cant get rid of Win32:jeefo

lethalforce

lethalforce

New Member
this pesky virus infects every exe on my computer and i can only delete them :mad: but that's not the worst part, everything i restart my computer IT COMES BACK! so i have to reinstall those programs again and again! it evens has antivir find files that are its own as threats because those exe have the virus in it!

i used avast which found it but could do anything, i used the upandcoming bit defender (great program by the way) which found and disinfected it but whenever i restart my computer and scan again it finds it again! it enfects the svhost.exe

here's my hijack this:

Logfile of HijackThis v1.99.1
Scan saved at 11:49:42 AM, on 8/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender8\bdlite.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jason\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153861146787
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
 
Let's have a look at your 'Add/Remove' list first.

Run hijack this, click the "open misc. tool section" button, click "open uninstall manager>click save list,yes to the prompts, notepad will open with your add/remove programs list.Post that list here.
 
3DMark05
7-Zip 4.42
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.8
Alcohol 120%
AMD Dual-Core Optimizer
America's Army
Ares 1.9.0
Azureus
BitDefender 8 Free Edition
Black & White® 2 Demo
Black and White
Call of Duty Game of the Year Edition
Canon PIXMA iP1500
CCleaner (remove only)
Fraps (remove only)
GCFScape 1.4.1
GTA San Andreas
GTA2
GTAIII
HijackThis 1.99.1
Hitman Blood Money
J2SE Runtime Environment 5.0 Update 6
K-Lite Codec Pack 2.75 Full
Linksys Wireless-G PCI Adapter
Microsoft .NET Framework 2.0
Mozilla Firefox (1.5)
MSN Music Assistant
MTA: Race for San Andreas 1.1.1
NVIDIA Drivers
Postal 2 Share The Pain
Prey Demo
Project64 1.6
QuickTime
Realtek AC'97 Audio
REALTEK GbE & FE Ethernet PCI NIC Driver
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Spybot - Search & Destroy 1.4
Starcraft
Windows Defender
Windows Defender Signatures
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 2
World of Warcraft
Xfire (remove only)
 
Begin by uninstalling the following, rebooting, navigating to the 'Program Files' folder and deleting any reminents.

Ares 1.9.0
J2SE Runtime Environment 5.0 Update 6

Proceed here and install the latest version of 'Java'. http://java.sun.com/javase/downloads/index.jsp

Also, go to 'Control Panel/folder options/view' and check 'show hidden files and folders'.While there, UNCHECK 'hide protected operating system files(recommended)'. Click Apply and Okay.

Download Ewido http://www.ewido.net/en/download/ then set it up this way http://rstones12.geekstogo.com/ewidosetup.htm You will need this later in safe mode
Make sure to update this program.

Next, download, install and update 'A-squared' here http://www.emsisoft.com/en/software/free/

Download, install and update this excellent freebie- Superantispyware here http://www.superantispyware.com/download.html

Download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ You will need it later in safe mode.

Download 'Killbox' here http://www.downloads.subratam.org/KillBox.exe to your desktop.You will need it later in safe mode.

Please make sure ALL security programs including 'Spybot' are disabled until they are needed.

Reboot your computer in Safe Mode by doing the following.

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

Instead of Windows loading as normal, a menu with options should appear;

Select the first option, to run Windows in Safe Mode, then press "Enter".

Choose whichever account that you normally use.

Again, make sure ALL security programs including 'Spybot' are disabled until they are needed.

Run Killbox from safe mode. Start Killbox place a tick next to [x]Delete on reboot "Press the All Files button"
Copy this whole list into the windows clipboard, all the bolded file paths below. Copy the following list of files to clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\svchost.exe

Next in Killbox go to File > Paste from clipboard
"Click on the All Files button."
Next click on the button that has the red circle with the white X in the middle.
It will ask for confimation to delete the files on next reboot and ask you if you want to reboot now.
Click Yes and let the computer reboot. If the computer does not reboot automatically just reboot it manually.

Reboot to safe mode once again.

Begin running your scans in this order.

A-squared
Ewido
Superantispyware

Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Reboot into normal windows , run ATF cleaner again and run this online scan from F-secure http://support.f-secure.com/enu/home/ols.shtml There should be a scan log at the end so if any infections remain, post that log along with a fresh 'HJT' log.
 
You must log in or register to reply here.
Back
Top