Home / Software / Computer viruses and spyware / Antivirus System Pro = evil
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] - (Bottom) Print
Author Topic: Antivirus System Pro = evil  (Read 614 times)
Griz
Topic Starter
Starter



Posts: 3
« on: November 07, 2009, 06:13:40 PM »
I could use some help getting rid of this and what ever else the logs show.

[Saving space, attachment deleted by admin]
IP logged
ankur16
Rookie



Thanked: 5
Posts: 31
« Reply #1 on: November 07, 2009, 10:22:05 PM »
1) Have "HijackThis" fix the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and close"HijackThis".Please close any open programs before doing this fix.


Quote
O1 - Hosts: 91.212.127.227 winwarepro.microsoft.com
O1 - Hosts: 91.212.127.227 winwarepro.com
O1 - Hosts: 91.212.127.227 www.winwarepro.com
O2 - BHO: (no name) - {a826543a-f73f-4a65-9989-40f3c0463448} - sivotumo.dll (file missing)
O2 - BHO: BHO - {B6D223F6-C185-49a2-BA7E-A03E84744702} - C:\WINDOWS\system32\iehelper.dll
O4 - HKLM\..\Run: [readericon] "C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [tvhsguni] "C:\Documents and Settings\Owner.BKNY.000\Local Settings\Application Data\otedle\uimksysguard.exe"
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [tvhsguni] "C:\Documents and Settings\Owner.BKNY.000\Local Settings\Application Data\otedle\uimksysguard.exe"
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O21 - SSODL: vufagavaw - {52f0b50b-f3c9-44f4-8f81-0f77fc1e836d} - c:\windows\system32\hesowuza.dll (file missing)
O21 - SSODL: momekijow - {c465c337-baef-4ef5-8443-27c34996e5c1} - c:\windows\system32\hesowuza.dll (file missing)
O21 - SSODL: widosedaw - {a94785d7-e1b1-42b9-a011-c632aa77edf2} - c:\windows\system32\hesowuza.dll (file missing)
O21 - SSODL: wokisemim - {6934f180-454b-4c9a-bb21-75b5332e9547} - c:\windows\system32\hesowuza.dll (file missing)
O21 - SSODL: sumumumal - {0de47eed-8590-4834-878d-53af0351440d} - c:\windows\system32\hesowuza.dll (file missing)
O21 - SSODL: goveguwev - {c73abe6a-2696-4c0f-9fb5-ebb6d25f7e52} - c:\windows\system32\wikufalu.dll (file missing)
O21 - SSODL: pibiyalad - {0aa43c82-e118-4d41-a4a8-76e03633cebc} - c:\windows\system32\wikufalu.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {52f0b50b-f3c9-44f4-8f81-0f77fc1e836d} - c:\windows\system32\hesowuza.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {c465c337-baef-4ef5-8443-27c34996e5c1} - c:\windows\system32\hesowuza.dll (file missing)
O22 - SharedTaskScheduler: gahurihor - {a94785d7-e1b1-42b9-a011-c632aa77edf2} - c:\windows\system32\hesowuza.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {6934f180-454b-4c9a-bb21-75b5332e9547} - c:\windows\system32\hesowuza.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {0de47eed-8590-4834-878d-53af0351440d} - c:\windows\system32\hesowuza.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {c73abe6a-2696-4c0f-9fb5-ebb6d25f7e52} - c:\windows\system32\wikufalu.dll (file missing)
O22 - SharedTaskScheduler: gahurihor - {0aa43c82-e118-4d41-a4a8-76e03633cebc} - c:\windows\system32\wikufalu.dll (file missing)




2) Please download the program HostsXpert

Unzip HostsXpert.zip

It will create a folder named HostsXpert in whatever folder you extract it to.
Run HostsXpert.exe by double clicking on it.
Click the Make Writeable? button.
Click Restore Microsoft's Hosts File and then click OK.
Click the X to exit the program

Please copy and paste a new Hijackthis log taken after running HostsXpert in your reply




3) Next download RootRepeal.rar and unzip it to your Desktop. You'll need WinRAR to extract it

    * Double click RootRepeal.exe to start the program
    * Click on the Report tab at the bottom of the program window
    * Click the Scan button
    * In the Select Scan dialog, check:
          o Drivers
          o Files
          o Processes
          o SSDT
          o Stealth Objects
          o Hidden Services
    * Click the OK button
    * In the next dialog, select all drives showing
    * Click OK to start the scan
 

The scan can take some time. DO NOT run any other programs while the scan is running
*  When the scan is complete, the Save Report button will become available
 * Click this and save the report to your Desktop as RootRepeal.txt
 * Go to File, then Exit to close the program
*Attach this log in your next  post.

4) Download DDS by sUBs to your desktop.
Your antivirus software might question the file. If it does, allow it.

    * Double click DDS.scr to run it and wait for the scan to finish
    * When finished DDS.txt will open
    * A small while later, a prompt will open. Answer Yes
    * DDS will continue scanning
    * When done, Attach.txt will open

Copy and paste the DDS.txt and attach Attach.txt
IP logged
Griz
Topic Starter
Starter



Posts: 3
« Reply #2 on: November 08, 2009, 12:07:21 PM »
HJT Log after HostsXpert was run

[Saving space, attachment deleted by admin]
IP logged
Griz
Topic Starter
Starter



Posts: 3
« Reply #3 on: November 08, 2009, 01:46:14 PM »
Rootrepeal Log

[Saving space, attachment deleted by admin]
IP logged
ankur16
Rookie



Thanked: 5
Posts: 31
« Reply #4 on: November 11, 2009, 06:33:11 AM »
Griz, where are the other logs?Please include  DDS.txt and attach.txt as well.
IP logged
Pages: [1] - (Top) Print 
Home / Software / Computer viruses and spyware / Antivirus System Pro = evil « previous next »
 


Login with username, password and session length

Old Forum Search | Forum Rules
Copyright © 2010 Computer Hope ® All rights reserved.
Powered by SMF 2.0 RC3 | SMF © 2006–2010, Simple Machines LLC
Page created in 0.087 seconds with 20 queries.