Help I got Virus's (I think

Mudshark · Mar 26, 2005

I have tried the instructions in the do not post until you read this. I am still having trouble with two virus's, ie, and the windows menu drop down boxes. Possibly the last two items are related to the virus. My AVG detects the following items and removes them but they seem to come back the files are access_now.exe and prvdi.exe. Also every time I get out of IE I get an "iexplore.exe - application error" and the drop down menu boxes on windows stuff (ie, excel) are outlined but there is nothing to see in the box. Anybody else heard of these items????please help!!!! I been messing with this for about 2 weeks . Any help would be appreciated.

seaside · Mar 26, 2005

if you have done all that these guys have said including the online scans then download the latest hijack this;
read the stickys

chaslang · Mar 27, 2005

If you have run all the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal and you are still having a problem, follow the steps below. But make sure all steps have been followed (including the online scans) to avoid any delay in reading your HJT log.

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

Mudshark · Mar 27, 2005

Thanks for the help!!! Here's my HiJackthis log. In addition to the above trojans (that's what AVG is calling them I seem to have received another last night) "dap.exe" seems to be a Trojan Horse Dialer.20.ag.
"access_now.exe" seems to be a Trojan Horse Downloader.small.11.BU
"prvdi.exe" seems to be a Trojan Horse Dropper.small.9.BU

Again thanks for the help!!

chaslang · Mar 27, 2005

Please install HijackThis correctly as my previous message indicated. You are running the executable directly from the ZIP file which is what I specifically requested that you not do. You will not get any backups of changes we make if you run it this way.

dap.exe is normally Download Accelerator Plus. Older versions were considered a form a malware.

If you do not use Viewpoint (Viewpoint Manager), you should uninstall it using Add/Remove programs. It is part of many items that AOL installs on your system without asking permission and most people do not use it.

chaslang · Mar 27, 2005

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O18 - Protocol: bw+0 - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {7671A6D7-F827-4F6C-95F5-4B2DB7DC1799} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

After clicking Fix, exit HJT.

Now reboot in normal mode and post a new HJT log. And tell us how things are working. If you continue to all this stuff from Logitech show up in your log, I would look into uninstalling the Logitech Desktop Messenger program.

Mudshark · Mar 27, 2005

Great, everthing seems to be working now. I went ahead and uninstalled logitech stuff (guess it loaded with the mouse hardware). Thanks again for all your help. Just sorry i didn't find ya'll sooner IYO should this fix those pesky little virus's? Thanks

Mudshark · Mar 27, 2005

sorry I did the HiJack thing wrong.(newbie!! ) i redid it according to your post & email and here's the log. Thanks again for your help and everything still seems to work ok. Thanks

Mudshark · Mar 27, 2005

1 more question. With everything running correctly should I turn system restore back on and get a restore point with current TIme/date?
Thanks again for your help
Mudshark

Mudshark · Mar 27, 2005

back to getting "iexplore - application error" and now getting "outlook.exe - application error". Also the menu drop down boxes in all windows applications have disappeared.

chaslang · Mar 27, 2005

So what has been changed! Your last three HJT logs seem to be changing (at least the running processes are). Have you been changing anything on your own?

Mudshark · Mar 27, 2005

??haven't changed anything except what your post told me to and I went ahead and uninstalled the Logitech stuff. When I logged on to WinMX it had to remap the download path though.

chaslang · Mar 28, 2005

I do not see any obvious problems in your HJT log. Did you install the below:

O23 - Service: Super Ad Blocker Service (SABSVC) - Unknown owner - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE (file missing)

Try running a couple other online scanning tools:

Bitdefender online scan
RavAntivirus online scan <-- select Auto Clean then click Scan My PC
TrojanScan online scan

Mudshark · Mar 28, 2005

no I didn't install that. I think it installed with another cleaner (XCleaner) i dunno. I'll try those scans. Thanks I really appreciate your time. If the scans don't work, I think I'll try the restore disks from Dell. I really do appreciate the help.

chaslang · Mar 28, 2005

If you do not use Super Ad Blocker, you should look to see if it can be uninstall using Add/Remove programs.

Log in or Sign up

Help I got Virus's (I think

Mudshark Private E-2

seaside Corporal

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Mudshark Private E-2

Attached Files:

hijackthis.log

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Mudshark Private E-2

Attached Files:

hijackthis.log

Mudshark Private E-2

Attached Files:

hijackthis.log

Mudshark Private E-2

Mudshark Private E-2

Attached Files:

hijackthis.log

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Mudshark Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Mudshark Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member