Author Topic: Computer Virus Help (Read 4387 times)

tberg224 · « **on:** December 21, 2007, 04:07:59 PM »

Hi,
My computer once again is acting like it has a big problem. I have noticed when I start windows, and run just about any programt anytime, the system is slower. Online browsing is delayed, and often has crashes.

I.
I have tried to resolve this problem by

1) Running evilfantasy's guide of
-CCleaner
-SAS
-ESET Online
-Java
-HiJack this

2) I tried to as well run
-Symnatec Anti-Virus
-Ad-Aware
-Spybot Search and Destroy
-eWido

II.
However, there are some problems.
1) Symnatec shows the same viruses nightly.
2) Ad aware no longer works, it keeps freezing.
3) Spybot search and destroy shows no problems in contrast to AVG spware.
4) eWido says errors.
5) All of these were run BEFORE evilfantasy's guide

III.
I wanted to know why these problems are occuring.
1) What is wrong with my computer.
2) Why symnatec shows the same viruses, why Ad adware is not working, why eWido is not working, and Spybot not deteching.
3) If I should drop, remove, or redo some programs and simply keep ONLY what evilfantasyguide says to use.
4) I have posted all logs, they would not attach.
5) I did delete windows defender, which was on my add/remove programs (is that a bad program?)
-I also notice PURE NETWORKS PORT MAGIC.
-Should I delete this?
6) I also have combo fix and fsbl if anything needs help in those areas.

Thanks!

tberg224 · « **Reply #1 on:** December 21, 2007, 04:08:41 PM »

SAS Log
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/21/2007 at 04:29 PM

Application Version : 3.9.1008

Core Rules Database Version : 3365
Trace Rules Database Version: 1364

Scan type : Complete Scan
Total Scan Time : 01:12:04

Memory items scanned : 395
Memory threats detected : 0
Registry items scanned : 5326
Registry threats detected : 1
File items scanned : 38722
File threats detected : 28

Adware.Tracking Cookie
   C:\Documents and Settings\Trent Berger\Cookies\trent_berger@tribalfusion[2].txt
   C:\Documents and Settings\Trent Berger\Cookies\[email protected][1].txt
   C:\Documents and Settings\Trent Berger\Cookies\trent_berger@specificclick[1].txt
   C:\Documents and Settings\Trent Berger\Cookies\trent_berger@2o7[1].txt
   C:\Documents and Settings\Trent Berger\Cookies\trent_berger@revsci[1].txt
   C:\Documents and Settings\Trent Berger\Cookies\trent_berger@nextag[1].txt
   C:\Documents and Settings\Trent Berger\Cookies\trent_berger@atwola[1].txt
   C:\Documents and Settings\Trent Berger\Cookies\[email protected][1].txt
   C:\Documents and Settings\All Family\Cookies\all [email protected][1].txt
   C:\Documents and Settings\All Family\Cookies\all [email protected][2].txt
   C:\Documents and Settings\All Family\Cookies\all family@belnk[1].txt
   C:\Documents and Settings\All Family\Cookies\all [email protected][1].txt
   C:\Documents and Settings\All Family\Cookies\all [email protected][2].txt
   C:\Documents and Settings\All Family\Cookies\all [email protected][1].txt
   C:\Documents and Settings\All Family\Cookies\all family@nextag[2].txt
   C:\Documents and Settings\All Family\Cookies\all family@partner2profit[2].txt
   C:\Documents and Settings\All Family\Cookies\[email protected][1].txt
   C:\Documents and Settings\All Family\Cookies\all_family@atwola[1].txt
   C:\Documents and Settings\Trent Berger\Cookies\[email protected][1].txt

Adware.MyWay
   C:\Program Files\MyWay\SrchAstt\1.bin\PARTNER.DAT
   C:\Program Files\MyWay\SrchAstt\1.bin
   C:\Program Files\MyWay\SrchAstt\Cache\00048C7D
   C:\Program Files\MyWay\SrchAstt\Cache\0006A441
   C:\Program Files\MyWay\SrchAstt\Cache\0074A62E
   C:\Program Files\MyWay\SrchAstt\Cache\files.ini
   C:\Program Files\MyWay\SrchAstt\Cache
   C:\Program Files\MyWay\SrchAstt
   C:\Program Files\MyWay

Trojan.WinAntiSpyware 2007
   HKU\S-1-5-21-484763869-630328440-725345543-1003\Software\WinAntiSpyware 2007

tberg224 · « **Reply #2 on:** December 21, 2007, 04:09:18 PM »

ESET Log
# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2741 (20071221)
# vers_arch_module=1.059 (20071108)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=6df5535ff4342e45bc0ad7ecdcc9370f
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2007-12-21 10:51:40
# local_time=2007-12-21 05:51:40 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=147690
# found=3
# scan_time=2449
C:\AOL Instant Messenger\AIM.exe   Win32/Adware.WBug.A application (deleted)   00000000000000000000000000000000
C:\AOL Instant Messenger\AIM.exe »WISE »WxBug.EXE   Win32/Adware.WBug.A application (error while deleting - operation unavailable for this type of object - was a part of the deleted object)   00000000000000000000000000000000
C:\AOL Instant Messenger\AIM.exe »WISE »WxBug.EXE »WISE »MiniBugTransporter.dll   Win32/Adware.WBug.A application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object)   00000000000000000000000000000000

tberg224 · « **Reply #3 on:** December 21, 2007, 04:09:56 PM »

Hi Jack This Log
Logfile of HijackThis v1.99.1
Scan saved at 5:58:59 PM, on 12/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1154149194\ee\AOLSoftware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Documents and Settings\Trent Berger\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://dell.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154149194\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Broni · « **Reply #4 on:** December 21, 2007, 06:29:25 PM »

Your HJT log is fairly clean...

1. Print this post out, since you won't have an access to it, at some point.

2. Close all windows, except for HijackThis.

3. Put a checkmark next to the following HijackThis entries:

- O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)

- O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)

- O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)

4. Click on "Fix checked" button.

------------------------------------------------------------------------------------

Quote

Symnatec shows the same viruses nightly.

Can you write the names down, and post them back here?

We also need your computer specs...
- processor speed
- hard drive size/how much free space
- how much RAM?

tberg224 · « **Reply #5 on:** December 21, 2007, 09:25:03 PM »

1) I ran a scan of symnatec.
It came up with TWO different viruses this time.

They are:

Jvmusafe.jar-6ba32b3f-74e517da.zip
Status: Still contains one infected item
Action taken: Quarantined

Scan type: Manual Scan
Event: Threat Found!
Threat: Downloader
File: C:\Documents and Settings\Trent Berger\.jpi_cache\jar\1.0\jvmusafe.jar-6ba32b3f-74e517da.zip>>vmain.class
Location: Quarantine
Computer: TRENT-31A63E0D1
User: Trent Berger
Action taken: Quarantine succeeded
Date found: Friday, December 21, 2007 10:37:42 PM

-Are these now taken care of or is there more I have to do?

2) How do I find out the computer specs
-Processor Speed
-Hardrive/Free Space
-Ram

3) What should I do about
-Ad Aware
-Spybot
-eWido
-AVG

-Should I delete and just use SAS, ESET?

Thanks!

Broni · « **Reply #6 on:** December 21, 2007, 09:48:49 PM »

1. Two messages from Symantec are about ONE file: Jvmusafe.jar-6ba32b3f-74e517da.zip
It was taken care of (Quarantined), so you're done.

2. Get BgInfo: http://technet.microsoft.com/en-us/sysinternals/bb897557.aspx

3. You may have only ONE firewall, and ONE antivirus, and this is exactly what you have: Norton, in both cases.
As for other antimalware programs (Spybot, Ad-aware, etc.), and on-line antivirus scanners, you may have as many, as you want.

tberg224 · « **Reply #7 on:** December 22, 2007, 06:05:29 PM »

I downloaded it.
Am I fine then?

Broni · « **Reply #8 on:** December 22, 2007, 07:23:06 PM »

Your computer is clean. How is it now? Faster? Crashes?

Computer Hope Forum

News:

Author Topic: Computer Virus Help (Read 4387 times)

tberg224

Computer Virus Help

tberg224

Re: Computer Virus Help

tberg224

Re: Computer Virus Help

tberg224

Re: Computer Virus Help

Broni

Re: Computer Virus Help

tberg224

Re: Computer Virus Help

Broni

Re: Computer Virus Help

tberg224

Re: Computer Virus Help

Broni

Re: Computer Virus Help