Computer Hope

Software => Computer viruses and spyware => Topic started by: The Problem on September 28, 2008, 07:43:29 PM

Title: VIRUS ALERT! Next to time in system tray. Help Please
Post by: The Problem on September 28, 2008, 07:43:29 PM

As said in topic title the first thing I noticed was VIRUS ALERT! Next to time in system tray. Then I noticed that I do not have many of my start menu items such as My Computer, Run, My Documents ect. Here are my logs. I think I almost have it solved.

Code: [Select]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/28/2008 at 08:18 PM

Application Version : 4.21.1004a

Core Rules Database Version : 3581
Trace Rules Database Version: 1569

Scan type       : Complete Scan
Total Scan Time : 02:34:31

Memory items scanned      : 398
Memory threats detected   : 0
Registry items scanned    : 7153
Registry threats detected : 0
File items scanned        : 136160
File threats detected     : 1

Adware.Vundo Variant/Rel
I:\WINDOWS\SYSTEM32\MCRH.TMP

Code: [Select]

Malwarebytes' Anti-Malware 1.24
Database version: 1026
Windows 5.1.2600 Service Pack 2

8:39:53 PM 9/28/2008
mbam-log-9-28-2008 (20-39-53).txt

Scan type: Quick Scan
Objects scanned: 41244
Time elapsed: 6 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 15
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55274-640-5989533-23289) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (h:mm:ss tt) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
I:\WINDOWS\system32\lmirvdqp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\pqdvriml.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\WINDOWS\emrg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\WINDOWS\Temp\cd1fe456-eae2-43a4-b0c1-20bafd75f6a4.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.


Code: [Select]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:55: VIRUS ALERT!, on 9/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Windows Defender\MsMpEng.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Winamp\winampa.exe
I:\Documents and Settings\[name]\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
I:\Program Files\WinZip\WZQKPICK.EXE
I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
I:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
i:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
i:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
I:\Program Files\McAfee\VirusScan\McShield.exe
I:\Program Files\McAfee\MPF\MPFSrv.exe
I:\PROGRA~1\AVG\AVG8\avgam.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\WINDOWS\system32\svchost.exe
I:\PROGRA~1\AVG\AVG8\avgrsx.exe
I:\PROGRA~1\AVG\AVG8\avgnsx.exe
i:\PROGRA~1\mcafee.com\agent\mcagent.exe
I:\PROGRA~1\AVG\AVG8\avgemc.exe
I:\WINDOWS\system32\wscntfy.exe
I:\WINDOWS\system32\ctfmon.exe
I:\WINDOWS\system32\WgaTray.exe
I:\Program Files\Opera\opera.exe
I:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
I:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
I:\PROGRA~1\MICROS~3\rapimgr.exe
I:\Program Files\Microsoft ActiveSync\wcescomm.exe
I:\Documents and Settings\[name]\Desktop\HiJackThis.exe
I:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
I:\Documents and Settings\[name]\Desktop\sniper.exe

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - I:\Program Files\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [WinampAgent] "I:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] I:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EnGraph QuickTimeKiller] C:\Program Files\EnGraph\QuickTimeKiller\QuickTimeKiller.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "I:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Google Update] "I:\Documents and Settings\[name]\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] I:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "I:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: WinZip Quick Pick.lnk = I:\Program Files\WinZip\WZQKPICK.EXE
O20 - Winlogon Notify: !SASWinLogon - I:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - I:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - I:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - I:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - i:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - I:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - i:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - I:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - I:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - I:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4240 bytes


Title: Re: VIRUS ALERT! Next to time in system tray. Help Please
Post by: evilfantasy on September 28, 2008, 08:04:52 PM

You didn't take the advice about running two antivirus?

Title: Re: VIRUS ALERT! Next to time in system tray. Help Please
Post by: The Problem on September 28, 2008, 08:23:27 PM

McAfee, NOD32, Kasparsky, and AVG.

Title: Re: VIRUS ALERT! Next to time in system tray. Help Please
Post by: evilfantasy on September 28, 2008, 09:21:00 PM

You should only have one antivirus and one firewall installed at any time. If you have two of either installed then uninstall one now before continuing.

If not uninstalled all but one needs to be disabled to where none of the real time protection is running.

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - I:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe


O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - I:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - i:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - I:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - i:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - I:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - I:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - I:\Program Files\McAfee\MPF\MPFSrv.exe