Virus

navisangha · 08-12-2007, 12:24 AM

hi,

Todaywhile searching for some keygens .. i knw its wrong , my pc got infected with virus...

Now windows explorer.exe shuts down... if i start it frm taskmanager it again shuts down restarting again and again this happens even in safe mode... plz tell me how to remove this virus or malware anythng?????

thanx

NucleusKore · 08-12-2007, 07:53 AM

Download Ultimate Boot cd
Boot from it and scan with F-Prot or Mcafee bundled with it

I hope you've learnt your lesson

kpmsivachand · 08-12-2007, 08:49 AM

Quote:

Originally Posted by navisangha

hi,

Todaywhile searching for some keygens .. i knw its wrong , my pc got infected with virus...

Now windows explorer.exe shuts down... if i start it frm taskmanager it again shuts down restarting again and again this happens even in safe mode... plz tell me how to remove this virus or malware anythng?????

thanx

Following the following registry keys:

Go run type "regedit.exe"

HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows NT\
CurrentVersion\ Winlogon > Shell give value as explorer.exe

If your registry access is disable then for enable type it in the run:

reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

Delete the virus entries in the startup navigate the following registry keys and delete the virus entries....

HKCU\software\microsoft\windows\currentversion\run
HKLM\software\microsoft\windows\currentversion\run

navisangha · 08-12-2007, 01:27 PM

i didnt find any registry entries of virus... there i thnk it corrupted my explorer....
plz help..

Ya i hav learnt my lesson

ravi_9793 · 08-12-2007, 01:39 PM

turn off system restore-->>restore windows XP to best know time.

After that do full system scan in safe mode.

navisangha · 08-12-2007, 04:10 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:11:20 PM, on 12/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
f:\Program Files\Dassault Systemes\B14\intel_a\code\bin\CATSysDemon.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Huawei\MT841\dslagent.exe
D:\Program Files\Executive Software\DiskeeperLite\DkService.exe
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
D:\Program Files\Softwin\BitDefender10\bdmcon.exe
D:\Program Files\Softwin\BitDefender10\bdagent.exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\WINDOWS\system32\tcpsvcs.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
D:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
D:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
D:\Program Files\Softwin\BitDefender10\vsserv.exe
D:\Program Files\Softwin\BitDefender10\bdlite.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Opera\Opera.exe
D:\Program Files\Hijackthis\HijackThis.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\imapi.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://server.toolbar.rediff.com/too...l?mode=toolbar
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {749EA47D-F0E5-4BC5-B64D-66947418718E} - D:\WINDOWS\system32\awtqp.dll
O2 - BHO: (no name) - {B285004D-6D02-4212-91FC-B8F47B68C254} - D:\WINDOWS\system32\jkkjghe.dll
O2 - BHO: (no name) - {CAD7D94E-6A4E-4EB5-B8CB-FE693E3C8489} - D:\WINDOWS\system32\audiode.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] D:\Program Files\Huawei\MT841\dslagent.exe
O4 - HKLM\..\Run: [igfxtray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AAWTray] D:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [BDMCon] "D:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "D:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [SpyHunter] D:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: WordWeb.lnk = D:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing)
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - D:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{5ADFC590-5D7C-4E17-98C3-AF62880F8E83}: NameServer = 218.248.240.79 218.248.240.135
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: jkkjghe - D:\WINDOWS\SYSTEM32\jkkjghe.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - f:\Program Files\Dassault Systemes\B14\intel_a\code\bin\CATSysDemon.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - D:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper Lite.lnk (Diskeeper) - Executive Software International, Inc. - D:\Program Files\Executive Software\DiskeeperLite\DkService.exe
O23 - Service: Intel(R) Desktop Utilities Service (iHCService) - OSA Technologies, Inc. - C:\Program Files\Intel\IDU\IDUServ.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - D:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - D:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - D:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 6026 bytes