When I open my IE-browser I always get this message which tells me that my system appearantly is infected with viruses and that they have destroyed some Windows files or something and that this may result in malfunctioning programs and OS... The message is in norwegian so I don't know if there is any point in posting it here. I'm from Norway btw. However, when I open the IE, it just shuts down again "Internet Explorer has stopped working, searching for a solution...". You get the idea? If I'm lucky enough to experience that its actually running, it just redirects me to som REALLY fake-looking virus scanning page that says that it shall help me remove all security risks.
...
Ok, I was just opening, as we spoke, my IE so that I could find and post the adress of that hidious virus scanning site, and then Norton came up with a popup message which said that it had found a Trojan. Now IE is running properly. Strange, and it seems like there is no trace of the virus either. All of the elements in the IE-log has been deleted, and I don't remember the adress of the virus-scanning-site so I can't direct you to it. What a shame... However, the Windows Explorer (is that what you call it in english), the feature where you can open folder, create folders, look at files... For gods sake, I hope you know what I mean, the thing that actually IS Windows, if you get it. However, that works fine now as well!
It might have something to do with me running the Trend Micro HijackThis v2.0.2. This is the log:
SO, this is the log from the HijackThis-scan i performed. I now checked the "O1 - Hosts: ::localhosts" and clicked "Fix checked" which resulted in me deleting the file. After I did that, everything (appearantly, but I haven't taken the time yet to check if everything actually IS ok) was back to normal.
If any of you readers of this text experience or have experieced or are experiencing the same problem on your Vista Premium edt. 32-bit, I hope this info could be of help.
PS: Uh... could anyone tell me, or does anybody know what was actually the problem? The Trojan Horse, ok, I've probably downloaded something infected, but what does "O1 - Hosts: ::localhosts" mean? If it's of any interest, the Trojan was detected by "Norton Auto Protect", and the affected areas was:
c:\windows\system32\antsafe.dll
c:\windows\system32\avgsafe.dll
c:\windows\system32\avg_ss.dll
I'm starting to wonder: Is it an old quarantened trojan that now suddenly have broken out of its safe and wants revenge on AVG, the bastard who quaranteened it? I don't know...
Well, well, enough reading for now. Thank you and have a nice day! I sure will!
Wierd Vista Virus Situation?[INACTIVE]
in Malware Removal
Posted · Edited by Joelspeanuts
When I open my IE-browser I always get this message which tells me that my system appearantly is infected with viruses and that they have destroyed some Windows files or something and that this may result in malfunctioning programs and OS... The message is in norwegian so I don't know if there is any point in posting it here. I'm from Norway btw. However, when I open the IE, it just shuts down again "Internet Explorer has stopped working, searching for a solution...". You get the idea? If I'm lucky enough to experience that its actually running, it just redirects me to som REALLY fake-looking virus scanning page that says that it shall help me remove all security risks.
...
Ok, I was just opening, as we spoke, my IE so that I could find and post the adress of that hidious virus scanning site, and then Norton came up with a popup message which said that it had found a Trojan. Now IE is running properly. Strange, and it seems like there is no trace of the virus either. All of the elements in the IE-log has been deleted, and I don't remember the adress of the virus-scanning-site so I can't direct you to it. What a shame... However, the Windows Explorer (is that what you call it in english), the feature where you can open folder, create folders, look at files... For gods sake, I hope you know what I mean, the thing that actually IS Windows, if you get it. However, that works fine now as well!
It might have something to do with me running the Trend Micro HijackThis v2.0.2. This is the log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:10, on 06.07.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal
Running processes:
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Users\Alexander\Downloads\windows-kb890830-v1.42.exe
d:\ed8dfbfe6475b3fffc619121cddb\mrtstub.exe
C:\Windows\system32\MRT.exe
C:\Users\Alexander\Downloads\hijackthis.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::localhosts
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [antispy] C:\Program Files\IEAntiVirus\ANTIVIR.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 6944 bytes
SO, this is the log from the HijackThis-scan i performed. I now checked the "O1 - Hosts: ::localhosts" and clicked "Fix checked" which resulted in me deleting the file. After I did that, everything (appearantly, but I haven't taken the time yet to check if everything actually IS ok) was back to normal.
If any of you readers of this text experience or have experieced or are experiencing the same problem on your Vista Premium edt. 32-bit, I hope this info could be of help.
PS: Uh... could anyone tell me, or does anybody know what was actually the problem? The Trojan Horse, ok, I've probably downloaded something infected, but what does "O1 - Hosts: ::localhosts" mean? If it's of any interest, the Trojan was detected by "Norton Auto Protect", and the affected areas was:
c:\windows\system32\antsafe.dll
c:\windows\system32\avgsafe.dll
c:\windows\system32\avg_ss.dll
I'm starting to wonder: Is it an old quarantened trojan that now suddenly have broken out of its safe and wants revenge on AVG, the bastard who quaranteened it? I don't know...
Well, well, enough reading for now. Thank you and have a nice day! I sure will!
Alexander J