ComputerForum.com ComputerForum.com  

Go Back   Computer Forum > Computer Software > Computer Security
Malware!!! Malware!!!
Register FAQ Members List Social Groups Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
Old 04-18-2006, 07:58 AM   #1 (permalink)
Bronze Member
 
Join Date: Mar 2006
Location: Quezon City, Philippines
Age: 18
Posts: 54
Default Malware!!!
Hi, there!!!
Can anyone help me with my problem?!?
I use avast! 4.6 Home Edition and find it a malware.
A Malware was found!
File Name : http://www.impotato.com/a412/a571.php?m=1&b=779&c=4\[UPX]
Malware Name : Win32 : Dialer-520 [Trj]
Malware Type : Dialer

and i don't know how to deal with this!!! avast! recommends only to abort connection to stop the download this file to my computer!!! Here's my HJTL:

Logfile of HijackThis v1.99.1
Scan saved at 2:03:44 AM, on 4/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SamsungODD\Magic Speed\MagicSL.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Paul Anthony.BETH-NEDXPYFDY9\Desktop\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MagicSpeed] C:\Program Files\SamsungODD\Magic Speed\MagicSL.exe /autorun
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab40641.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/insta...SSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10...y.cab32846.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab32846.cab
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/produc...ed/mvt/mvt.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames...l.cab42858.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10...y.cab41227.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F925EB14-F13A-4E21-B545-CC4B8F2616ED}: NameServer = 202.78.97.41 202.78.97.2
O20 - Winlogon Notify: winpdc32 - C:\WINDOWS\SYSTEM32\winpdc32.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

Any help from you will be appreciated!!! thanks!!!
__________________
Highlight It To View!!!
Intel Celeron 2.00 GHz
ASRock M266A VIA
S3 Grapchics ProSavageDDR
128 MB DDR RAM
40 GB HDD
Samsung CD-RW Drive
Windows XP Professional SP2
Last edited by PaulAnthony2233; 04-18-2006 at 08:02 AM.
PaulAnthony2233 is offline   Reply With Quote


Old 04-18-2006, 04:59 PM   #2 (permalink)
Digaredd
 
Buzz1927's Avatar
 
Join Date: May 2005
Location: Melbourne AU
Posts: 7,613
Default
Run Hijackthis and select "Do a system scan only", place a check by the following entries.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O20 - Winlogon Notify: winpdc32 - C:\WINDOWS\SYSTEM32\winpdc32.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

Close all open windows and browsers, and hit "Fix Checked".

Delete this file.

C:\WINDOWS\SYSTEM32\winpdc32.dll

Reboot and post a new log.
__________________
Son of Glyndwr
Mae hen wlad fy nhadau yn annwyl i mi
Buzz1927 is offline   Reply With Quote
Old 04-19-2006, 05:39 AM   #3 (permalink)
Bronze Member
 
Join Date: Mar 2006
Location: Quezon City, Philippines
Age: 18
Posts: 54
Default Malware!!!
Ok, i do system scan only and checked and fix this things:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blankR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O20 - Winlogon Notify: winpdc32 - C:\WINDOWS\SYSTEM32\winpdc32.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

but, i don't see this things:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

i don't think that the malware was removed because it pop-ups again!!!
please help me what shall i do!!!
Thank!!!
__________________
Highlight It To View!!!
Intel Celeron 2.00 GHz
ASRock M266A VIA
S3 Grapchics ProSavageDDR
128 MB DDR RAM
40 GB HDD
Samsung CD-RW Drive
Windows XP Professional SP2
PaulAnthony2233 is offline   Reply With Quote
Old 04-19-2006, 09:02 AM   #4 (permalink)
Platinum Member
 
mrgeorgedude's Avatar
 
Join Date: Jan 2006
Location: California
Age: 18
Posts: 711
Default
no the ones u said u couldnt find ARE there, i see them, which is why ur still gettin popups...look about halfway in ur log and theyll be there...
__________________
MOBO : Biostar Tforce4 6100-939
CPU : AMD athlon 3500+ @ 2.5ghz
RAM : 1gb Mem (512 by 512mb Corsair)
CASE : Xion II (with cool blue cathode lights inside)
HDD : 120gb and 80gb...both at 7200rpm
GPU : eVGA geforce 7600GT
mrgeorgedude is offline   Reply With Quote
Reply

Bookmarks

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT +1. The time now is 12:20 AM.

Contact Us - Computer Forum - Sitemap - Top

Powered by: vBulletin Version 3.8.4
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.0 ©2009, Crawlability, Inc.
Copyright © 2002-2009 Computer Forum - Internet Business - Web Design Forum