Can't remove downloader.agent.bf

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by JohnLips, Jul 1, 2004.

  1. JohnLips

    JohnLips Private E-2

    I can't seem to get rid of this virus and some adware, I remove it but when I reboot and open IE it all comes back. Help Please. I am running Windows ME 256MB ram athlon 1200.
    I am enclosing a copy of my Hijack This. Thank You for any help.
    John

    Logfile of HijackThis v1.98.0
    Scan saved at 2:07:38 PM, on 7/1/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\LEXBCES.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\LEXPPS.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\WUAUCLT.EXE
    C:\WINDOWS\DESKTOP\HJT\HIJACKTHIS.EXE
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\kragl.dll/sp.html#37049
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://kragl.dll/index.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://kragl.dll/index.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\kragl.dll/sp.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\kragl.dll/sp.html#37049
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://kragl.dll/index.html#37049
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://quick-searcher.com/index.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = res://xppjk.dll/index.html#37049
    R3 - Default URLSearchHook is missing
    O2 - BHO: Class - {B878818F-2279-A2FE-62AA-5B8166B041ED} - C:\WINDOWS\JAVAMA32.DLL (file missing)
    O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Class - {C05646FA-C1A4-9E71-021F-2D58A263D05A} - (no file)
    O2 - BHO: Class - {2D6C9AEC-C056-9684-E7B2-B6F394369B55} - C:\WINDOWS\JAVAMA32.DLL (file missing)
    O2 - BHO: Class - {5207E714-5707-5087-6F6B-4F5D816A793D} - C:\WINDOWS\JAVAMA32.DLL (file missing)
    O2 - BHO: Class - {EDA38CC9-B865-78BD-C1A5-843DCC6547D9} - C:\WINDOWS\MFCJJ32.DLL (file missing)
    O2 - BHO: Class - {B5661CBD-B27D-8D24-63DC-F855E7DA949A} - C:\WINDOWS\SYSTEM\IPMR.DLL (file missing)
    O2 - BHO: Class - {3BDA5C2B-5649-24F9-6A44-22FDF760EFBB} - C:\WINDOWS\SYSTEM\APIBO.DLL (file missing)
    O2 - BHO: Class - {BA99CB3D-40D4-C737-DC41-87352CA011A4} - C:\WINDOWS\SYSTEM\SYSFQ.DLL (file missing)
    O2 - BHO: Class - {322C1801-FA23-AB9E-7F00-648E62563F51} - C:\WINDOWS\SDKCY.DLL (file missing)
    O2 - BHO: Class - {07DD92D4-CC5A-5DAA-B7C4-DEC0B6D55959} - C:\WINDOWS\ATLXD.DLL (file missing)
    O2 - BHO: Class - {1D30E5A0-28E5-58CC-B632-2ECF3ADEF219} - C:\WINDOWS\ATLFJ32.DLL (file missing)
    O2 - BHO: Class - {BE5B6D1D-214D-2619-4F51-1F58C800405F} - C:\WINDOWS\SYSTEM\D3BD.DLL (file missing)
    O2 - BHO: Class - {32E2D79F-7E29-8D2B-44A9-EE5B4DAB119F} - C:\WINDOWS\SYSTEM\IPNN32.DLL (file missing)
    O2 - BHO: Class - {9CCFB9DF-709E-2D61-6D3C-6D1D1EAFF23A} - C:\WINDOWS\SYSTEM\WINOL32.DLL (file missing)
    O2 - BHO: Class - {0A01425A-FE96-A0ED-E1F3-04A6B2DBFCF6} - C:\WINDOWS\SYSTEM\JAVAYI.DLL (file missing)
    O2 - BHO: Class - {A97FEAF2-75B8-38FA-7713-906F4ABA2F05} - C:\WINDOWS\SYSTEM\CRVQ32.DLL (file missing)
    O2 - BHO: Class - {8FB2904E-027B-350B-649B-63FF31B2CF47} - C:\WINDOWS\MSPC.DLL (file missing)
    O2 - BHO: Class - {46EC430B-2D7B-C7B4-BA64-849FD035210F} - C:\WINDOWS\JAVANU32.DLL (file missing)
    O2 - BHO: Class - {7D7658A2-AB1F-B07C-B5BB-649E088535BC} - C:\WINDOWS\SYSDI32.DLL (file missing)
    O2 - BHO: Class - {955DE456-4FC8-12F9-FA9B-0600591E904D} - C:\WINDOWS\APPVW32.DLL (file missing)
    O2 - BHO: Class - {037588D0-ABA3-9096-398A-8C5DEE42850A} - C:\WINDOWS\SYSTEM\NTEH32.DLL (file missing)
    O2 - BHO: Class - {3643E8BC-9D97-5ADE-54D4-D62AAF848290} - C:\WINDOWS\SYSTEM\D3YK.DLL (file missing)
    O2 - BHO: Class - {04EE4D27-8D30-3660-7404-C108546286A8} - C:\WINDOWS\SYSTEM\SYSPM32.DLL (file missing)
    O2 - BHO: Class - {664D880B-3A55-72CC-1A19-71433B81D7CF} - C:\WINDOWS\ADDSO32.DLL (file missing)
    O2 - BHO: Class - {45055C44-55E6-AD22-DB63-D4A8D31544AB} - C:\WINDOWS\IEHO32.DLL (file missing)
    O2 - BHO: Class - {EC2E2D6A-3694-02FD-16A8-32314B7F1C88} - C:\WINDOWS\SYSTEM\IPMZ32.DLL (file missing)
    O2 - BHO: Class - {AA0B70B4-0585-98FF-591D-792B7C365368} - C:\WINDOWS\MFCSR32.DLL (file missing)
    O2 - BHO: Class - {A522B6F5-3801-8D41-9C0B-CBCF169ADFBD} - C:\WINDOWS\SYSTEM\SYSMV32.DLL (file missing)
    O2 - BHO: Class - {C66732A6-EC21-52D4-C47B-D16697AAFF45} - C:\WINDOWS\IPBT32.DLL (file missing)
    O2 - BHO: Class - {9E10B616-D6A4-32D5-95E7-6F227792C942} - C:\WINDOWS\D3II.DLL (file missing)
    O2 - BHO: Class - {EFF8EC3A-C0B2-A458-9B50-41DC660D3D07} - C:\WINDOWS\SYSEI32.DLL (file missing)
    O2 - BHO: Class - {41C43085-B29C-E651-7F49-3DE3897C2CDA} - C:\WINDOWS\SYSTEM\MFCDM32.DLL (file missing)
    O2 - BHO: Class - {70C0DFF9-6D20-CC69-6516-900255F1F512} - C:\WINDOWS\IEWK.DLL (file missing)
    O2 - BHO: Class - {852B4036-CDE7-152D-D073-32287D1E5995} - C:\WINDOWS\SDKAQ.DLL (file missing)
    O2 - BHO: Class - {8BCBFC4E-F7DC-458B-C874-4070B7A87054} - C:\WINDOWS\CRPY.DLL (file missing)
    O2 - BHO: Class - {F8241258-7425-E5B8-2794-A607FBD21C67} - C:\WINDOWS\SYSBD.DLL (file missing)
    O2 - BHO: Class - {8C63D038-2323-A079-1DD0-E7F346EF140E} - C:\WINDOWS\JAVAIC32.DLL (file missing)
    O2 - BHO: Class - {8EB63389-EE8B-5986-066C-3712566B071A} - C:\WINDOWS\SYSTEM\JAVAZD.DLL (file missing)
    O2 - BHO: Class - {BDB5955C-9FF8-325D-8DBB-89CE2D9B30C1} - C:\WINDOWS\D3BR32.DLL (file missing)
    O2 - BHO: Class - {07AA0D39-02E3-677B-1C65-8949A994E0F0} - C:\WINDOWS\MSVQ.DLL (file missing)
    O2 - BHO: Class - {3FF22A8B-66B0-D57F-BCC2-241193115492} - C:\WINDOWS\SYSTEM\ADDFO32.DLL (file missing)
    O2 - BHO: Class - {5DBD25EB-EA8A-07D7-E366-2146A2ECD99B} - C:\WINDOWS\SYSTEM\IEOY.DLL (file missing)
    O2 - BHO: Class - {FD36A3E7-7F3E-0573-D1F7-77F173683B92} - C:\WINDOWS\MFCXP32.DLL (file missing)
    O2 - BHO: Class - {5B7AB13C-069E-0A96-369B-83180E283DCD} - C:\WINDOWS\ATLNV.DLL (file missing)
    O2 - BHO: Class - {98992BEF-C386-CF53-DECE-D2A0FB2B61D0} - C:\WINDOWS\ATLDJ32.DLL (file missing)
    O2 - BHO: Class - {EEFC716C-4EB3-E35E-8C8B-71772121F4C1} - C:\WINDOWS\ADDDU32.DLL (file missing)
    O2 - BHO: Class - {30E75F1B-DA96-4317-1991-E956A73591D2} - C:\WINDOWS\SYSTEM\APPQP32.DLL (file missing)
    O2 - BHO: Class - {0089AB79-34E9-0ABF-5AF2-3D27B3E4CBA4} - C:\WINDOWS\SYSTEM\ADDAW.DLL (file missing)
    O2 - BHO: Class - {35470F33-E453-DFCB-73C8-AF1A289B6F80} - C:\WINDOWS\SYSHE.DLL (file missing)
    O2 - BHO: Class - {2AD27B78-A144-13BF-3CFD-8C2B118FCB77} - C:\WINDOWS\SDKEA.DLL (file missing)
    O2 - BHO: Class - {D2789B00-D8F2-A745-461A-8BFC3678D252} - C:\WINDOWS\SYSTEM\IEPL.DLL (file missing)
    O2 - BHO: Class - {FA0B86D4-C10E-BFC7-9A62-410395A5449D} - C:\WINDOWS\SYSTEM\SDKFQ.DLL (file missing)
    O2 - BHO: Class - {6A361680-C454-C714-DE0E-8D884A7960E2} - C:\WINDOWS\SYSTEM\ATLZQ32.DLL (file missing)
    O2 - BHO: Class - {66C35016-5592-5C2D-5E3A-95C2E0AF7ADC} - C:\WINDOWS\SYSTEM\SDKGC.DLL (file missing)
    O2 - BHO: Class - {5DC88E0F-A0E6-75F1-8BB6-3515B32289A8} - C:\WINDOWS\SYSTEM\APPSL32.DLL (file missing)
    O2 - BHO: Class - {41010D82-27CE-1228-A8BB-341928A71CFD} - C:\WINDOWS\SYSTEM\APPYD32.DLL (file missing)
    O2 - BHO: Class - {340035E2-30D5-9AC6-0792-7AEABB284C0D} - C:\WINDOWS\SDKHE32.DLL (file missing)
    O2 - BHO: Class - {E3713D32-4404-118A-8F1C-4EDBD1BFEE70} - C:\WINDOWS\MSEV32.DLL (file missing)
    O2 - BHO: Class - {86EC1399-152F-7B85-24FA-2CE7E962248F} - C:\WINDOWS\IEAU32.DLL (file missing)
    O2 - BHO: Class - {6F602FD6-D87A-FBB2-6E16-961DD4CD1331} - C:\WINDOWS\IEKK.DLL (file missing)
    O2 - BHO: Class - {344D49B2-B2A8-BBF7-C39B-DEAAEB9FBA4E} - C:\WINDOWS\WINGA32.DLL
    O2 - BHO: Class - {427883E4-77FD-0FBD-0A27-92CC8F6BD789} - C:\WINDOWS\SYSTEM\WINUC32.DLL (file missing)
    O2 - BHO: Class - {881AF141-FCA6-71F0-838B-83EB9E3BE2CA} - C:\WINDOWS\SYSTEM\JAVAJJ32.DLL (file missing)
    O2 - BHO: Class - {EDF94985-0AA4-714B-4D3F-E2B133CFEEAD} - C:\WINDOWS\IETO.DLL (file missing)
    O2 - BHO: Class - {738E938C-0376-DF66-9DCA-6F6A9AC3C996} - C:\WINDOWS\MSHD.DLL (file missing)
    O2 - BHO: Class - {392A8C5B-144A-0321-C773-9AA02D3AC373} - C:\WINDOWS\SYSTEM\MFCFQ32.DLL (file missing)
    O2 - BHO: Class - {13AED04D-B39A-CCFF-16C3-9907B80CE631} - C:\WINDOWS\MFCBV32.DLL (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
    O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL
     
    JohnLips, Jul 1, 2004
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    John, this is the infamous "Only the Best" hijacker issue we have been working fixes out on. But let's first try the new Ad-aware with today's updated reference list and the VX2 plugin. Here's what I want you to do:

    1) if you do not already have it, download Ad-aware from: http://www.majorgeeks.com/download506.html
    2) install it and update the reference list (but do not run it yet). If you have a problem, updating online then download the latest reference list from: http://www.majorgeeks.com/download726.html
    and unzip it right into the C:\Program Files\Lavasoft\Ad-aware 6 directory overwriting the old reflist.
    3) Download and install the VX2 Cleaner Plug-In for Ad-Aware. 1.01

    Run the VX2 cleaner plug-in:
    How to use Lavasoft’s VX2 Cleaner plug-in:
    - Close Ad-Aware 6 build 181 and Ad-Watch (if running)
    - Download the free VX2 Cleaner here
    - Install the VX2 Cleaner
    - Start Ad-Aware 6 build 181
    - Go to “Plug-ins”
    - Select the VX2 Cleaner plug-in and click “Run Plugin”
    - If your computer isn’t infected, click “Close”.


    Now boot in safe mode and run a fullscan with Ad-aware.

    Here's how to boot in safe mode: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406
    Here's how to set it up for a full scan: http://www.lavahelp.com/howto/fullscan/index.html

    See if this helps. Post another log afterwards. If it does not fix the problem, we will have to use the approach here: http://www.majorgeeks.com/vb/showthread.php?t=35917
     
    chaslang, Jul 1, 2004
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds