I clicked on a website and up popped norton saying infection etc, C:\WINDOWS\SYSTEM32\howiper.exe unable to repair file etc
It installed some unspypc program and i saw various search tools in my browser
I tried going to trend micro and doing a free scan but it wouldnt let me.Something about you dont have the proper java installed then when i tried installing it, it failed.
I ran ADAWARE spychecking tool and it detected some stuff also, i uninstalled the spy program it installed in add remove programs aswell
Here is my log file from hijack
Logfile of HijackThis v1.99.1
Scan saved at 10:41:34 PM, on 1/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rowland Kelly\My Documents\My Received Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.avault.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127527214203
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127527206187
O17 - HKLM\System\CCS\Services\Tcpip\..\{259F0C78-8BE9-49B7-9345-AA196541FAD3}: NameServer = 85.255.116.169,85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\..\{49923E70-B502-4BC5-A594-9C8A7390B26F}: NameServer = 85.255.116.169,85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F4BB265-7CC7-41A1-A952-86042B736C76}: NameServer = 85.255.116.169,85.255.112.180
O17 - HKLM\System\CS1\Services\Tcpip\..\{259F0C78-8BE9-49B7-9345-AA196541FAD3}: NameServer = 85.255.116.169,85.255.112.180
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
1/10/2006 10:22:39 PM,Auto-Protect,Trojan.Stwoyle,Automatically deleted,File,N/A,N/A,200512210006,11.0.16.2,Rowland Kelly,ROWLAND,Source: C:\WINDOWS\System32\dgprpsetup.exe
1/10/2006 10:22:33 PM,Auto-Protect,Trojan.Adclicker,Automatically deleted,File,N/A,N/A,200512210006,11.0.16.2,Rowland Kelly,ROWLAND,Source: C:\WINDOWS\System32\idemlog.exe
1/10/2006 10:22:31 PM,Auto-Protect,Trojan Horse,Access denied,File,N/A,N/A,200512210006,11.0.16.2,Rowland Kelly,ROWLAND,Source: C:\WINDOWS\System32\howiper.exe
Full Version: Help i got infected by Trojan! :(
Here is what is in my norton report
Norton AntiVirus Quarantine Report
Created: Tuesday, January 10, 2006 10:57:14 PM
------------------------------------------------------------------------------
File Name
Location
Status Size Virus Name
User Name Machine Name Domain
Date Quarantined
Date Submitted
------------------------------------------------------------------------------
sp[1].htm
C:\Documents and Settings\Rowland Kelly\Local Settings\Temporary Internet Files\Content.IE5\W981A705
Backup of an infected file 1.30 KB Bloodhound.Exploit.21
SYSTEM ROWLAND MSHOME
Monday, November 14, 2005 3:31:41 AM
Not submitted
------------------------------------------------------------------------------
count[1].jar
C:\Documents and Settings\Rowland Kelly\Local Settings\Temporary Internet Files\Content.IE5\FJPJRDWW
Backup of an infected file 13.4 KB Trojan.ByteVerify
SYSTEM ROWLAND MSHOME
Monday, November 14, 2005 3:31:41 AM
Not submitted
------------------------------------------------------------------------------
count[1].jar
C:\Documents and Settings\Rowland Kelly\Local Settings\Temporary Internet Files\Content.IE5\CXUNS9UR
Backup of an infected file 13.4 KB Trojan.ByteVerify
SYSTEM ROWLAND MSHOME
Tuesday, November 15, 2005 10:41:47 PM
Not submitted
------------------------------------------------------------------------------
page1[1].htm
C:\Documents and Settings\Rowland Kelly\Local Settings\Temporary Internet Files\Content.IE5\W981A705
Backup of an infected file 3.42 KB Downloader.Psyme
SYSTEM ROWLAND MSHOME
Monday, November 14, 2005 3:31:40 AM
Not submitted
------------------------------------------------------------------------------
idemlog.exe
C:\WINDOWS\System32
Backup of an infected file 107 KB Trojan.Adclicker
SYSTEM ROWLAND MSHOME
Tuesday, January 10, 2006 10:22:33 PM
Not submitted
------------------------------------------------------------------------------
Negrita___Mama_mae'.PIF
Backup of an infected file 69.6 KB W32.Blackmal.C@mm
Rowland Kelly ROWLAND MSHOME
Saturday, October 15, 2005 6:45:43 PM
Not submitted
------------------------------------------------------------------------------
count[1].jar
C:\Documents and Settings\Rowland Kelly\Local Settings\Temporary Internet Files\Content.IE5\4H6NGHUJ
Backup of an infected file 13.4 KB Trojan.ByteVerify
SYSTEM ROWLAND MSHOME
Thursday, October 27, 2005 8:18:45 PM
Not submitted
------------------------------------------------------------------------------
dgprpsetup.exe
C:\WINDOWS\System32
Backup of an infected file 9.67 KB Trojan.Stwoyle
SYSTEM ROWLAND MSHOME
Tuesday, January 10, 2006 10:22:39 PM
Not submitted
Could someone help me out? please
------------------------------------------------------------------------------
Norton AntiVirus Quarantine Report
Created: Tuesday, January 10, 2006 10:57:14 PM
------------------------------------------------------------------------------
File Name
Location
Status Size Virus Name
User Name Machine Name Domain
Date Quarantined
Date Submitted
------------------------------------------------------------------------------
sp[1].htm
C:\Documents and Settings\Rowland Kelly\Local Settings\Temporary Internet Files\Content.IE5\W981A705
Backup of an infected file 1.30 KB Bloodhound.Exploit.21
SYSTEM ROWLAND MSHOME
Monday, November 14, 2005 3:31:41 AM
Not submitted
------------------------------------------------------------------------------
count[1].jar
C:\Documents and Settings\Rowland Kelly\Local Settings\Temporary Internet Files\Content.IE5\FJPJRDWW
Backup of an infected file 13.4 KB Trojan.ByteVerify
SYSTEM ROWLAND MSHOME
Monday, November 14, 2005 3:31:41 AM
Not submitted
------------------------------------------------------------------------------
count[1].jar
C:\Documents and Settings\Rowland Kelly\Local Settings\Temporary Internet Files\Content.IE5\CXUNS9UR
Backup of an infected file 13.4 KB Trojan.ByteVerify
SYSTEM ROWLAND MSHOME
Tuesday, November 15, 2005 10:41:47 PM
Not submitted
------------------------------------------------------------------------------
page1[1].htm
C:\Documents and Settings\Rowland Kelly\Local Settings\Temporary Internet Files\Content.IE5\W981A705
Backup of an infected file 3.42 KB Downloader.Psyme
SYSTEM ROWLAND MSHOME
Monday, November 14, 2005 3:31:40 AM
Not submitted
------------------------------------------------------------------------------
idemlog.exe
C:\WINDOWS\System32
Backup of an infected file 107 KB Trojan.Adclicker
SYSTEM ROWLAND MSHOME
Tuesday, January 10, 2006 10:22:33 PM
Not submitted
------------------------------------------------------------------------------
Negrita___Mama_mae'.PIF
Backup of an infected file 69.6 KB W32.Blackmal.C@mm
Rowland Kelly ROWLAND MSHOME
Saturday, October 15, 2005 6:45:43 PM
Not submitted
------------------------------------------------------------------------------
count[1].jar
C:\Documents and Settings\Rowland Kelly\Local Settings\Temporary Internet Files\Content.IE5\4H6NGHUJ
Backup of an infected file 13.4 KB Trojan.ByteVerify
SYSTEM ROWLAND MSHOME
Thursday, October 27, 2005 8:18:45 PM
Not submitted
------------------------------------------------------------------------------
dgprpsetup.exe
C:\WINDOWS\System32
Backup of an infected file 9.67 KB Trojan.Stwoyle
SYSTEM ROWLAND MSHOME
Tuesday, January 10, 2006 10:22:39 PM
Not submitted
Could someone help me out? please
------------------------------------------------------------------------------
Did a full scan just now and heres the quarantine report
Norton AntiVirus Quarantine Report
Created: Tuesday, January 10, 2006 11:58:06 PM
------------------------------------------------------------------------------
File Name
Location
Status Size Virus Name
User Name Machine Name Domain
Date Quarantined
Date Submitted
------------------------------------------------------------------------------
page1[1].htm
C:\Documents and Settings\Rowland Kelly\Local Settings\Temporary Internet Files\Content.IE5\W981A705
Backup of an infected file 3.42 KB Downloader.Psyme
SYSTEM ROWLAND MSHOME
Monday, November 14, 2005 3:31:40 AM
Not submitted
------------------------------------------------------------------------------
Negrita___Mama_mae'.PIF
Backup of an infected file 69.6 KB W32.Blackmal.C@mm
Rowland Kelly ROWLAND MSHOME
Saturday, October 15, 2005 6:45:43 PM
Not submitted
------------------------------------------------------------------------------
count[1].jar
C:\Documents and Settings\Rowland Kelly\Local Settings\Temporary Internet Files\Content.IE5\4H6NGHUJ
Backup of an infected file 13.4 KB Trojan.ByteVerify
SYSTEM ROWLAND MSHOME
Thursday, October 27, 2005 8:18:45 PM
Not submitted
------------------------------------------------------------------------------
sp[1].htm
C:\Documents and Settings\Rowland Kelly\Local Settings\Temporary Internet Files\Content.IE5\W981A705
Backup of an infected file 1.30 KB Bloodhound.Exploit.21
SYSTEM ROWLAND MSHOME
Monday, November 14, 2005 3:31:41 AM
Not submitted
------------------------------------------------------------------------------
idemlog.exe
C:\WINDOWS\System32
Backup of an infected file 107 KB Trojan.Adclicker
SYSTEM ROWLAND MSHOME
Tuesday, January 10, 2006 10:22:33 PM
Not submitted
------------------------------------------------------------------------------
count[1].jar
C:\Documents and Settings\Rowland Kelly\Local Settings\Temporary Internet Files\Content.IE5\FJPJRDWW
Backup of an infected file 13.4 KB Trojan.ByteVerify
SYSTEM ROWLAND MSHOME
Monday, November 14, 2005 3:31:41 AM
Not submitted
------------------------------------------------------------------------------
count[1].jar
C:\Documents and Settings\Rowland Kelly\Local Settings\Temporary Internet Files\Content.IE5\CXUNS9UR
Backup of an infected file 13.4 KB Trojan.ByteVerify
SYSTEM ROWLAND MSHOME
Tuesday, November 15, 2005 10:41:47 PM
Not submitted
------------------------------------------------------------------------------
dgprpsetup.exe
C:\WINDOWS\System32
Backup of an infected file 9.67 KB Trojan.Stwoyle
SYSTEM ROWLAND MSHOME
Tuesday, January 10, 2006 10:22:39 PM
Not submitted
------------------------------------------------------------------------------
Also i noticed this popped up
Windows security center:
Warning: Windows firewall has detected suspicious network activity on your computer.
Norton AntiVirus Quarantine Report
Created: Tuesday, January 10, 2006 11:58:06 PM
------------------------------------------------------------------------------
File Name
Location
Status Size Virus Name
User Name Machine Name Domain
Date Quarantined
Date Submitted
------------------------------------------------------------------------------
page1[1].htm
C:\Documents and Settings\Rowland Kelly\Local Settings\Temporary Internet Files\Content.IE5\W981A705
Backup of an infected file 3.42 KB Downloader.Psyme
SYSTEM ROWLAND MSHOME
Monday, November 14, 2005 3:31:40 AM
Not submitted
------------------------------------------------------------------------------
Negrita___Mama_mae'.PIF
Backup of an infected file 69.6 KB W32.Blackmal.C@mm
Rowland Kelly ROWLAND MSHOME
Saturday, October 15, 2005 6:45:43 PM
Not submitted
------------------------------------------------------------------------------
count[1].jar
C:\Documents and Settings\Rowland Kelly\Local Settings\Temporary Internet Files\Content.IE5\4H6NGHUJ
Backup of an infected file 13.4 KB Trojan.ByteVerify
SYSTEM ROWLAND MSHOME
Thursday, October 27, 2005 8:18:45 PM
Not submitted
------------------------------------------------------------------------------
sp[1].htm
C:\Documents and Settings\Rowland Kelly\Local Settings\Temporary Internet Files\Content.IE5\W981A705
Backup of an infected file 1.30 KB Bloodhound.Exploit.21
SYSTEM ROWLAND MSHOME
Monday, November 14, 2005 3:31:41 AM
Not submitted
------------------------------------------------------------------------------
idemlog.exe
C:\WINDOWS\System32
Backup of an infected file 107 KB Trojan.Adclicker
SYSTEM ROWLAND MSHOME
Tuesday, January 10, 2006 10:22:33 PM
Not submitted
------------------------------------------------------------------------------
count[1].jar
C:\Documents and Settings\Rowland Kelly\Local Settings\Temporary Internet Files\Content.IE5\FJPJRDWW
Backup of an infected file 13.4 KB Trojan.ByteVerify
SYSTEM ROWLAND MSHOME
Monday, November 14, 2005 3:31:41 AM
Not submitted
------------------------------------------------------------------------------
count[1].jar
C:\Documents and Settings\Rowland Kelly\Local Settings\Temporary Internet Files\Content.IE5\CXUNS9UR
Backup of an infected file 13.4 KB Trojan.ByteVerify
SYSTEM ROWLAND MSHOME
Tuesday, November 15, 2005 10:41:47 PM
Not submitted
------------------------------------------------------------------------------
dgprpsetup.exe
C:\WINDOWS\System32
Backup of an infected file 9.67 KB Trojan.Stwoyle
SYSTEM ROWLAND MSHOME
Tuesday, January 10, 2006 10:22:39 PM
Not submitted
------------------------------------------------------------------------------
Also i noticed this popped up
Windows security center:
Warning: Windows firewall has detected suspicious network activity on your computer.
Can someone help me out please? :boh:
rko619,
By continuing to reply several times in your own topic, it appeared to us that you were getting help. we look for 0 replies.
Mosaic1
You will be restarting into Safe mode later. Here's help if you need it.
To use the F8 key to start Windows XP in Safe mode
Restart the computer.
Some computers have a progress bar that refers to the word BIOS. Others may not let you know what is happening.
As soon as the BIOS loads, begin tapping the F8 key on your keyboard. Do so until the Windows Advanced Options menu appears.
If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. If this happens, restart the computer and try again.
Using the arrow keys on the keyboard, select Safe mode and then press Enter.
------
Please download, install, and update the free version of Ewido trojan scanner:
http://www.ewido.net/en/download/
When you run ewido for the first time, you might get a warning "Database could not be found!". Click OK.
From the main ewido screen, click on update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Exit Ewido. DO NOT scan yet.
If you are having problems with the updater, you can go to
http://www.ewido.net/en/download/updates/ to update manually
------
Please download FixWareout from this link:
http://downloads.subratam.org/Fixwareout.exe
Save it on your desktop and double click on it to run.
Click Finish. The fix will run.
Follow the prompts.
When asked to restart, do that
When your system reboots, follow the prompts. At the end, Hijackthis will start.
Select the following items and press the fix checked button.
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O17 -
HKLM\System\CCS\Services\Tcpip\..\{259F0C78-8BE9-49B7-9345-AA196541FAD3}: NameServer = 85.255.116.169,85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\..\{49923E70-B502-4BC5-A594-9C8A7390B26F}: NameServer = 85.255.116.169,85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F4BB265-7CC7-41A1-A952-86042B736C76}: NameServer = 85.255.116.169,85.255.112.180
O17 - HKLM\System\CS1\Services\Tcpip\..\{259F0C78-8BE9-49B7-9345-AA196541FAD3}: NameServer = 85.255.116.169,85.255.112.180
Close Hijackthis, and click OK to proceed.
At the end of the fix, you may need to restart your computer again.
Either way, now restart into Safe mode and run EWIDO.
Next, run a scan with Ewido.
Click on the Scanner button in the left menu, then click on the Start button.
This scan can take quite a while to run, so please be patient
If Ewido finds anything, it will pop up a notification. You can select
"remove" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
When the scan finishes, click on "Save Report". This will create a text file.
Make sure you know where to find this file again.
Copy and paste the results from that scan back here when you return to post again.
*Note: Ewido is a free trial product for 14 days. After that you can purchase t for full features OR you can also keep the free version to use as an on-demand scanner (recommended).
You will still be able to manually update Ewido using the *update* button
Restart the computer into regular Windows mode.
__________________
Go into Control Panel>Network Connections.
Right click on your connection and click Properties. On the Properties page, Highlight Internet Protocol(TCP/IP)
Click Properties. This will bring up another page.
Select Obtain DNS Server Automatically
Click the ok button. The page will close. Press ok on the page in front of
you.
Restart the computer.
Run hijackthis and post the new log along with the Ewido and Post the
contents of the logfile C:\fixwareout\report.txt
You may have to reply more than once to fit all the logs into your response.
By continuing to reply several times in your own topic, it appeared to us that you were getting help. we look for 0 replies.
Mosaic1
You will be restarting into Safe mode later. Here's help if you need it.
To use the F8 key to start Windows XP in Safe mode
Restart the computer.
Some computers have a progress bar that refers to the word BIOS. Others may not let you know what is happening.
As soon as the BIOS loads, begin tapping the F8 key on your keyboard. Do so until the Windows Advanced Options menu appears.
If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. If this happens, restart the computer and try again.
Using the arrow keys on the keyboard, select Safe mode and then press Enter.
------
Please download, install, and update the free version of Ewido trojan scanner:
http://www.ewido.net/en/download/
When you run ewido for the first time, you might get a warning "Database could not be found!". Click OK.
From the main ewido screen, click on update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Exit Ewido. DO NOT scan yet.
If you are having problems with the updater, you can go to
http://www.ewido.net/en/download/updates/ to update manually
------
Please download FixWareout from this link:
http://downloads.subratam.org/Fixwareout.exe
Save it on your desktop and double click on it to run.
Click Finish. The fix will run.
Follow the prompts.
When asked to restart, do that
When your system reboots, follow the prompts. At the end, Hijackthis will start.
Select the following items and press the fix checked button.
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O17 -
HKLM\System\CCS\Services\Tcpip\..\{259F0C78-8BE9-49B7-9345-AA196541FAD3}: NameServer = 85.255.116.169,85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\..\{49923E70-B502-4BC5-A594-9C8A7390B26F}: NameServer = 85.255.116.169,85.255.112.180
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F4BB265-7CC7-41A1-A952-86042B736C76}: NameServer = 85.255.116.169,85.255.112.180
O17 - HKLM\System\CS1\Services\Tcpip\..\{259F0C78-8BE9-49B7-9345-AA196541FAD3}: NameServer = 85.255.116.169,85.255.112.180
Close Hijackthis, and click OK to proceed.
At the end of the fix, you may need to restart your computer again.
Either way, now restart into Safe mode and run EWIDO.
Next, run a scan with Ewido.
Click on the Scanner button in the left menu, then click on the Start button.
This scan can take quite a while to run, so please be patient
If Ewido finds anything, it will pop up a notification. You can select
"remove" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
When the scan finishes, click on "Save Report". This will create a text file.
Make sure you know where to find this file again.
Copy and paste the results from that scan back here when you return to post again.
*Note: Ewido is a free trial product for 14 days. After that you can purchase t for full features OR you can also keep the free version to use as an on-demand scanner (recommended).
You will still be able to manually update Ewido using the *update* button
Restart the computer into regular Windows mode.
__________________
Go into Control Panel>Network Connections.
Right click on your connection and click Properties. On the Properties page, Highlight Internet Protocol(TCP/IP)
Click Properties. This will bring up another page.
Select Obtain DNS Server Automatically
Click the ok button. The page will close. Press ok on the page in front of
you.
Restart the computer.
Run hijackthis and post the new log along with the Ewido and Post the
contents of the logfile C:\fixwareout\report.txt
You may have to reply more than once to fit all the logs into your response.
Thanks for helping me out :cake: Here is the reports you asked for.
Logfile of HijackThis v1.99.1
Scan saved at 6:58:09 PM, on 1/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Documents and Settings\Rowland Kelly\My Documents\My Received Files\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127527214203
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127527206187
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Fixwareout ver 1.003
Last edited 12/5/2005
Post this report in the forums please
Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\gib_ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\golmedi
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23plhps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\mgcppp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\tesvaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\32refaselif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»» Search by size and names...
C:\WINDOWS\SYSTEM32\CSODV.EXE
»»»»» Misc files
»»»»» Checking for older varients covered by the Rem3 tool
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 6:48:49 PM, 1/11/2006
+ Report-Checksum: 9DF8197
+ Scan result:
C:\RECYCLER\S-1-5-21-1547161642-1292428093-725345543-1004\Dc11.exe -> Spyware.Msnagent : Cleaned with backup
C:\RECYCLER\S-1-5-21-1547161642-1292428093-725345543-1004\Dc12.exe -> Spyware.FindSpy : Cleaned with backup
C:\RECYCLER\S-1-5-21-1547161642-1292428093-725345543-1004\Dc4.exe -> Hijacker.Small : Cleaned with backup
C:\WINDOWS\system32\dmpos.exe -> Trojan.Pakes : Cleaned with backup
C:\WINDOWS\system32\howiper.exe -> Trojan.Qhost.df : Cleaned with backup
::Report End
Logfile of HijackThis v1.99.1
Scan saved at 6:58:09 PM, on 1/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Documents and Settings\Rowland Kelly\My Documents\My Received Files\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127527214203
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127527206187
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Fixwareout ver 1.003
Last edited 12/5/2005
Post this report in the forums please
Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\gib_ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\golmedi
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23plhps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\mgcppp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\tesvaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\32refaselif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»» Search by size and names...
C:\WINDOWS\SYSTEM32\CSODV.EXE
»»»»» Misc files
»»»»» Checking for older varients covered by the Rem3 tool
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 6:48:49 PM, 1/11/2006
+ Report-Checksum: 9DF8197
+ Scan result:
C:\RECYCLER\S-1-5-21-1547161642-1292428093-725345543-1004\Dc11.exe -> Spyware.Msnagent : Cleaned with backup
C:\RECYCLER\S-1-5-21-1547161642-1292428093-725345543-1004\Dc12.exe -> Spyware.FindSpy : Cleaned with backup
C:\RECYCLER\S-1-5-21-1547161642-1292428093-725345543-1004\Dc4.exe -> Hijacker.Small : Cleaned with backup
C:\WINDOWS\system32\dmpos.exe -> Trojan.Pakes : Cleaned with backup
C:\WINDOWS\system32\howiper.exe -> Trojan.Qhost.df : Cleaned with backup
::Report End
You can delete this file:
C:\WINDOWS\SYSTEM32\CSODV.EXE
-------------------
Go for free online Virus scans here:
http://housecall.trendmicro.com/housecall/start_corp.asp
http://www.pandasoftware.com/activescan/
Allow them to clean
Panda will have the option to create a log afer the scan has finished. Click the See Report button. Then click the save Report button. It will be saved under the name activescan.txt Do that and post that log into your next reply here.
----------------
How is the system running now?
C:\WINDOWS\SYSTEM32\CSODV.EXE
-------------------
Go for free online Virus scans here:
http://housecall.trendmicro.com/housecall/start_corp.asp
http://www.pandasoftware.com/activescan/
Allow them to clean
Panda will have the option to create a log afer the scan has finished. Click the See Report button. Then click the save Report button. It will be saved under the name activescan.txt Do that and post that log into your next reply here.
----------------
How is the system running now?
Ran a Panda scan, it picked up couple of virus in an email i got, i should delete those emails.At the time i didnt open them as i thought they looked suspicious.So far so good on the computer, fingers crossed its working ok now.Oh btw one last question, in the system config utility on the startup section it still lists dmpos which was a virus.How do i get rid of that, in registry? Thanks so much for your kind help, really appreciate it so much! 
Incident Status Location
Virus:Trj/Mitglieder.GO Disinfected Local Folders\Inbox\Susanna\Leonarde.zip[S3700026.exe]
Virus:Trj/Mitglieder.GO Disinfected Local Folders\Inbox\Margret\Nicholaus.zip[S3700026.exe]
Virus:W32/Bagle.GF.worm Disinfected Local Folders\Inbox\Peter\Katheryne.zip[foto_5321.exe]
Incident Status Location
Virus:Trj/Mitglieder.GO Disinfected Local Folders\Inbox\Susanna\Leonarde.zip[S3700026.exe]
Virus:Trj/Mitglieder.GO Disinfected Local Folders\Inbox\Margret\Nicholaus.zip[S3700026.exe]
Virus:W32/Bagle.GF.worm Disinfected Local Folders\Inbox\Peter\Katheryne.zip[foto_5321.exe]
You're welcome. In system config, is there a check in front of dmpos?
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.