HI!
I'm having trubel geting rid of viruses. I'm runing AVG but it dosent find the viruses, when i run Microworld Antivirus it finds:
File C:\WINDOWS\System32\setup32.exe infected by "Backdoor.Win32.Rbot.gen" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\setup32.exe infected by "Backdoor.Win32.Rbot.gen" Virus! Action Taken: No Action Taken.
Object "ISTsvc Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "YourSiteBar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "iSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MediaAccX.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MediaAccX.dll". Action Taken: No Action Taken.
File C:\WINDOWS\System32\4.html infected by "Trojan-Clicker.JS.Linker.j" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\aguss.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\bntm.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\cdyeia.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\czfoi.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\dwrnqbm.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\edjb.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\ezywfjs.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\hijstku.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\hosterv.exe infected by "Backdoor.Win32.Rbot.gen" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\ibkgqpou.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\kltec.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\mss.exe infected by "Backdoor.Win32.Rbot.gen" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\nnnfll.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\oakd.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\oiwlo.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\ovaxvwxf.exe infected by "Backdoor.Win32.PoeBot.b" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\pdimfec.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\ppezpvhx.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\rfkhyqsr.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\rhzqxxe.exe infected by "Backdoor.Win32.PoeBot.b" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\Sygate.exe infected by "Backdoor.Win32.Rbot.gen" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\tgcu.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\vefwcox.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\vpyfoxap.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\wxnr.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\xlloq.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\ydbcnt.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\yvodfxul.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\zozhoagz.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\zwir.exe infected by "Trojan-Dropper.Win32.Agent.mm" Virus! Action Taken: No Action Taken.
And this is my HJT list:
Logfile of HijackThis v1.99.1
Scan saved at 00:00:29, on 2005-06-13
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\setup32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program\Grisoft\AVGFRE~1\avgcc.exe
C:\Program\Grisoft\AVGFRE~1\avgemc.exe
C:\Program\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\DOCUME~1\Jessica\LOKALA~1\Temp\mwavscan.com
C:\DOCUME~1\Jessica\LOKALA~1\Temp\kavss.exe
C:\Program\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://login1.telia.com/F2 - REG:system.ini: UserInit=userinit.exe,setup32.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\Program\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuamkop32.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.com/v5co...b?1118600401439O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cabO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
StartupList report, 2005-06-13, 00:01:13
StartupList version: 1.52.2
Started from : C:\HJT\HijackThis.EXE
Detected: Windows XP (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\setup32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program\Grisoft\AVGFRE~1\avgcc.exe
C:\Program\Grisoft\AVGFRE~1\avgemc.exe
C:\Program\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\DOCUME~1\Jessica\LOKALA~1\Temp\mwavscan.com
C:\DOCUME~1\Jessica\LOKALA~1\Temp\kavss.exe
C:\Program\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
--------------------------------------------------
Listing of startup folders:
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start-meny\Program\Autostart]
SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = userinit.exe,setup32.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AVG7_CC = C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
AVG7_EMC = C:\Program\Grisoft\AVGFRE~1\avgemc.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
Microsoft Update = wuamkop32.exe
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SpybotSD TeaTimer = C:\Program\Spybot - Search & Destroy\TeaTimer.exe
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
--------------------------------------------------
Enumerating Download Program Files:
[WUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\wuweb.dll
CODEBASE =
http://v5.windowsupdate.microsoft.com/v5co...b?1118600401439[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE =
http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE =
http://download.macromedia.com/pub/shockwa...ash/swflash.cab--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
--------------------------------------------------
End of report, 4 541 bytes
Report generated in 0,090 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
Some one Help me pleas.
I ran houscalls online scan, but it dident find any thing.
Allso AVG keeps poping upp saying that it detected a virus valld colected.5.L, i press heal and it tels me that it was heald. but it doesent take long befor it pops upp agin.
