Virus problem

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by rehabb, Aug 24, 2004.

  1. rehabb

    rehabb Private E-2

    PLEASE HELP ME FIX THIS VIRUS

    Logfile of HijackThis v1.98.2
    Scan saved at 6:55:37 PM, on 8/24/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
     

    Attached Files:

    Last edited by a moderator: Aug 24, 2004
    rehabb, Aug 24, 2004
    #1
  2. PhilliePhan

    PhilliePhan Guest

    Hi rehabb,

    There are a lot of bad things in this log - but this is not the forum for that :)

    You need to read these links:
    First - http://forums.majorgeeks.com/announcement.php?f=35

    Then- http://forums.majorgeeks.com/showthread.php?t=35407

    Lastly, if you are asked for a log, read this first - http://forums.majorgeeks.com/showthread.php?t=38752 Pay particular attention to the beginning in bold print. You are running HJT from the wrong place to begin with.

    If you follow the above instructions in the Spyware Specific Forum, you'll get the help you need :cool:

    PP
     
    PhilliePhan, Aug 24, 2004
    #2
  3. carl_tapp_775

    carl_tapp_775 Private First Class

    Don't do as I did and try to rush through the process of the fix. These guys can help if you take your time and read carefully to what they sugest. Words of wisdom !

    CT
     
    carl_tapp_775, Aug 24, 2004
    #3
  4. rehabb

    rehabb Private E-2

    alright i did the steps want a log?
     
    rehabb, Aug 24, 2004
    #4
  5. rehabb

    rehabb Private E-2

    here it is anyway please help me
     

    Attached Files:

    rehabb, Aug 24, 2004
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You did not do all the steps! You have not gone to Microsoft to get your Critical (High Priority) updates.
    The first step in the thread you were referred to gave:

    Getting Prepared 1-6; Step to be sure your system is being scanned correctly:

    1: Windows Update; Update your copy of Windows at Windows Update. Just click on Start, then Windows Update. Many security loopholes are found and exploited and Microsoft patches for these. Millions of people were affected by the Blaster worm because they were not up to date, as an example. If your not up to date, your at risk. You can setup automatic updates in your control panel; go to Start, Settings, Control panel.

    You need to do this. Even your Internet Explorer is out of date. Who knows what else?

    You also did not put HijackThis in its own, non-temp directory. You are running it from the ZIP file. You must follow the advice in the HijackThis Tutorial link you were given.

    Did you run CWShredder? I see a CWS related infection?

    You should have also told us the results of running various steps so we know what kinds of problems had been found and removed.

    Uninstall from Add/Remove programs (if you can find them there):
    1) WeatherBug
    2) all the Wild Tangent stuff (unless you really feel you must use this)
    3) BullsEye Network
    4) Web Offer

    Run these too and let me know if they find anything and what :
    http://www.ravantivirus.com/scan/
    http://www.windowsecurity.com/trojanscan/
    http://www.bitdefender.com/scan/licence.php

    After all the above has been performed come back and give me the results and post a new HJT log attachment. But this time follow directions and shutdown unnecessary applications. You had Ad-aware running, Internet Explorer, Steam, AIM, MSN Messenger, etc They should not be running when you perform a scan and it is critical to not have Internet Explorer running when items are fixes with HJT.
     
    chaslang, Aug 24, 2004
    #6
  7. rehabb

    rehabb Private E-2

    here is what i got i cant do the windows update it wont let me bad cd key or something
     

    Attached Files:

    • b1.txt
      File size:
      3.3 KB
      Views:
      1
    • b2.txt
      File size:
      4.2 KB
      Views:
      1
    rehabb, Aug 25, 2004
    #7
  8. rehabb

    rehabb Private E-2

    here it wont let me attach so here sorry

    Edit by chaslang: JUST GIVE THE FILENAME ON YOUR PC A DIFFERENT NAME NEXT TIME.
     

    Attached Files:

    Last edited by a moderator: Aug 25, 2004
    rehabb, Aug 25, 2004
    #8
  9. rehabb

    rehabb Private E-2

    Scan started at 8/25/2004 12:15:06 AM

    Scanning memory...
    process://C:\WINDOWS\System32\kgskgfdm.exe - TrojanDownloader:Win32/Agent.AE -> Infected
    Scanning boot sectors...
    Scanning files...
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\K5GFCROB\loader[1].exe - Trojan:Win32/SecondThought.Q -> Infected
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SL4VO7WZ\WebRecomendada[1].cab->WebRecomendada.dll - Tool:pornDialer.DE -> Infected
    C:\Documents and Settings\Jimmy\Local Settings\Temp\F3F29.tmp->24odhr0b.exe - TrojanDropper:Win32/Small.GT -> Suspicious
    C:\Program Files\System\Misc\90ae34.exe - TrojanDropper:Win32/Small.GT -> Suspicious
    C:\Program Files\WindUpdates\Comm.dll - TrojanDownloader:Win32/Winupdt.A -> Infected
    C:\Program Files\WindUpdates\WinKA.exe - Trojan:Win32/KeepAlive.A -> Infected
    C:\WINDOWS\Downloaded Program Files\WebRecomendada.dll - Tool:pornDialer.DE -> Infected
    C:\WINDOWS\system32\ATPartners.dll - TrojanDownloader:Win32/Rameh.C -> Infected
    C:\WINDOWS\system32\biU.exe - PWS:Win32/Bispy -> Infected
    C:\WINDOWS\system32\ms.exe - TrojanDownloader:Win32/VB.CW -> Infected

    Scanned
    ============================
    Objects: 37232
    Directories: 2314
    Archives: 727
    Size(Kb): -446367
    Infected files: 9

    Found
    ============================
    Viruses found: 8
    Suspicious files: 2
    Disinfected files: 0
    Mail files: 50
     
    rehabb, Aug 25, 2004
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It would be easier for me if you would have said which log is for which scan.

    What are the b1.txt and b2.txt from?
    What is the inline log from in your last message?

    I gave you three items to run. You only gave two logs. Where is the third log?

    You still did not answer my question about running CWShredder? And even if you did run it, run it again after booting in safe mode (make sure you click fix not scan). Tell me if it finds anything.

    Seems like you have a load of viruses and trojans and they are not getting fixed by the scans. Also this looks to be a multi user PC. You are going to have to cleanup each user account. You appear to have Norton Antivirus. Are your virus definitions up to date? Have you run full scans on each user account (including Administrator)? You also need to run the Norton virus scan after booting in safe mode.

    Download and run both of the below too. Run them in safe mode. Tell me if they find anything.

    avast! Virus Cleaner Tool: http://www.majorgeeks.com/download4188.html
    McAfee Avert Stinger: http://www.majorgeeks.com/download4063.html
     
    chaslang, Aug 25, 2004
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds