Jump to content

I don't know how to do


Recommended Posts

Hi there... I think i have a little problem in my computer, it's about a virus (i think) and i'm trying to do everything but i can't remove that... i will post the log file...

Logfile of HijackThis v1.97.7

Scan saved at 2:06:24, on 07-05-2004

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\Ati2evxx.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\LEXBCES.EXE

C:\WINNT\system32\spoolsv.exe

C:\WINNT\system32\LEXPPS.EXE

C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe

C:\WINNT\System32\svchost.exe

C:\Programas\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Programas\Norton SystemWorks\Norton Internet Security\NISUM.EXE

C:\Programas\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\Programas\Norton SystemWorks\Norton Internet Security\SymProxySvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\system32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\Programas\Norton SystemWorks\Norton Internet Security\NISSERV.EXE

C:\WINNT\Explorer.EXE

C:\Programas\Ficheiros comuns\Symantec Shared\SymTray.exe

C:\WINNT\twain_32\VIVID\VIVID.EXE

C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe

C:\Programas\Norton SystemWorks\Norton Internet Security\IAMAPP.EXE

F:\MouseTrackPacked\MouseTrack.exe

C:\Programas\Netcount\Netcount.exe

D:\Mirc\mirc.exe

D:\MyScript\mirc32.exe

C:\WINNT\system32\rundll32.exe

F:\Windows Uptime\Windows Uptime.exe

C:\Programas\Avant Browser\iexplore.exe

C:\Documents and Settings\Administrador\Ambiente de trabalho\HijackThis.exe

C:\Programas\Lavasoft\Ad-aware 6\Ad-aware.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = c:\searchpage.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = c:\searchpage.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = c:\searchpage.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\searchpage.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\searchpage.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = c:\searchpage.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = c:\searchpage.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = c:\searchpage.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\searchpage.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = c:\searchpage.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = c:\searchpage.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = c:\searchpage.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = c:\searchpage.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html

R1 - HKLM\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html

F1 - win.ini: load=C:\WINNT\TWAIN_32\Vivid\VIVID.EXE

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programas\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: @msdxmLC.dll,-1@2070,&Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programas\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Programas\Ficheiros comuns\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [symTray - Norton SystemWorks] C:\Programas\Ficheiros comuns\Symantec Shared\SymTray.exe SetReg

O4 - HKLM\..\Run: [iamapp] C:\Programas\Norton SystemWorks\Norton Internet Security\IAMAPP.EXE

O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Programas\ICQ\NDetect.exe

O4 - HKCU\..\Run: [bMT] F:\MouseTrackPacked\MouseTrack.exe

O4 - HKLM\..\RunOnce: [symTray - Norton SystemWorks] C:\Programas\Ficheiros comuns\Symantec Shared\Symtrdr.exe

O4 - Startup: Netcount.lnk = C:\Programas\Netcount\Netcount.exe

O4 - Startup: CAINETA.lnk = D:\Mirc\mirc.exe

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DOWNLO~1\dapextie.htm

O8 - Extra context menu item: Abrir todos os links nesta página... - C:\Programas\Avant Browser\OpenAllLinks.htm

O8 - Extra context menu item: Adicionar à lista negra - C:\Programas\Avant Browser\AddToADBlackList.htm

O8 - Extra context menu item: Bloquear todas as imagens do mesmo servidor - C:\Programas\Avant Browser\AddAllToADBlackList.htm

O8 - Extra context menu item: Destacar - C:\Programas\Avant Browser\Highlight.htm

O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DOWNLO~1\dapextie2.htm

O8 - Extra context menu item: Procurar - C:\Programas\Avant Browser\Search.htm

O9 - Extra button: Trace (HKLM)

O9 - Extra 'Tools' menuitem: VisualRoute Trace (HKLM)

O9 - Extra button: ICQ (HKLM)

O9 - Extra 'Tools' menuitem: ICQ (HKLM)

O13 - DefaultPrefix: c:\searchpage.html?page=

O13 - WWW Prefix: c:\searchpage.html?page=

O13 - Home Prefix: c:\searchpage.html?page=

O13 - Mosaic Prefix: c:\searchpage.html?page=

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Link to comment
Share on other sites


Pai_Natal[,May 7 2004, 07:19 PM]I used Ad-ware and the spybot... and finally Hijackthis to see this log file... i think it's a variant of a worm... or something like that!

You might want to run an AV scanner just to be sure... Also, disable system restore when you run your AV! :)

Link to comment
Share on other sites

Pai_Natal[,May 8 2004, 10:30 AM]The windows 2000 don't have system restore... and i have run the ad-ware to clean all the garbage... the spybot found something else and i clean that... but the "bug" continues!

Disconnect from the Internet, put up a firewall, go back on, and scan. :)

Link to comment
Share on other sites

hai,

Select the following lines in Hijackthis. And choose Fix! Before choosing the Fix this button be sure to close all Intenet Explorer and Windows Explorer windows.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = c:\searchpage.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = c:\searchpage.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = c:\searchpage.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\searchpage.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\searchpage.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = c:\searchpage.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = c:\searchpage.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = c:\searchpage.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\searchpage.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = c:\searchpage.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = c:\searchpage.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = c:\searchpage.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = c:\searchpage.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html

R1 - HKLM\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html

O13 - DefaultPrefix: c:\searchpage.html?page=

O13 - WWW Prefix: c:\searchpage.html?page=

O13 - Home Prefix: c:\searchpage.html?page=

O13 - Mosaic Prefix: c:\searchpage.html?page=

O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab

You may have to restart the computer. Just to be sure run the Hijackthis software after you reboot and if you find any more of the above listed lines. Then choose them and select fix this.

Also make sure you run Spybot and Adaware after you run this.

And also do a virus scan of your system..

Hope that helps. :)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...