We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Trojan viruses
Options
Comments
-
Done all that including all Adobe, quicktime, sun java and clearcloud. Am I virus free and safe to go? _pale_
Here's the latest Hijack This log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:30:36, on 27/05/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\Common Files\AOL\1269802939\ee\aolsoftware.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sun\StarOffice 9\program\soffice.exe
C:\Program Files\Sun\StarOffice 9\program\soffice.bin
C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol\aol broadband toolbar 5.0\AolTbServer.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe
C:\Users\Jones\Downloads\HijackThis.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://medion.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost #[IPv6]
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Broadband Toolbar 5.0\aoltb.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: AOL Broadband Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Broadband Toolbar 5.0\aoltb.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1269802939\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: StarOffice 9.lnk = C:\Program Files\Sun\StarOffice 9\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol broadband toolbar 5.0\resources\en-GB\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4846BBA3-4987-403D-BFB4-04CAA89F5015}: NameServer = 74.118.212.1,74.118.212.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{4846BBA3-4987-403D-BFB4-04CAA89F5015}: NameServer = 74.118.212.1,74.118.212.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{4846BBA3-4987-403D-BFB4-04CAA89F5015}: NameServer = 74.118.212.1,74.118.212.2
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
--
End of file - 7711 bytes0 -
Oh you're likely to be virus free, just helping with general maintenance as a kindness
0 -
-
Last time I had a virus, the good people of this board helped me out and did some maintenance which helped a lot. The maintenance you have helped me with has speeder up my comp even more
Big huge thank you!!!!!!!!!!!!!!!!!!!!!!!!!!! :T 0 -
Oh Lordy! I've recently had one of these fake 'infected computer' screens appear with very dramatic graphics, flashing things like Virus Alert/Dangerous/Serious Threat and so forth across the screen and green lines darting from one side of the page to the other, just like a download graphic.
The page did look like a real windows page... but not quite, just a little fuzzy I thought. I clicked on the first grey box which asked something like .... 'Click here to delete' or some such, so, like a fool, I did - then another grey box appeared asking if I was sure as doing so may be harmful - or words to that effect. Getting a grip of the panic that had seized me I thought about it and realised that this was one of these fake Virus Alert things. In the absence of any real computer know-how and having identified it as something that was potentially harmful I resorted to using System Restore, taking the computer back 24 hours.
I have remained suspicious and been very cautious since, having done no banking, purchasing or anything like that. I've scanned the life outta the computer using my Trend Micro Security System and that's thrown up nothing of any concern whatsoever. So, may I ask.....
1) Did I do the right thing by going to a previously set System Restore point? Will that have taken the computer back to point prior to any potential infection and so erased the problem? Seems too easy a solution really - but I can only hope!
2) Can these bl***y viruses be picked up by Trend Micro or do I need to use another product, or battery of products, to establish whether or not the computer has been infected? Gawd help me if that's a yes!
3) Short of understanding the technical description of a virus or 'bad' file, assuming that I knew how & where to find such a thing, what signs might denote that the machine is in a dire state by ordinary, day to day usage (reading email/surfing etc..... nothing which involved banking or details of credit/debit cards & the like) that I should look out for... and if spotted be best advised to call in the experts?
I'm afraid I wouldn't be able to carry out the sort of techie stuff that the OP is clearly capable of .... I can only stand in awe of that sort of computer expertise & prowess!
Thanks in advance for any advice or pointers that you may be able to offer.... but if you think I should get an expert in, then so be it!
Cheers! AndyJ0 -
Follow the instructions we post. Its easy enough
1) Did I do the right thing by going to a previously set System Restore point? Will that have taken the computer back to point prior to any potential infection and so erased the problem? Seems too easy a solution really - but I can only hope!
2) Can these bl***y viruses be picked up by Trend Micro or do I need to use another product, or battery of products, to establish whether or not the computer has been infected? Gawd help me if that's a yes!
3) Short of understanding the technical description of a virus or 'bad' file, assuming that I knew how & where to find such a thing, what signs might denote that the machine is in a dire state by ordinary, day to day usage (reading email/surfing etc..... nothing which involved banking or details of credit/debit cards & the like) that I should look out for... and if spotted be best advised to call in the experts?
Download MALWAREBYTES (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_malwarebytes_anti_malware/
Open malwarebytes and goto UPDATE and click 'check for updates'. After its updated goto SCANNER and click PERFORM QUICK SCAN then click SCAN
Remove everything thats found (needs to be ticked)
Post the COMPLETE log here AFTER youve deleted everything it finds
If anything was found then do the exact same but run a FULL scan
reboot
Download HIJACK THIS (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_hijackthis/
Click MAIN MENU then DO A SYSTEM SCAN AND SAVE A LOGFILE(Takes seconds) then post the log so we can see whats running
(do NOT do anything else with Hijack but scan and post the FULL log)
If you get a message that you cant write to the hosts file then Press the SHIFT key, and whilst holding it RIGHT CLICK and select RUN AS (admin):idea:0 -
Thanks for this... however, I've downloaded the latest version - then updates... now a screen which says
FHSetup(1).exe
together with a warning saying 'Unidentified program wants access to your computer'
Allow - I know & Trust this publisher
or
Cancel?
Is this where I should be?0 -
(how do I do that?)Follow the instructions we post. Its easy enough
Download MALWAREBYTES (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_malwarebytes_anti_malware/
Open malwarebytes
I clicked on the link from your reply, then clicked on 'DOWNLOAD LATEST VERSION' (top right of screen) which took me to a page that said 'Your download will start automatically'.
At bottom left of this screen are two buttons - Save & Discard - together with the warning 'downloading this file may harm your computer'. Is this what I should be seeing? Ought I to click on Save, and if so what will happen next? Will doing that open Malwarebytes?
Sorry to be such an ignorant computer user but I have absolutely no clue about them..... just use them for day to day stuff and this incident is really worrying me! If you think I'm beyond help to DIY (with much hand holding!) fix this and should get someone in....... just tell me!0 -
The downloaded file should be called mbam-setup.exe. if it is, then download it then install it and carry as as instructed:idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.9K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.9K Work, Benefits & Business
- 598.8K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards