a virus?, help please.. |
 May 23 2005, 08:24 PM
Post
#1
|
|
 ˇvá-monos!  Group: Member Posts: 58 Joined: May 2005 Member No: 138,712  |
umm..i dont know what happened to my computer, but all of the sudden when i turned it on..it gives me a black desktop wallpaper that says..
"WARNING! YOU'RE IN DANGER! ALL YOU DO WITH COMPUTER IS STORED FOREVER IN YOUR HARD DISK. WHEN YOU VISIT SITES, SEND EMAILS... ALL YOUR ACTIONS ARE LOGGED. AND IT IS IMPOSSIBLE TO REMOVE THEM WITH STANDARD TOOLS. YOUR DATA IS STILL AVAILABLE FOR FORENSICS. AND IN SOME CASES FOR YOUR BOSS, YOUR FRIENDS, YOUR WIFE, YOUR CHILDREN. Every site you or somebody or even something, like spyware, opened in your browser, with all images, and all downloaded and maybe later removed movies or mp3 songs - ARE STILL THERE and could broke your life! SECURE YOURSELF RIGHT NOW! REMOVE ALL SPYWARE FROM YOUR PC! Removal instructions " and i didnt type that..they allow you to hi-light it..i think they want me to download some crap..and its allowing a lot of pop ups..please help..i dont have many virus protection programs.. 
|
|
|
|
 |
Replies
|
May 24 2005, 10:01 PM
Post
#2
|
|
|
ˇvá-monos! Group: Member Posts: 58 Joined: May 2005 Member No: 138,712 |
Logfile of HijackThis v1.99.1
Scan saved at 9:47:31 PM, on 5/24/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000) Running processes: C:\WINNT\101\System32\smss.exe C:\WINNT\101\system32\winlogon.exe C:\WINNT\101\system32\services.exe C:\WINNT\101\system32\lsass.exe C:\WINNT\101\system32\svchost.exe C:\WINNT\101\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINNT\101\system32\svchost.exe C:\WINNT\101\system32\regsvc.exe C:\WINNT\101\system32\MSTask.exe C:\WINNT\101\System32\WBEM\WinMgmt.exe C:\WINNT\101\system32\svchost.exe C:\WINNT\101\Explorer.EXE C:\WINNT\101\system32\hphmon03.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Broderbund\Mavis Beacon Teaches Typing Deluxe 15\minimavis.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\OpenOffice.org1.1.3\program\soffice.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINNT\101\system32\HPHipm09.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Win20021\Desktop\HijackThis.exe O4 - HKLM\..\Run: [HPHmon03] C:\WINNT\101\system32\hphmon03.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - Startup: OpenOffice.org 1.1.3.lnk = C:\Program Files\OpenOffice.org1.1.3\program\quickstart.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Personal Coach.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing Deluxe 15\minimavis.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing) O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\101\System32\dmadmin.exe O23 - Service: ewido security suite control - Unknown owner - C:\Documents and Settings\Win20021\Desktop\Ewido\security suite\ewidoctrl.exe (file missing) O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Documents and Settings\Win20021\Desktop\navapsvc.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\101\system32\nvsvc32.exe O23 - Service: Pml Driver - HP - C:\WINNT\101\system32\HPHipm09.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe haha ok..but i THINK im clean..  
|
|
|
|
Posts in this topic
Insecure Emotions a virus? May 23 2005, 08:24 PM
dispn0ygonekrazy alright umm first tell me its your desktop that se... May 23 2005, 08:32 PM dispn0ygonekrazy oops srry for double post does your popups either ... May 23 2005, 08:32 PM Insecure Emotions no..it says something about we will download in 60... May 23 2005, 08:37 PM dispn0ygonekrazy naw im here to help you and ill try to get your pc... May 23 2005, 08:39 PM Insecure Emotions its blue when you start up and then turn to the bl... May 23 2005, 08:41 PM dispn0ygonekrazy alright i believe you have the Backdoor.IRC.Aladin... May 23 2005, 08:43 PM Insecure Emotions no..i dont have any..but i tried downloading one j... May 23 2005, 08:45 PM dispn0ygonekrazy did this just occurr awhile ago/? May 23 2005, 08:46 PM Insecure Emotions well..i used it on saturday..and now its monday..i... May 23 2005, 08:47 PM dispn0ygonekrazy alright i have a couple of programs you will need ... May 23 2005, 09:13 PM Insecure Emotions thank you soo much..but can i work on this tomorro... May 23 2005, 11:02 PM dispn0ygonekrazy sure glad to be of help so far when your on we... May 23 2005, 11:05 PM Insecure Emotions well..im back now..and you can help me whenever..y... May 24 2005, 06:41 PM dispn0ygonekrazy alright good i can help you now knowing your Troja... May 24 2005, 06:51 PM Insecure Emotions Logfile of HijackThis v1.99.1
Scan saved at 6:50:5... May 24 2005, 07:04 PM dispn0ygonekrazy hmm you have quite a big load of viruses and troja... May 24 2005, 07:18 PM Insecure Emotions umm im not done but..i have a question..
* Open ... May 24 2005, 07:47 PM dispn0ygonekrazy if you cant do that then copy and paste each one i... May 24 2005, 08:00 PM Insecure Emotions ok..i did that..but what is this supposed to do?
... May 24 2005, 08:32 PM dispn0ygonekrazy it suppose to restore some registry files that may... May 24 2005, 08:39 PM Insecure Emotions alright! thanks for everything..but is it stil... May 24 2005, 08:57 PM dispn0ygonekrazy all right please post a new HJT log so i can see w... May 24 2005, 08:58 PM dispn0ygonekrazy srry for the double repost but run EWIDO the progr... May 24 2005, 09:06 PM Insecure Emotions heres the hijack this log..
Logfile of HijackThi... May 24 2005, 09:26 PM dispn0ygonekrazy all right lets wait for the EWIDO first and then m... May 24 2005, 09:37 PM Insecure Emotions thank you soo much! for helping me with this v... May 24 2005, 09:48 PM dispn0ygonekrazy wait wait so your clean now then right? hows your ... May 24 2005, 09:49 PM Insecure Emotions yes! im cleeaann!!! *squeakk!... May 24 2005, 09:53 PM dispn0ygonekrazy well one last request just to make sure your syste... May 24 2005, 09:53 PM dispn0ygonekrazy Congradulations Insecure Emotions Your log is clea... May 24 2005, 10:06 PM
Insecure Emotions thank you thank you thank you again!! May 24 2005, 10:49 PM |
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members: