edmandoo

Members
  • Content Count

    14
  • Joined

  • Last visited

Everything posted by edmandoo

  1. I have been constantly finding install exe's by the title of "MFC 응용 프로그램" inside WINDOWS folder. It's korean...and i've searched it on google and it seems like it's microsoft oriented...but it had the same title for those weird korean anti virus programs that constantly installed themselves in my comp. Here is my hijackthis log. Oh and i've checked vmnat and smss processes from where they came from...and in those folder that korean thing was in there. PLEASE HELP. C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WI
  2. yea even if i do combofix.exe and hijackthis scans. I believe i'm still getting signs of this korean stuff. Not only that, but i think now it's weekly...instead of daily that these things show up I scanned with hijackthis today and it scanned 3 ctfmon.exe, ususally only scanning one. And i found out that two of them were in the WINDOWS folder so i checked what it was. And it was in korean again , and definitely not related to Microsoft Office. PLEASE HELP!
  3. ComboFix 07-06-13.3 - C:\Documents and Settings\Edmundo Unit\Desktop\ComboFix.exe "Edmundo Unit" - 2007-06-12 21:23:58 - Service Pack 2 NTFS ((((((((((((((((((((((((( Files Created from 2007-05-13 to 2007-06-13 ))))))))))))))))))))))))))))))) 2007-06-12 21:18 337,920 --a------ C:\WINDOWS\system32\bmdelete.exe 2007-06-05 22:02 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-06-04 14:52 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-04 07:51 <DIR> d-------- C:\WINDOWS\1088 2007-06-03 07:58 <DIR> d-------- C:\NVSTEREO.LOG 2007-06-03 07:33 221,184 --a------ C:\WINDOWS\s
  4. the one's in the moved it files. I deleted them..because everyone i searched on google dealt with korean siets and virus etc. So please help! Should i delete the msmon.sys.vir file also? in the qoobox folder from combofix i believe.
  5. yea it was another korean virus scanner thing....im getting scared now.
  6. hey you still didn't tell me what to do with the moved files. Should i delete them? Not only that..but today i turned on my computer...and this bmpatch.exe installed itself in my computer What is that? I searched it on google and it showed up on like chinese sites..? Should i delete it or what? Oh btw here's a new hijack log. Please tell me what to do with the quarantined and moved files... And why did this bmpatch.exe install itself into my computer? Is it a program extension? It's in my C drive in program files in a folder called "pcmedic" And the files inside include bmpatch.exe, pcmedic.dl
  7. NOT ONLY THAT but what should i do with the quarantined files in the otmovieit folder and the Qoobox folder? shouldnt i delete those files? Not only that, but what should i do with the "fix.reg" file. just leave it on my desktop? And that dll that was infected...what should i do with that (the one avg detected as infected) should i just leave it as is or delete it? thanks
  8. everything worked fine after the first post you made (and youre a mother freakin genius) thank you for everything. and yea i removed the last two. Thanks for being there for me so quick Matt told me that you techies had like finals and stuff to study for (our high school being charter got out a month earlier than all of you guys, yet we start a month earlier T_T) So yea and are you korean? because your name is birdsong and i have a friend named daniel song and i call him songbird. lol that was random but yea everything works fine THANKS MAN! Hope to encounter you again haha
  9. before i post i think i need to tell you why panda detected so many spyware. My sister and my dad has an account on this computer also..and i dont think they deleted the temporary internet files WHICH I WILL DO and WHICH I APOLOGIZE FOR NOT TELLING BEFOREHAND (if there are any mistakes i have made -__-) So yea and the weird thing is..when panda was scanning...avg detected (maybe it is just infected) a backup file in the hijackthis backups folder stated as a threat because the description stated some trojan horse generic4.SQG and the dll name was backup-20070604-144722-876.dll It indeed was a b
  10. yea sorry i carelessly forgot to paste the rest of it in stupid me. Oh and quick question before i post. I remember i was in the regedit place...and i think i accidentally deleted one of my realtek functions which automatically detects a headphone/microphone in the beginning. Because now i have to constantly go back to the realtek folder in program files and run the audio wizard whenever i want to use my headset. How can i make it so it functions again whenever i start the computer? Oh and the virus doesn't install anymore woot! but i know there's still more to do "Edmundo Unit" - 2007-06-04
  11. well thank you song~ here is the combofix log file (weirdly it didnt ask me to reboot the computer) Combofix log file "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00] "Uniblue RegistryBooster2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run] "SystemManager"=C:\WINDOWS\system32\a3p.
  12. wow so pro. So yea if i do that will the errors or korean trojans or whatever be deleted/fixed? Because you say this is a good start....? And after your message there is a line ------------ Then it says things like you need and things like you want...do i have to download that or do you just put that in every message you post? Thanks! Im at a community college right now waiting for my sister to finish signing up for some summer college classes and im typing this message to you Thanks for helping again! Im going to go home and fix this right away!
  13. Logfile of HijackThis v1.99.1 Scan saved at 8:23:13 AM, on 6/4/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5700.0006) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files
  14. hi...im very nervous and paranoid when it comes to worms/trojans/viruses. I remember the first time i had a virus...my computer shut down automatically and when i tried rebooting the comp...it get to the win logon page and then restart automatically continuously..OH horrible Anyway...i'm very afraid right now also. I currently have a Gateway computer bought in late 2004 505 GR model number XAB49 210 03895 and lately...i've been getting Korean viruses (i know because i can read it) They would happen sometimes when i would start my computer, these "antivirus" programs would install automatically