Jump to content

VIRUS ALERT in Task Bar...HELP!


Recommended Posts

My computer has recently had virus alert in my task bar next to the clock. I have tried everything i know of to fix this, but nothing has. My background has diappeared, in my start i no longer get my programs, or control panel, or my computer, or run....3 new icons have popped up on my desktop, and I keep messages saying i am infected.

I have run Hijack this and this is the results it gives me....

Logfile of HijackThis v1.99.1

Scan saved at 09:29: VIRUS ALERT!, on 10/13/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\SlipStream Web Accelerator\slipcore.exe

C:\WINDOWS\SYSTEM32\USRmlnkA.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\SYSTEM32\USRshutA.exe

C:\WINDOWS\SYSTEM32\USRmlnkA.exe

C:\Program Files\SlipStream Web Accelerator\slipgui.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\WINDOWS\system32\wpabaln.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\ewido anti-spyware 4.0\ewido.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\mary\LOCALS~1\Temp\Rar$EX00.281\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400

O3 - Toolbar: olnmraew - {C6E98D75-91EE-4EB1-9CE2-047046F30E32} - C:\WINDOWS\olnmraew.dll

O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [slipStream] "C:\Program Files\SlipStream Web Accelerator\slipcore.exe"

O4 - HKLM\..\Run: [uSRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

O4 - Global Startup: Instant Update Reminder.lnk = ?

O4 - Global Startup: SlipStream Web Accelerator.lnk = C:\Program Files\SlipStream Web Accelerator\slipgui.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\SlipStream Web Accelerator\gui_resource.dll/327

O8 - Extra context menu item: Show Original Image - res://C:\Program Files\SlipStream Web Accelerator\gui_resource.dll/328

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2C6EAB0D-1A58-41BD-8453-EAB8BAC53A7A}: NameServer = 64.136.173.5 64.136.164.77

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O21 - SSODL: lfstbwvd - {39F839B6-596C-41B7-A906-834AE131C502} - C:\WINDOWS\lfstbwvd.dll

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

Link to comment
Share on other sites


A useful hijackthis "side" service is this site:

http://www.hijackthis.de/

where you have an easy to visualize analisys of your log.

From it it does not seem that you have much problems.

the "questionable items" are below (as coming from "short analisys"):

[?] - C:\WINDOWS\SYSTEM32\USRmlnkA.exe
[?] - C:\WINDOWS\SYSTEM32\USRmlnkA.exe
[?] - O3 - Toolbar: olnmraew - {C6E98D75-91EE-4EB1-9CE2-047046F30E32} - C:\WINDOWS\olnmraew.dll
[?] - O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\SlipStream Web Accelerator\gui_resource.dll/327
[?] - O8 - Extra context menu item: Show Original Image - res://C:\Program Files\SlipStream Web Accelerator\gui_resource.dll/328
[?] - O17 - HKLM\System\CCS\Services\Tcpip\..\{2C6EAB0D-1A58-41BD-8453-EAB8BAC53A7A}: NameServer = 64.136.173.5 64.136.164.77
[?] - O21 - SSODL: lfstbwvd - {39F839B6-596C-41B7-A906-834AE131C502} - C:\WINDOWS\lfstbwvd.dll

Of course only you may know how accurate is the above and what in it may actually be a problem.

jaclaz

Link to comment
Share on other sites

In my experience this sounds like a rootkit infection in which case you are in some serious trouble try installing NOD32 v2.7 and update it then boot into safe mode and do a complete system scan and that mite do it. If not then I have generally found the only way to remove them is to do a complete format and reinstall your OS :(

Stoner81

Link to comment
Share on other sites

The Slipstream process is my internet accelerator that came with my internet service, and the USR is my modem update reminder.

I went and used 2 programs from lunarsoft.net and they have really straightened out my computer ALOT...

However it is still showing my time in army time. That i haven't figured out yet.

Link to comment
Share on other sites

  • 3 weeks later...

+1 for Malware Bytes

This sounds reminiscent to the Smitfraud virus I came across about 8 months ago which displayed a message in the system tray. Tarun recommended Malware Bytes and it did the trick then. Solid program.

Link to comment
Share on other sites

  • 2 weeks later...

Just by looking at your running processes, it's possible that a Trojan has disguised itself as one of the normal exe's. You might want to download Spybot, run it and see if it finds anything. If it does be shure to check the location of it and what it's called, write it down and delete it. Then go to Start > Run > Type "msconfig" without the quotes > Go to the startup tab. If anything that spybot found is checked, uncheck them. Or anything that looks suspicious

look it up at the Startup page.

Edited by WangoTango
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...