« previous next »
Pages: [1]

Author Topic: I've got the Win32p2p-worm.alcan.a, please help!  (Read 459 times)

Offline et3

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
I've got the Win32p2p-worm.alcan.a, please help!
« on: February 17, 2007, 01:03:41 AM »
My Ad-aware has detected this worm and I can't shake it!
Here's my log:

Logfile of HijackThis v1.99.1
Scan saved at 11:48:20 PM, on 2/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Mixer.exe
F:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
F:\PROGRA~1\Yahoo!\YOP\yop.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\outlook\outlook.exe
F:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
F:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\PROGRA~1\Yahoo!\browser\ycommon.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
F:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
F:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe
F:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
F:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\FRU\Remind32.exe
F:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
F:\WINDOWS\system32\hpoipm07.exe
F:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
F:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
F:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Yahoo!\browser\ybrowser.exe
F:\Program Files\LimeWire\LimeWire.exe
F:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://downloads.yahoo.com/internetexplorer/welcome.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar2.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - F:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [YBrowser] F:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] F:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [outlook] F:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] F:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: Hewlett-Packard Recorder.lnk = F:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\FRU\Remind32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = F:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Harmony Remote Software 7.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ymetray.lnk = F:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165695541704
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165695535750
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/instal...edsolutions.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{245FA2DC-39E9-42E9-923D-44C3343AB79B}: NameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{245FA2DC-39E9-42E9-923D-44C3343AB79B}: NameServer = 68.94.156.1 68.94.157.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - F:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: YPCService - Yahoo! Inc. - F:\WINDOWS\system32\YPCSER~1.EXE
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
I've got the Win32p2p-worm.alcan.a, please help!
« Reply #1 on: February 17, 2007, 09:26:29 AM »
Do a "System scan only" with Hijackthis and put a check next to these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://downloads.yahoo.com/internetexplorer/welcome.php


After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Download and save [color=\"red\"]Brute Force Uninstaller[/color][/b] to the desktop
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to, click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is>>In your case it appears to be F:\
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
[color=\"red\"]RIGHT-CLICK HERE[/color][/b] and choose "Save As" (in IE it's "Save Target As") in order to download [color=\"red\"]Alcan worm remover[/color].
Save it then transfer to the
same folder you made earlier (F:\BFU).

Go to Start > My Computer and navigate to the F:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Next to the scriptline to execute field click the folder icon
    and select alcanshorty.bfu
  • Press Execute and let it do it's job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
Reboot your computer

Ensure that Ad-Aware SE Personal is right up to date
Run a Full system scan and clean all Critical objects

Reboot your computer again afterwards

Come back here and post a fresh hijackthis log
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline et3

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
I've got the Win32p2p-worm.alcan.a, please help!
« Reply #2 on: February 17, 2007, 11:00:52 AM »
[quote name=\'guestolo\' post=\'287984\' date=\'Feb 17 2007, 08:26 AM\']Do a "System scan only" with Hijackthis and put a check next to these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://downloads.yahoo.com/internetexplorer/welcome.php


After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Download and save [color=\"red\"]Brute Force Uninstaller[/color][/b] to the desktop
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to, click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is>>In your case it appears to be F:\
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
[color=\"red\"]RIGHT-CLICK HERE[/color][/b] and choose "Save As" (in IE it's "Save Target As") in order to download [color=\"red\"]Alcan worm remover[/color].
Save it then transfer to the
same folder you made earlier (F:\BFU).

Go to Start > My Computer and navigate to the F:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Next to the scriptline to execute field click the folder icon
    and select alcanshorty.bfu
  • Press Execute and let it do it's job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
Reboot your computer

Ensure that Ad-Aware SE Personal is right up to date
Run a Full system scan and clean all Critical objects

Reboot your computer again afterwards

Come back here and post a fresh hijackthis log


Here's my fresh log[/quote]
Logfile of HijackThis v1.99.1
Scan saved at 9:59:08 AM, on 2/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Mixer.exe
F:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
F:\PROGRA~1\Yahoo!\YOP\yop.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
F:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
F:\PROGRA~1\Yahoo!\browser\ycommon.exe
F:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe
F:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
F:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\FRU\Remind32.exe
F:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
F:\WINDOWS\system32\hpoipm07.exe
F:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
F:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
F:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Yahoo!\browser\ybrowser.exe
F:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar2.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - F:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [YBrowser] F:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] F:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] F:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: Hewlett-Packard Recorder.lnk = F:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\FRU\Remind32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = F:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Harmony Remote Software 7.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ymetray.lnk = F:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165695541704
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165695535750
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/instal...edsolutions.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{245FA2DC-39E9-42E9-923D-44C3343AB79B}: NameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{245FA2DC-39E9-42E9-923D-44C3343AB79B}: NameServer = 68.94.156.1 68.94.157.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - F:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: YPCService - Yahoo! Inc. - F:\WINDOWS\system32\YPCSER~1.EXE
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
I've got the Win32p2p-worm.alcan.a, please help!
« Reply #3 on: February 17, 2007, 12:43:13 PM »
Looks good, how's things running now on your side?

Do you have any AntiVirus software to install on your computer?
Do you need a free solution?
It's not safe being online without and active AV
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline et3

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
I've got the Win32p2p-worm.alcan.a, please help!
« Reply #4 on: February 17, 2007, 12:51:07 PM »
[quote name=\'guestolo\' post=\'288184\' date=\'Feb 17 2007, 11:43 AM\']Looks good, how's things running now on your side?

Do you have any AntiVirus software to install on your computer?
Do you need a free solution?
It's not safe being online without and active AV[/quote]

I've seen your recommendations on AVs pinned thread on top of the forum list.   What do you thinks best for this system?
Is limewire safe to use or will using it result in getting this virus again?
Thanks for the help
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
I've got the Win32p2p-worm.alcan.a, please help!
« Reply #5 on: February 17, 2007, 01:15:33 PM »
I like all 4 antivirus software
But the one lowest on resources and a very good scanner is AVG
ONLY use on AV please, more than one can cause conflicts and system instabilities
All have a free version

Install one and ensure it is updated, run a complete system scan, afterwards reboot the computer
Come back here and let me know how things are running

Quote
Is limewire safe to use or will using it result in getting this virus again?
Limewire itself is safe, it's what you download that may not be safe
Most likely how you got your last infection
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline et3

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
I've got the Win32p2p-worm.alcan.a, please help!
« Reply #6 on: February 18, 2007, 12:22:12 AM »
[quote name=\'guestolo\' post=\'288206\' date=\'Feb 17 2007, 12:15 PM\']I like all 4 antivirus software
But the one lowest on resources and a very good scanner is AVG
ONLY use on AV please, more than one can cause conflicts and system instabilities
All have a free version

Install one and ensure it is updated, run a complete system scan, afterwards reboot the computer
Come back here and let me know how things are running


Limewire itself is safe, it's what you download that may not be safe
Most likely how you got your last infection[/quote]


Thanks,
Your help has been appreciated.  Everything seems to be running fine.  Thanks for the advise.  This has been the most helpful site I've ever been on.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
I've got the Win32p2p-worm.alcan.a, please help!
« Reply #7 on: February 18, 2007, 12:21:49 PM »
Glad to help
Just as some final cleanup
Go to START>>All Programs>>Accessories>>System Tools>>System Restore
Create a New restore point
Give it a name and click Create
When that's done

Go to START>>RUN>>type the following
cleanmgr
Hit OK
Let if finish calculating

Select the More Options tab
and click Cleanup.. under 'System Restore'
This will clear all later restore points except for the one you just made

Ok the prompts, it may take a few seconds to remove old restore points
Ok again after it's ready and let it finish cleaning

You should give your computer a bit more protection
Install
SpywareBlaster 3.5.1 by JavaCool  
    *Will block bad ActiveX Controls
    *Block Malevolent cookies in Internet Explorer and Firefox
    *Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates
After updating, select "Protection" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"

Stay safe  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »