cant getting rid os this stuff

Binay 007 · 14-05-2007, 11:55 PM

An spyware entered in my pc which is only to be seen inside add/remove window.here whenever i try to remove this it creating 3 trojans .I abling to get rid from 3 of this but i cannot able to get rid of the main boss though i m using anti spyware tools

Choto Cheeta · 15-05-2007, 12:04 AM

You may use spybot, http://www.spybot.info to scan and get rid of them, and I suggest a Better AVS, like Kaspersky would be best in this case,

also, u may try the free online scan option for Kaspersky

http://www.kaspersky.com/virusscanner

47shailesh · 15-05-2007, 01:47 AM

Almost seen when there is a trojan there is/are dll related to them that are injected in explorer and that regenrates the malware even after they are deleted so if you know any such file(s) then list them here...

Else please post ur HijackThis log here...

Binay 007 · 26-05-2007, 01:04 AM

I was talking about tat spyware in my add/remove window named as "Window system Alert"

Hijack log:----------

Logfile of HijackThis v1.99.1
Scan saved at 9:14:33 PM, on 5/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\slserv.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\cqpwqjdg.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: WinFol.exe
O4 - Global Startup: WinFol.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: Visibroker Smart Agent (xsSmartAgent) - Unknown owner - E:\ProgramFiles\Oracle\bin\osagent.exe (file missing)

pls help me guys
every day when i get conncted to net inviting more crepy trojans & malware

SPYbot remove some & tat online kaspersky online scan may take a century to completing the scan cause i using dial up which i call 1980 scooter.

Choto Cheeta · 26-05-2007, 01:09 AM

Scan log doesnt reflect any nasty software...

how ever some junk is there, download CCleaner from http://www.ccleaner.com and clean the system...

also, Install the IE7, and though u may not be using the IE but some program do use the engine, where as IE7 is much safen than 6.0

47shailesh · 26-05-2007, 12:47 PM

Remove WinFol From global startup and startup. could not find much info on that file..

Also could not figure out what "C:\WINDOWS\system32\cqpwqjdg.dll",realset is this dll doing.

Binay 007 · 27-05-2007, 02:58 PM

Now i mostly get rid of all viruse by using kaspersky AV ,& my system get slowe down to load every application after reboot,nothing is diplaying on the desktop.

I have a request does any body have a key for KAV v7.0.0.555 beta .
thx in adv.