Report Malware Infection in Malware Removal Posted October 17, 2008 I think i may have gotten a bad DRM key or something, because i now have malware that wants me to download virusremover2008 or something like that....hijack logfile:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 05:48:09 PM, on 10/17/2008Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\Ati2evxx.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\ZoneLabs\vsmon.exeC:\WINNT\system32\spoolsv.exeC:\Program Files\D-Link\D-Link WNA-2330 Notebook Adapter\acs.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\hidserv.exeC:\WINNT\system32\regsvc.exeC:\WINNT\System32\WBEM\WinMgmt.exeC:\WINNT\system32\svchost.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\WINNT\system32\brastk.exeC:\WINNT\explorer.exeC:\Program Files\Pidgin\pidgin.exeD:\HijaCK\HijackThis.exeC:\Program Files\Spybot - Search & Destroy\SpybotSD.exeC:\FirefoxPortable\App\firefox\firefox.exeO1 - Hosts file is located at: C:\WINNT\System32\drivers\etc\hostsO2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLLO4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKLM\..\Run: [MSConfig] C:\Documents and Settings\customer\Desktop\msconfig.exe /autoO4 - HKCU\..\Run: [HijackThis startup scan] D:\HijaCK\HijackThis.exe /startupscanO4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link WNA-2330 Notebook Adapter\wirelesscm.exeO8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htmO8 - Extra context menu item: Download All by FlashGet - C:\Documents and Settings\customer\Desktop\jc_all.htmO8 - Extra context menu item: Download using FlashGet - C:\Documents and Settings\customer\Desktop\jc_link.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dllO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1169588352951O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO20 - AppInit_DLLs: avgrsstx.dllO23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link WNA-2330 Notebook Adapter\acs.exeO23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exeO23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exeO23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exeO23 - Service: NT login service (ntlogin32) - Unknown owner - C:\WINNT\system32\cool.exe (file missing)O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe--End of file - 4193 bytesi have regained control of both registry editor and task manager, any help is appreciated. I getting popups telling me "your computer is infected! Windows has detected spyware infection!it is recommended to use special antispyware tools to pervent data loss. Windows will now download and into the most up-to-date antispyware for you. Click here to protect your computer from spyware:it had spelling mistakes...obviously not legit
Malware Infection
in Malware Removal
Posted
I think i may have gotten a bad DRM key or something, because i now have malware that wants me to download virusremover2008 or something like that....
hijack logfile:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:48:09 PM, on 10/17/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link WNA-2330 Notebook Adapter\acs.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINNT\system32\brastk.exe
C:\WINNT\explorer.exe
C:\Program Files\Pidgin\pidgin.exe
D:\HijaCK\HijackThis.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\FirefoxPortable\App\firefox\firefox.exe
O1 - Hosts file is located at: C:\WINNT\System32\drivers\etc\hosts
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MSConfig] C:\Documents and Settings\customer\Desktop\msconfig.exe /auto
O4 - HKCU\..\Run: [HijackThis startup scan] D:\HijaCK\HijackThis.exe /startupscan
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link WNA-2330 Notebook Adapter\wirelesscm.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Documents and Settings\customer\Desktop\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Documents and Settings\customer\Desktop\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1169588352951
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link WNA-2330 Notebook Adapter\acs.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NT login service (ntlogin32) - Unknown owner - C:\WINNT\system32\cool.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
--
End of file - 4193 bytes
i have regained control of both registry editor and task manager, any help is appreciated. I getting popups telling me
"your computer is infected! Windows has detected spyware infection!
it is recommended to use special antispyware tools to pervent data loss. Windows will now download and into the most up-to-date antispyware for you.
Click here to protect your computer from spyware:
it had spelling mistakes...obviously not legit