We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Help please - 800+ viruses!!! WTH...
Options
Comments
-
Jeff_Bridges_hair wrote: »The easiest solution is to try and fix it first with the tools available. And its really mainly the registry that has been changed here not an out and out supermentaltrojan virus.
Pretty much this Tia, I'd say Jeff Bridge's hair is correct on this.
The 'virus' you got did nothing serious other than some registry entries (which Malwarebytes fixed) and put some shortcuts/search links in.
Doing system restore will get rid of any other changes to your settings that the trojan may have done that Malwarebytes might have missed.
Running Hijackthis is just so we can see if anything else obvious stands out, but I don't anticipate anything other than just some general tips for speeding up the computer.
There's been plenty of times we've recommended a reinstall for some of the PCs that have gotten some serious rootkits, and this really isn't it.0 -
Some of these threads go on for weeks. Most AV products can't or don't try to undo all the damage, especially registry damage, excluding data backup, a factory restore takes 15 minutes and will probably result in a faster system.
From the old log, avg9 was out of date (avast is better), and adaware/spybot will be slowing the machine down with little benefit!!
> . !!!! ----> .0 -
...Windows takes what, 30 minutes to install?
Rather spend 30 minutes doing that, installing my programs again and have piece of mind than messing around "fixing" files.
And then all the correct drivers (because Windows thinks it knows best :rotfl:), and then all the updates, and then all the software.....
Hardly a 30 minute activity... :rotfl:
I am an advocate of trying to fix it first - users gain an incredible amount of understanding for their systems whilst doing so - always a very valuable lesson.
If that fails, then do a system restore...
If all else fails - then reinstall from scratch. :T“That old law about 'an eye for an eye' leaves everybody blind. The time is always right to do the right thing.”0 -
I am an advocate of trying to fix it first - users gain an incredible amount of understanding for their systems whilst doing so - always a very valuable lesson.
This. And fixing the problem is in no way a 'patch over' either."If you no longer go for a gap, you are no longer a racing driver" - Ayrton Senna0 -
And then all the correct drivers (because Windows thinks it knows best :rotfl:), and then all the updates, and then all the software.....
Hardly a 30 minute activity... :rotfl:
I am an advocate of trying to fix it first - users gain an incredible amount of understanding for their systems whilst doing so - always a very valuable lesson.
If that fails, then do a system restore...
If all else fails - then reinstall from scratch. :T
It is a 30 minute job, if it takes you any longer than that, then their is something either incredibly wrong with your system, or yourself. Windows drivers can be a pain, especially pre Vista, but with a bit of prep takes 5 minutes to download them and put them onto a CD.
Of course fixing small problems is always recommended, but there is a limit you reach when you can almost never get rid of everything.
Carry on with the condescending smileys though, it makes you look incredibly intelligent and mature.Per Mare Per Terram0 -
I have done the system restore to the 13th June.. do I need to do the hijack.. (great debating by the way guys! Your all so clever!!)He who asks is a fool for five minutes, but he who does not ask remains a fool forever.
If you really cant knit very well, then practise drumming with the needles...
:j
0 -
Tia_Maria06 wrote: »I have done the system restore to the 13th June.. do I need to do the hijack.. (great debating by the way guys! Your all so clever!!)
1. Save this file to the desktop http://www.trendmicro.com/ftp/products/hijackthis/beta/HijackThis.exe
Then hold LEFT SHIFT and RIGHT CLICK on it, then Run as Administrator (or current user in XP) and do a SYSTEM SCAN and then SAVE LOG. Don't Fix anything, just copy/paste the log that comes up in notepad like you did with Malwarebytes.
2. Run Temp File Cleaner and reboot the computer while we look at the Hijackthis log http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/
(the debate is interesting, and no one is truly 'wrong' it's just different approaches. Personally I'd rather backup and reinstall from a computer that is at least 'mostly clean' rather than one actively infected)0 -
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:31:50, on 15/06/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\NewSoft\Smart Start UP\PnPDetect.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Me\My Documents\Downloads\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smart Start UP] C:\Program Files\NewSoft\Smart Start UP\PnPDetect.exe /Automation
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Me\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1240901943651
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1240902048381
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
--
End of file - 7750 bytesHe who asks is a fool for five minutes, but he who does not ask remains a fool forever.
If you really cant knit very well, then practise drumming with the needles...
:j
0 -
I've done the temp file cleaner and rebooted.. I have to go on a short course now, but willl be back later for sure.. thank you for all your help so far
He who asks is a fool for five minutes, but he who does not ask remains a fool forever.
If you really cant knit very well, then practise drumming with the needles...
:j
0 -
Looks okay to me.
1. I'd go into Avira (double click on the icon on system tray) and open the Configuration, and make sure the Threat Categories page looks similar to this: http://www.users.on.net/~russ/avirathreatcategories.png
It wouldn't hurt to set the Heuristics to 'High' on the Guard section, even if you get a higher chance or false positives.
2. Might be an idea to uninstall the out of date Adobe 8 as it will be a security risk, and reinstall with the latest version
http://get.adobe.com/reader/
3. If none of the programs you run ever use Java, then it would be better to simple uninstall it. At worst, you can just reinstall it if you later discover a program needs it. Java can be a security risk and slows the computer down with its autostarts.
4. I would uninstall the McAfee security scan as you don't need it.
5. The computer would run a bit faster if you considered uninstalling some of the toolbars/browser plugins like the Epson ones, and the Skype plugin (unless you use them).
5. Go back into Hijackthis, and Check the boxes next to these and select Fix Checked:
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
6. Press Start > Run > Mconfig (enter), then go to the Services tab, press 'Hide all Microsoft Services', and untick these if they are still there:
McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
and any Google entries
7. In MSCONFIG, select the Startups tab, and untick the following to stop them autorunning at startup:
Adobe (anything Adobe)
Sun Java
[QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
You may also consider unticking anything else you don't need autostarting with Windows, and if you have any problems just retick the program in question:
Google Update
[Smart Start UP] C:\Program Files\NewSoft\Smart Start UP\PnPDetect.exe /Automation
[EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
[avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
[LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
[LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.1K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244.1K Work, Benefits & Business
- 599K Mortgages, Homes & Bills
- 177K Life & Family
- 257.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards