NETSUP~1\client32.exe
O23 - Service: IsposureAgent (isposure_svc) - Epitiro Ltd. - C:\Program Files\isposure\IsposureAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Web Update Service by Data Perceptions (WebUpdate) - Data Perceptions - C:\WINDOWS\system32\WebUpdateSvc.exe
O24 - Desktop Component 0: (no name) - (no file)
--
End of file - 4526 bytes
ive highlighted it:idea:0 -
leave ispsure alone for now. If you just remove it the net may fail alltogether:idea:0
-
Alienrik....when hijack this finishes scanning & gives you boxes to tick the 1st 'box' is 'r0' ......none of the 'running processes' such as the one we're looking for have boxes next to them??
I've just done it again-and theres DEFFO no box to tick???!
Also-any ideas why '023 the web update by data perceptions' is still there after re-boot??
Will post the avira log (if i can!) once scanned. Are there any other scanners (apart from one's I've got-spybot/avira/a2squared/superantspyware/malwarebytes) I should try (remember panda showed me 12 nasties even after other scans!)...not that I'm paranoid (!).
How often should I run the above?
Will post avira log soon.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.1K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.2K Spending & Discounts
- 245.2K Work, Benefits & Business
- 600.8K Mortgages, Homes & Bills
- 177.5K Life & Family
- 259K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards