Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: 271 threats detected  (Read 5128 times)

0 Members and 1 Guest are viewing this topic.

Drin

  • Guest
271 threats detected
« on: August 15, 2007, 11:42:53 PM »
Hey folks, my computer has been basically unusable for many months due to lots of viruses and trojans on it...and I finally decided it was time to clean up this mess. I'm running windows xp, with AVG free edition and super anti-spyware, along with various other generic virus scans here and there. Super anti-spyware found 271 threats when I was in safe mode, and I deleted / quarantined them all only to find many are coming back right when I start up. And doing the virus scans while not in safe mode doesn't work, as they take literally 20 hours to complete the scan, where the viruses just close the results automatically and I can't do anything.

Also my computer takes a good 30 mins to 2 hours to boot up, making getting into safe mode more of a chore than I would like. I've pretty much given up hope on this computer but if you guys could possibly help at all, that would be awesome.  Also I'm not really a computer expert so I don't know how to even reformat my computer. Could anyone explain how to do that if worse comes to worse and I decide to just start from scratch?

Thanks

JXY



    Hopeful
  • Thanked: 1
    Re: 271 threats detected
    « Reply #1 on: August 16, 2007, 01:39:32 AM »
    hmm...slightly more info about your pc would be helpful.
    what version of windows xp are you running? home? pro? media centre?
    what service pack is it?
    Give a man a fish, and you feed him for a day

    Teach a man to fish, and you feed him for a lifetime

    Drin

    • Guest
    Re: 271 threats detected
    « Reply #2 on: August 16, 2007, 02:54:56 AM »
    It's windows xp home edition, and I'm not sure what service pack (not a comp genius, don't know what you mean by service pack. This comp was given to me)


    CBMatt

    • Mod & Malware Specialist


    • Prodigy

    • Sad and lonely...and loving every minute of it.
    • Thanked: 167
      • Yes
    • Experience: Experienced
    • OS: Windows 7
    Re: 271 threats detected
    « Reply #3 on: August 16, 2007, 06:25:41 AM »
    Posting a HijackThis log would make it a bit easier to help you.  Things are sounding pretty bad right now, though, so we can't make any promises.

    Just in case a reformat will be necessary...what CD's do you have for that computer?
    Quote
    An undefined problem has an infinite number of solutions.
    由obert A. Humphrey

    JXY



      Hopeful
    • Thanked: 1
      Re: 271 threats detected
      « Reply #4 on: August 19, 2007, 03:31:40 AM »
      start menu > run > type winver and it should tell you info about your system

      if that doesn't help. open my computer, right click, properties, and should tell you your sp.
      Give a man a fish, and you feed him for a day

      Teach a man to fish, and you feed him for a lifetime

      Drin

      • Guest
      Re: 271 threats detected
      « Reply #5 on: August 19, 2007, 08:32:55 AM »
      Hey I'm back, been keeping my computer offline to make sure nothing else gets in, and it seems with a little bit of help from hijack this I've been able to clear mostly everything. I still can't find a reason why my computer takes so long to boot up though, it's gotten slightly better but some days it literally will take 3 hours or more to start up. Could it be a virus / trojan or something that is causing this? Or more of a hardware problem? I've been monitoring my computer closely these past few days and Superantispyware / AVG haven't found anything popping up, and no suspicious activity at all so the booting up problem is baffling me.

      And CBMatt, by CD's for my computer do you mean the CD's to reformat? I've never done a reformat so I don't have the slightest clue of the specifics of it, but people keep telling me you need a CD to reformat the computer, and since this computer was given to me I do not have that CD.

      patio

      • Moderator


      • Genius
      • Maud' Dib
      • Thanked: 1705
        • Yes
      • Experience: Beginner
      • OS: Windows 7
      Re: 271 threats detected
      « Reply #6 on: August 19, 2007, 08:44:17 AM »
      You should have posted the log here for assistance...cleaning things on your own can render a machine un-bootable...
         
       
      " Anyone who goes to a psychiatrist should have his head examined. "

      Drin

      • Guest
      Re: 271 threats detected
      « Reply #7 on: August 19, 2007, 09:00:10 AM »
      No it's not that I screwed anything up cleaning it, AVG / Superantispyware cleaned most of the stuff up, I just had a friend who's good with Hijackthis go in and kill the ressurection files. The last time this computer was used was in March where apparently it just froze up and stopped working, and it wouldn't boot up. So yeah, don't worry about that I didn't mess the computer up by cleaning it on my own. If you guys would still like a hijackthis log I'd be happy to post it, since I'm sure there's probably some stuff still lurking around.

      CBMatt

      • Mod & Malware Specialist


      • Prodigy

      • Sad and lonely...and loving every minute of it.
      • Thanked: 167
        • Yes
      • Experience: Experienced
      • OS: Windows 7
      Re: 271 threats detected
      « Reply #8 on: August 19, 2007, 04:30:03 PM »
      And CBMatt, by CD's for my computer do you mean the CD's to reformat? I've never done a reformat so I don't have the slightest clue of the specifics of it, but people keep telling me you need a CD to reformat the computer, and since this computer was given to me I do not have that CD.
      Yes, that's exactly what I mean.  It's possible to reformat a computer without CD's, but I've never done it, so I don't think I'm the best person to ask.  And I'm not even sure if that would help because it could be a hardware problem (quite likely if Safe Mode also gives you problems).

      Out of curiosity, go ahead and post a HijackThis log and I'll see if there's anything else that should be removed.
      Quote
      An undefined problem has an infinite number of solutions.
      由obert A. Humphrey

      Drin

      • Guest
      Re: 271 threats detected
      « Reply #9 on: August 24, 2007, 06:49:11 AM »
      Hey, it seems something was overlooked because some of the viruses and what not seem to be back. When I went online to post the hijack this log a day after my last post, my computer was bogged down again and I could tell there was stuff running in the background. I also noticed something changed the date / year on my computer to 2107 which seemed really random. Anyway, I haven't been able to find what's causing this but I figured I'd risk going online to post that hijack this log.

      Logfile of HijackThis v1.99.1
      Scan saved at 5:40:55 AM, on 8/6/2007
      Platform: Windows XP SP1 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\QuickTime\qttask.exe
      F:\AVG Anti-Spyware 7.5\guard.exe
      C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
      C:\WINDOWS\System32\tcpsvcs.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\WINDOWS\system32\pctspk.exe
      C:\WINDOWS\System32\snmp.exe
      C:\Program Files\Windows Media Player\wmplayer.exe
      C:\WINDOWS\system32\divxsm.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\explorer.exe
      F:\MY stuff\VR.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R3 - Default URLSearchHook is missing
      F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe,aeyohdy.exe
      O2 - BHO: Shell Event Object Class - {00534B55-3155-CA4F-B41D-0E922121D03C} - C:\WINDOWS\System32\cscentfy.dll (file missing)
      O2 - BHO: Acrobat Helper - {06846E6F-C8D7-4D56-B87D-784B7D6BE083} - C:\WINDOWS\system\ctlsdlg.dll__SpybotSDDisabled (file missing)
      O2 - BHO: (no name) - {822D8AB0-812D-4E59-9A86-E58CBE0B9512} - C:\WINDOWS\System32\ponai.dll__SpybotSDDisabled (file missing)
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
      O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
      O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
      O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
      O4 - HKLM\..\Run: [a-squared] "F:\MY stuff\a-squared Anti-Malware\a2guard.exe"
      O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
      O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
      O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
      O4 - HKLM\..\Run: [eanth_critical_update_alert] C:\PROGRA~1\ACCELE~1\ANTI-V~1\EANTH_~1.EXE /Startup
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [ZoneAlarm Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
      O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
      O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
      O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
      O12 - Plugin for .tga: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
      O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - F:\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: W2k PCtel speaker phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

      Oh and one last question that I've been wondering about, when I ran the original virus scans it found svehost.exe to be a virus, and I know svchost in itself is a system process, but is it normal to have 4 svchosts running at the same time? Cause my task manager says theres 4 running at all times and I thought that was weird

      Carbon Dudeoxide

      • Global Moderator

      • Mastermind
      • Thanked: 168
        • Yes
        • Yes
        • Yes
      • Certifications: List
      • Experience: Guru
      • OS: Mac OS
      Re: 271 threats detected
      « Reply #10 on: August 24, 2007, 07:02:04 AM »
      Quote
      Oh and one last question that I've been wondering about, when I ran the original virus scans it found svehost.exe to be a virus, and I know svchost in itself is a system process, but is it normal to have 4 svchosts running at the same time? Cause my task manager says theres 4 running at all times and I thought that was weird
      I have quite a few svchost.exe's running as well.
      You should consider the fact the a virus can be named anything, including svchost.

      If your antivirus picked it up as a virus, it could be one, although i'm not sure.

      And one last thing, i'm not a pro at Hijackthis so wait for someone else to analyze it  ;)

      CBMatt

      • Mod & Malware Specialist


      • Prodigy

      • Sad and lonely...and loving every minute of it.
      • Thanked: 167
        • Yes
      • Experience: Experienced
      • OS: Windows 7
      Re: 271 threats detected
      « Reply #11 on: August 24, 2007, 09:24:50 PM »
      I see that you have a lot of protection software.  Ample protection is a good thing, but you need to be careful.  Make sure you don't run all of these programs at once, as that may cause problems with scanning, detecting, and cleaning malware.  If you have more than one anti-virus running, they'll "fight" over which program takes precedence.  This can cause many errors and may result in infected files going unnoticed.  So, you should pick the anti-virus you want to keep (I suggest AVG Free) and just get rid of the rest.  As for anti-spyware...you should disable AVG Anti-Spyware (not the same as AVG Free) and keep Spybot as your active scanner, because AVG AS doesn't have a live scanner unless you pay for it.

      Now, for your log...  Once we start, you won't have access to this post anymore, so I recommend that you print out this post or save it to a Notepad file.  Open HijackThis and scan again.  Check the following entries, but don't do anything to them yet...

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R3 - Default URLSearchHook is missing

      F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe,aeyohdy.exe

      O2 - BHO: Shell Event Object Class - {00534B55-3155-CA4F-B41D-0E922121D03C} - C:\WINDOWS\System32\cscentfy.dll (file missing)
      O2 - BHO: Acrobat Helper - {06846E6F-C8D7-4D56-B87D-784B7D6BE083} - C:\WINDOWS\system\ctlsdlg.dll__SpybotSDDisabled (file missing)
      O2 - BHO: (no name) - {822D8AB0-812D-4E59-9A86-E58CBE0B9512} - C:\WINDOWS\System32\ponai.dll__SpybotSDDisabled (file missing)

      O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
      O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
      O4 - HKLM\..\Run: [eanth_critical_update_alert] C:\PROGRA~1\ACCELE~1\ANTI-V~1\EANTH_~1.EXE /Startup


      Now, close all windows (including this one) besides HijackThis, then click Fix Checked.  Close HijackThis and reboot into Safe Mode and enable hidden files and folders.

      Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following (if present)...

      Stop Sign or Acceleration Software

      Please note any other programs that you dont recognize in that list in your next response.

      Navigate to and delete the following folder(s) if present...

      C:\Program Files\Acceleration Software

      Navigate to and delete the following file(s) if present...

      C:\WINDOWS\system\ctlsdlg.dll
      C:\WINDOWS\System32\aeyohdy.dll
      C:\WINDOWS\System32\cscentfy.dll
      C:\WINDOWS\System32\ponai.dll


      Once you've done all of this, reboot into Normal Mode and post a new HijackThis log so we can see if there's any other junk we need to clean up.  Let me know how everything's running now and if you had any problems following my steps.
      Quote
      An undefined problem has an infinite number of solutions.
      由obert A. Humphrey

      CBMatt

      • Mod & Malware Specialist


      • Prodigy

      • Sad and lonely...and loving every minute of it.
      • Thanked: 167
        • Yes
      • Experience: Experienced
      • OS: Windows 7
      Re: 271 threats detected
      « Reply #12 on: August 24, 2007, 09:28:19 PM »
      Oh and one last question that I've been wondering about, when I ran the original virus scans it found svehost.exe to be a virus, and I know svchost in itself is a system process, but is it normal to have 4 svchosts running at the same time? Cause my task manager says theres 4 running at all times and I thought that was weird

      There's a big difference between svehost and svchost.  Sure, they look similar, but svchost is a vital system process (it's very normal to have 4 instances) and svehost is a commonly-known infection.  If your anti-virus hasn't deleted C:\WINDOWS\system32\svehost.exe, then you should delete it manually in Safe Mode.
      Quote
      An undefined problem has an infinite number of solutions.
      由obert A. Humphrey

      CBMatt

      • Mod & Malware Specialist


      • Prodigy

      • Sad and lonely...and loving every minute of it.
      • Thanked: 167
        • Yes
      • Experience: Experienced
      • OS: Windows 7
      Re: 271 threats detected
      « Reply #13 on: September 04, 2007, 07:45:00 PM »
      As this issue appears to be resolved, I am closing this topic.  If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

      If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.
      Quote
      An undefined problem has an infinite number of solutions.
      由obert A. Humphrey