peyfen74 Posted October 15, 2007 Report Share Posted October 15, 2007 On the 6th Oct, my antivirus software detected this:"Virus Scan","2007/10/06","SWEETIE""Time","Event","Source Type","Virus Name","File Name","First Action","Second Action""09:28","Manual Scan","File","BKDR_Generic","C:\WINDOWS\system32\KEY.exe","Quarantine Success","""09:28","Manual Scan","File","BKDR_Generic","C:\WINDOWS\system32\Microsoft.exe","Quarantine Success","""11:12","Real-time Protection","File","BKDR_Generic","C:\System Volume Information\_restore{419949A4-2A90-4267-92AE-07C300322384}\RP13\A0000696.exe","Clean Fail","Quarantine Success""11:38","Real-time Protection","File","BKDR_Generic","C:\System Volume Information\_restore{419949A4-2A90-4267-92AE-07C300322384}\RP13\A0000698.exe","Clean Fail","Quarantine Success"After that, I couldn't access to any Microsoft, Hotmail, or MSN Messenger. I can still access to other websites. The Hijackthis log is as below:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:34:19 PM, on 10/15/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Analog Devices\SoundMAX\Smax4.exeC:\Program Files\ASUS\GamerOSD\GamerOSD.exeC:\Program Files\Trend Micro\Internet Security 2006\pccguide.exeC:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\WINDOWS\ATKKBService.exeC:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeC:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exeC:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exeC:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exeC:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exeC:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\WINDOWS\system32\wuauclt.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /trayO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exeO4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CABO16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cabO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeO23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exeO23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exeO23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe--End of file - 4295 bytesI am looking forward to get solution on this. Thanks!! Link to post Share on other sites
Andro1d Posted October 23, 2007 Report Share Posted October 23, 2007 Hello and Welcome to BT. I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.Sorry for the delay, we have been quite busy around here.Please go HERE to run Panda's ActiveScanOnce you are on the Panda site click the Scan your PC buttonA new window will open...click the Check Now buttonEnter your CountryEnter your State/ProvinceEnter your e-mail address and click sendSelect either Home User or CompanyClick the big Scan Now buttonIf it wants to install an ActiveX component allow itIt will start downloading the files it requires for the scan (Note: It may take a couple of minutes)When download is complete, click on My Computer to start the scanWhen the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report Link to post Share on other sites
Recommended Posts