i got a virus problem.. its a Trojan Horse Dailer..

D

Dr.Masker.Rain.

New Member
Hey People,

i got a virus problem for over a week now.. i just cleaned my pc before i got this virus problem.. (just reinstalling windows) and i have no idea how it came on my pc.. but anyway i need to get rid of it everyday i get messages that theres a virus in Windows.. this sucks realy.. so my question is can anyone help me out?

Ps i'm using AVG virus scanner.
 
try spybot if that doesnt work get highjack this and post log on here someone will be able to help you (google them)
 
Well Spybot didn't get rid of it, its just like it comes back everytime i deleted it...

wel here is my logfile of HijackThis.


Logfile of HijackThis v1.99.1
Scan saved at 12:42:44, on 21-10-2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\DOCUME~1\Marthos\APPLIC~1\WNSXS~1\winspool.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\??stem\??ool32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\sxserv101.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R3 - URLSearchHook: (no name) - {5333BD8A-2569-73EC-4913-59C7EE07B49A} - C:\WINDOWS\System32\xio.dll
O2 - BHO: (no name) - {5333BD8A-2569-73EC-4913-59C7EE07B49A} - C:\WINDOWS\System32\xio.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00401} - C:\WINDOWS\system32\fontexta.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Ewut] "C:\DOCUME~1\Marthos\APPLIC~1\WNSXS~1\winspool.exe" -vt yazb
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Zpyjtycj] C:\WINDOWS\system32\??stem\??ool32.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: wingsa32 - C:\WINDOWS\SYSTEM32\wingsa32.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SX Service (SXServ) - Unknown owner - C:\WINDOWS\system32\sxserv101.exe
 
You should update your internet explorer.
You definatly have some type of virus.
Run the scan again and this time put a tick in the boxes beside these entries and click fix checked:

C:\DOCUME~1\Marthos\APPLIC~1\WNSXS~1\winspool.exe

C:\WINDOWS\system32\??stem\??ool32.exe

C:\WINDOWS\system32\sxserv101.exe

R3 - URLSearchHook: (no name) - {5333BD8A-2569-73EC-4913-59C7EE07B49A} - C:\WINDOWS\System32\xio.dll

O2 - BHO: (no name) - {5333BD8A-2569-73EC-4913-59C7EE07B49A} - C:\WINDOWS\System32\xio.dll

O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00401} - C:\WINDOWS\system32\fontexta.dll

O4 - HKCU\..\Run: [Ewut] "C:\DOCUME~1\Marthos\APPLIC~1\WNSXS~1\winspool.exe " -vt yazb

O4 - HKCU\..\Run: [Zpyjtycj] C:\WINDOWS\system32\??stem\??ool32.exe

O20 - Winlogon Notify: wingsa32 - C:\WINDOWS\SYSTEM32\wingsa32.dll

O23 - Service: SX Service (SXServ) - Unknown owner - C:\WINDOWS\system32\sxserv101.exe

After You have done that download ewido and from here and run it. Once you have done that go to here andf run the free scan. After that reboot your pc and scan with hijack this again and then post the new log.
 
You must log in or register to reply here.
Back
Top