 |
 |
|
|
|||||||
|
||||||||
10-20-2006, 07:45 PM
|
#1 (permalink) |
|
New Member
 Join Date: Oct 2006
Posts: 2
|
i got a virus problem.. its a Trojan Horse Dailer..
Hey People,
i got a virus problem for over a week now.. i just cleaned my pc before i got this virus problem.. (just reinstalling windows) and i have no idea how it came on my pc.. but anyway i need to get rid of it everyday i get messages that theres a virus in Windows.. this sucks realy.. so my question is can anyone help me out? Ps i'm using AVG virus scanner. |
|
|
|
10-21-2006, 11:43 AM
|
#3 (permalink) |
|
New Member
Join Date: Oct 2006
Posts: 2
|
Well Spybot didn't get rid of it, its just like it comes back everytime i deleted it...
wel here is my logfile of HijackThis. Logfile of HijackThis v1.99.1 Scan saved at 12:42:44, on 21-10-2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\RunDLL32.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\WINDOWS\System32\Rundll32.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\DAEMON Tools\daemon.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\System32\ctfmon.exe C:\DOCUME~1\Marthos\APPLIC~1\WNSXS~1\winspool.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\??stem\??ool32.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\sxserv101.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R3 - URLSearchHook: (no name) - {5333BD8A-2569-73EC-4913-59C7EE07B49A} - C:\WINDOWS\System32\xio.dll O2 - BHO: (no name) - {5333BD8A-2569-73EC-4913-59C7EE07B49A} - C:\WINDOWS\System32\xio.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00401} - C:\WINDOWS\system32\fontexta.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Ewut] "C:\DOCUME~1\Marthos\APPLIC~1\WNSXS~1\winspool.exe " -vt yazb O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Zpyjtycj] C:\WINDOWS\system32\??stem\??ool32.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: wingsa32 - C:\WINDOWS\SYSTEM32\wingsa32.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SX Service (SXServ) - Unknown owner - C:\WINDOWS\system32\sxserv101.exe |
|
|
|
|
10-21-2006, 12:55 PM
|
#4 (permalink) |
|
Gold Member
 
Join Date: Mar 2006
Location: Scotland, infront of my computer
Age: 16
Posts: 256
|
You should update your internet explorer.
You definatly have some type of virus. Run the scan again and this time put a tick in the boxes beside these entries and click fix checked: C:\DOCUME~1\Marthos\APPLIC~1\WNSXS~1\winspool.exe C:\WINDOWS\system32\??stem\??ool32.exe C:\WINDOWS\system32\sxserv101.exe R3 - URLSearchHook: (no name) - {5333BD8A-2569-73EC-4913-59C7EE07B49A} - C:\WINDOWS\System32\xio.dll O2 - BHO: (no name) - {5333BD8A-2569-73EC-4913-59C7EE07B49A} - C:\WINDOWS\System32\xio.dll O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00401} - C:\WINDOWS\system32\fontexta.dll O4 - HKCU\..\Run: [Ewut] "C:\DOCUME~1\Marthos\APPLIC~1\WNSXS~1\winspool .exe " -vt yazb O4 - HKCU\..\Run: [Zpyjtycj] C:\WINDOWS\system32\??stem\??ool32.exe O20 - Winlogon Notify: wingsa32 - C:\WINDOWS\SYSTEM32\wingsa32.dll O23 - Service: SX Service (SXServ) - Unknown owner - C:\WINDOWS\system32\sxserv101.exe After You have done that download ewido and from here and run it. Once you have done that go to here andf run the free scan. After that reboot your pc and scan with hijack this again and then post the new log. |
|
|
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| windows xp problem with writing to disk...HELP | gus | Operating Systems | 4 | 02-25-2005 11:36 PM |
| Virus Problem please help! | billiegirl | Computer Security | 2 | 02-01-2005 06:36 PM |
| Again Linux Problem and More | weixifan | Operating Systems | 0 | 01-13-2005 09:05 AM |
| FireDaemon.exe virus and a MBM5 problem. . . | Crash5291 | General Software | 5 | 12-21-2004 09:45 PM |
| Have i got a virus? | choke | General Computer Chat | 1 | 08-15-2004 05:27 PM |
Linear Mode
