Help please

Discussion in 'Malware Help (A Specialist Will Reply)' started by jennyjeon, Jun 10, 2007.

  1. jennyjeon

    jennyjeon Private E-2

    Okay, so i went through the READ ME AND RUN FIRST thing, but i had to do everything normal boot mode because i couldn't go into safe mode?

    The initial problem i had was that i had a pop-up informing me that i have a virus here: C:/systemvolumeinformation...A0023458.exe

    i don't think i got rid of this virus ( it said it was a trojan horse i think)

    so here are my logs, i'd really appreciate it if somebody would help me.

    thanks in advance! =)
     

    Attached Files:

    jennyjeon, Jun 10, 2007
    #1
  2. jennyjeon

    jennyjeon Private E-2

    here's another log.

    oh and i tried to do the panda active scan but it wouldn't let me for some reason.
     

    Attached Files:

    jennyjeon, Jun 10, 2007
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    You did not install and rename HijacThis as instructed in the READ ME. Please go back and follow the instructions exactly! Then attach a new log from HJT!

    Uninstall this Viewpoint Media Player as requested in step 0 of the READ ME,
    Uninstall this J2SE Runtime Environment 5.0 Update 9 as requested in step 6 of the READ ME.

    Now attach a new log from ShowNew!

    Things in System Volume Information are in System Restore and they cannot be cleaned. Toggling System Restore (step 8 of the READ ME) is required to remove these but this is not recommended until your PC is free from malware.
     
    chaslang, Jun 11, 2007
    #3
  4. jennyjeon

    jennyjeon Private E-2

    Oh, sorry =). OKay, so i went back and did what you told me to, so here are my hijackthis log and show new log.

    thank you -!
     

    Attached Files:

    jennyjeon, Jun 13, 2007
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Do you know what any of the below processes are? They all look like malware to me:
    O2 - BHO: ErWindow Class - {D12D2157-33E5-45f0-8E58-4D65035D2983} - C:\Program Files\ErWindow\ErWindow.dll (file missing)
    O4 - HKLM\..\Run: [DRScan] C:\Program Files\DRScan\DRScanMain.exe
    O4 - HKLM\..\Run: [WMSRC] C:\Program Files\Windows Media Player\siratic.exe
    O4 - HKLM\..\Run: [bdscan] C:\WINDOWS\System32\bdscan.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [´ÚÅÍÇǾ¾] c:\Program Files\drpc\drpc.exe hidden
    O4 - HKLM\..\Run: [MicroADScan] C:\Program Files\MicroADScan\MicroADScan.exe Icon
    O4 - HKLM\..\Run: [spintmp] C:\WINDOWS\system32\spintmp.exe
    O4 - HKLM\..\Run: [vacpro] C:\Program Files\vacpro\vaccineprogram.exe 1
    O4 - HKLM\..\Run: [tttssa] C:\WINDOWS\system32\tttssa.exe
    O4 - HKLM\..\Run: [UniTtte] C:\WINDOWS\system32\UniTtte.exe
    O4 - HKCU\..\Run: [windowuip.exe] C:\WINDOWS\System32\windowuip.exe
    O4 - HKCU\..\Run: [ErWindow] C:\Program Files\ErWindow\ErWindow.exe
    O4 - HKCU\..\Run: [mode32] C:\WINDOWS\system32\mode32.exe
    O23 - Service: Session Simulator (sessionsim) - Unknown owner - C:\Program Files\NetMeeting\sssnsml.exe
    O23 - Service: Typer Interface Service (typemgr2) - Unknown owner - C:\WINDOWS\system32\Macromed\hddmgrs.exe

    You never attached the requested log from CounterSpy. Please attach it.
     
    chaslang, Jun 13, 2007
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds