Forum     

Go Back   Digit Technology Discussion Forum > Software > Software Q&A
Help Virus!!! Help Virus!!!
Register FAQ Calendar Mark Forums Read

Software Q&A Having trouble with software? Find solutions here


Closed Thread
 
LinkBack Thread Tools Display Modes
Old 16-05-2007, 08:49 PM   #1 (permalink)
In The Zone
 
morpheusv6's Avatar
 
Join Date: Dec 2006
Location: Bangalore
Posts: 216
Unhappy Help Virus!!!

A virus just entered my system about half an hour back via a autorun feature on a USB drive. It did not allow me to open Firefox and closed the program whenever I ran it, suggesting me to use IE instead. Zone alarm shows IE as trying to access the web as a changed program.
Cannot change the folder views via the explorer hae to use the registry instead. Folder options not visible in the control panel, instead a new notepad like icon is visible.
Avast reported: Win32: Small CBL [Wrm] and Win32PcClient-FD[Trj]

Changed the registry to show hidden and system folders and found a new hidden suspicious folder. Deleted it instantly!
Firefox started working.
Avast Antivirus scan is unable to detect the virus though it showed up in the Process Manager of Lavasoft Adaware.
Ran Spybot, AVG rootkit detector as well.

My question is: should I allow IE to access the net or not?
How do I restore the folder options in control panel?

Hijack This report:
Logfile of HijackThis v1.99.1
Scan saved at 8:53:51 PM, on 5/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\SiteAdvisor\6009\SiteAdv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\sysocmgr.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\tcpsvcs.exe
G:\hijackthis\HijackThis.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\netsh.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6009\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6009\SiteAdv.dll
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=052007 serial=DR12WES-3007622-EUW lang=EN
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: apcsystray.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E4124C9-518D-4BF0-9F80-7502446747AA}: NameServer = 61.1.96.69,61.1.96.71
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6009\SiteAdv.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
__________________
Deven
Last edited by morpheusv6; 16-05-2007 at 08:54 PM.
morpheusv6 is offline  
Advertisements. Register and be a member of the community to get rid of them.
Advertisement

Old 16-05-2007, 10:38 PM   #2 (permalink)
gooby pls
 
Third Eye's Avatar
 
Join Date: Apr 2006
Location: Not very far from you
Posts: 4,293
Default Re: Help Virus!!!
Firefox not running on system
__________________
:|
Third Eye is online now  
Old 17-05-2007, 05:27 AM   #3 (permalink)
In The Zone
 
morpheusv6's Avatar
 
Join Date: Dec 2006
Location: Bangalore
Posts: 216
Default Re: Help Virus!!!
Thanks for the help. Removed the virus. But I am still unable to view hidden files by choosing the option in folder options(On selecting show hidden files, nothing happens). Also folder options is not visible in the control panel.
__________________
Deven
morpheusv6 is offline  
Old 17-05-2007, 02:46 PM   #4 (permalink)
Deadman Walking
 
Batistabomb's Avatar
 
Join Date: Feb 2007
Location: Visakhapatnam
Posts: 879
Default see hide folders
run REGEDIT,HKEY_LOCAL_MACHINE,SOFTWARE,MICROSOFT,WIND OWS,CURRENT VERSION,EXPLORER,ADVANCED,FOLDER,HIDDEN,on the right side in blank white space right click and create NEW STRING VALUE AND RENAME IT AS TYPE,THEN DOUBLE CLICK ON IT AND ENTER GROUP in the value field
Batistabomb is offline  
Closed Thread

Bookmarks

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
Virus trouble (VERY weird stalker virus) mightyboosh Software Q&A 9 22-08-2007 11:34 PM
Virus problem, need online virus checking details-pls hava a read here. mobileman Software Q&A 2 14-04-2007 10:58 AM
latest mobile virus is : cardtrap virus anandk Mobiles and Tablets 5 06-10-2005 10:07 PM
mcafee virus scan 8.0 - problem updating virus definations infra_red_dude Software Q&A 3 26-06-2005 11:43 AM
VIRUS...RANDEX ZEN.......VIRUS MLORE HELP..??URGENT Writankar panja Software Q&A 9 19-09-2004 05:26 PM

 
Latest Threads
the FOOTBALL channel
- by Arsenal_Gunners
Anonymous Strikes again!!
- by clinton
Micromax Funbook
- by Tenida
Battlefield 3 discussion!
- by cyborg47
Is there a chance to get my N8 back ???
- by gameranand
Where Hindi Movie posters are ripped off from
- by Anorion
Happy Birthday to MetalheadGautham and others..
- by thetechfreak
All TV Shows Related Discussions Here
- by SunnyChahal
Akash tablet project nearly-dead because of corruption?
- by DeSmOnD dAvId
Water entered touch screen
- by Niilesh

Advertisement




All times are GMT +5.5. The time now is 02:53 PM.

Contact Us - Thinkdigit.com - Archive - Top

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2012, vBulletin Solutions, Inc.

Search Engine Optimization by vBSEO 3.3.2