Hi,
I am helping a friend fix his machine which has become infected. He has a Dell Optiplex 320 desktop running Windows XP SP2. Pentium 3.4 GHz, 992 MB of RAM.
He has AVG 8.5 installed (upgraded from 7.5 since infection) and it's warning him of multiple threats.
Infections:
File: C:\DOCUME~1\Jim\LOCALS~1\Temp\2803954110.exe
Trojan horse Downloader.Generic8.AIJE "Moved to Virus Vault"
Warnings:
FILE: HKU\S-1-5-21-3311905349-2035659520-1787606364-1005\Software\Microsoft\Windows\CurrentVersion\Run\\Diagnostic Manager
INFECTION: "Found registry key with reference to infected file C:\DOCUME~1\Jim\LOCALS~1\Temp\2803954110.exe"
RESULT: "Moved to Virus Vault"
Rootkits
File
C:\WINDOWS\system32drivers\ovfsthxlydyqcwl.sys
c:\WINDOWS\system32\lowsec
c:\WINDOWS\system32lowsec\local.ds
c:\WINDOWS\system32\lowsec\user.ds
c:\WINDOWS\system32\ovfsthxaudlykhl.dll
c:\WINDOWS\system32\ovfsthxndxvfcad.dat
c:\WINDOWS\system32\ovfsthxpqfddong.dll
c:\WINDOWS\system32\ovfsthxsruyxpye.dll
c:\WINDOWS\system32\ovfsthxvqlsxgkc.dat
c:\WINDOWS\system32\sdra64.exe
AVG also said Multiple Threat Detection:
Process Name: C:\Windows\system32\scvhost.exe
Process ID: 1276
File:
212.117.188.102/~i571/winglsetup.exe
212.117.188.102/~i571/imppcsetup.exe
Trojan horse SHeur2.ADDA
Trojan horse SHeur2.ADCY
I have read "Read This Before Requesting Malware Help" and have included the requested logs. The problems seemed to begin as a result of visiting web pages but who knows? Anyway, I really appreciate any help or suggestions you might have. Thank you very much.
Regards,
WJKIV
[attachment deleted by admin]