Report Here Is My Hijack This Log.. Plz Help in Malware Removal Posted October 20, 2008 i downloaded magix music creator and fl studio on utorrent off thepiratebay.org and got a bunch of alerts with avast!Here is the malwarebytes log:Malwarebytes' Anti-Malware 1.29Database version: 1295Windows 5.1.2600 Service Pack 210/20/2008 1:55:28 AMmbam-log-2008-10-20 (01-55-28).txtScan type: Full Scan (C:\|)Objects scanned: 61072Time elapsed: 13 minute(s), 2 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 2Registry Data Items Infected: 1Folders Infected: 0Files Infected: 21Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\system32 (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.Registry Data Items Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\system32\update32.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.C:\Documents and Settings\WILL BARNES\Local Settings\Temp\GLK59.tmp (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.C:\WINDOWS\system32\dlds1.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\dlds2.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\dlds5.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\dlds6.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\dlds7.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\dlds8.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.C:\WINDOWS\system32\vedxg3am1et3.exe (Heuristics.Malware) -> Quarantined and deleted successfully.C:\WINDOWS\system32\vedxg6ame4.exe (Heuristics.Malware) -> Quarantined and deleted successfully.C:\WINDOWS\system32\vedxga1me4t1.exe (Heuristics.Malware) -> Quarantined and deleted successfully.C:\WINDOWS\system32\vedxga3me2.exe (Heuristics.Malware) -> Quarantined and deleted successfully.C:\WINDOWS\system32\vedxga4me1.exe (Heuristics.Malware) -> Quarantined and deleted successfully.C:\WINDOWS\system32\vx.tll (Malware.Trace) -> Quarantined and deleted successfully.C:\Documents and Settings\WILL BARNES\Local Settings\Temp\v3xd1.g22me (Heuristics.Malware) -> Quarantined and deleted successfully.C:\Documents and Settings\WILL BARNES\Local Settings\Temp\v5xd2.g3ame (Heuristics.Malware) -> Quarantined and deleted successfully.C:\Documents and Settings\WILL BARNES\Local Settings\Temp\v5xd4.ga2me (Heuristics.Malware) -> Quarantined and deleted successfully.C:\Documents and Settings\WILL BARNES\Local Settings\Temp\vx1dt1.game (Heuristics.Malware) -> Quarantined and deleted successfully.C:\Documents and Settings\WILL BARNES\Local Settings\Temp\vx1dt3.game (Heuristics.Malware) -> Quarantined and deleted successfully.C:\Documents and Settings\WILL BARNES\Local Settings\Temp\v4xd6.gam5e (Heuristics.Malware) -> Quarantined and deleted successfully.------------------------------------------------------------------------------------------------------------and here is the hijackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:00:42 AM, on 10/20/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\WINDOWS\RTHDCPL.EXEC:\DOCUME~1\WILLBA~1\LOCALS~1\Temp\RtkBtMnt.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\uTorrent\uTorrent.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Program Files\MAGIX\Common\Database\bin\fbserver.exeC:\F1xF.exeC:\Program Files\Alwil Software\Avast4\ashChest.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytieR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exeO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscriptO4 - HKLM\..\RunOnce: [GrpConv] grpconv.exe -oO4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exeO4 - Startup: Y'z Toolbar.lnk = ?O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cabO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe--End of file - 3301 bytesplz help me, i try so hard to keep my computer clean
Here Is My Hijack This Log.. Plz Help
in Malware Removal
Posted
i downloaded magix music creator and fl studio on utorrent off thepiratebay.org and got a bunch of alerts with avast!
Here is the malwarebytes log:
Malwarebytes' Anti-Malware 1.29
Database version: 1295
Windows 5.1.2600 Service Pack 2
10/20/2008 1:55:28 AM
mbam-log-2008-10-20 (01-55-28).txt
Scan type: Full Scan (C:\|)
Objects scanned: 61072
Time elapsed: 13 minute(s), 2 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 21
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\system32 (Trojan.FakeAlert.H) -> Quarantined and deleted
successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1)
Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\update32.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\WILL BARNES\Local Settings\Temp\GLK59.tmp (Rogue.EvidenceEliminator) -> Quarantined and deleted
successfully.
C:\WINDOWS\system32\dlds1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dlds2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dlds5.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dlds6.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dlds7.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dlds8.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vedxg3am1et3.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vedxg6ame4.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vedxga1me4t1.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vedxga3me2.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vedxga4me1.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vx.tll (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\WILL BARNES\Local Settings\Temp\v3xd1.g22me (Heuristics.Malware) -> Quarantined and deleted
successfully.
C:\Documents and Settings\WILL BARNES\Local Settings\Temp\v5xd2.g3ame (Heuristics.Malware) -> Quarantined and deleted
successfully.
C:\Documents and Settings\WILL BARNES\Local Settings\Temp\v5xd4.ga2me (Heuristics.Malware) -> Quarantined and deleted
successfully.
C:\Documents and Settings\WILL BARNES\Local Settings\Temp\vx1dt1.game (Heuristics.Malware) -> Quarantined and deleted
successfully.
C:\Documents and Settings\WILL BARNES\Local Settings\Temp\vx1dt3.game (Heuristics.Malware) -> Quarantined and deleted
successfully.
C:\Documents and Settings\WILL BARNES\Local Settings\Temp\v4xd6.gam5e (Heuristics.Malware) -> Quarantined and deleted
successfully.
------------------------------------------------------------------------------------------------------------
and here is the hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:00:42 AM, on 10/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\DOCUME~1\WILLBA~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
C:\F1xF.exe
C:\Program Files\Alwil Software\Avast4\ashChest.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [GrpConv] grpconv.exe -o
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z Toolbar.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
--
End of file - 3301 bytes
plz help me, i try so hard to keep my computer clean