HJT log and more

Discussion in 'System Security & Infection Support' started by Feartheterp, Jul 11, 2006.

  1. Feartheterp

    Feartheterp noob! VIP Member

    Joined:
    Jan 17, 2005
    Messages:
    424
    Likes Received:
    3
    Location:
    Md
    I am tyring to play counter strike 1.6 on a friends computer, its a dell dimension 2400 with 2.8ghz p4 and 512ram. For some reason I go into a new york server and get 1000ping plus. Here is the hijackthis log....
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\AIM\aim.exe
    C:\DOCUME~1\Jenny\MYDOCU~1\SCURIT~1\javaw.exe
    C:\program files\steam\steam.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Jenny\My Documents\HijackThis1-99-1.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=6.1&bm=ho_search
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=6.1&bm=ho_search
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=6.1&bm=ho_home
    R3 - URLSearchHook: (no name) - {8DE16886-F515-FBB9-18F5-F15A603947B2} - (no file)
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {5C599F87-55A3-47AB-A754-A20FB1040397} - C:\WINDOWS\system32\ibiqtjsb.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: (no name) - {BF592D32-BEAA-B70E-ADF9-E43B860721E7} - C:\WINDOWS\system32\tnhpj.dll
    O2 - BHO: (no name) - {CA4DC7AA-B9C1-40DB-B642-300CA436C4A2} - C:\WINDOWS\system32\ibiqtjsb.dll
    O2 - BHO: MSEvents Object - {CE70731D-F28D-4D81-9D61-C8EE60378401} - C:\WINDOWS\system32\jkhhe.dll
    O2 - BHO: (no name) - {D8860B11-655A-44E4-AEF3-D5EC0A8C3D67} - C:\WINDOWS\system32\ibiqtjsb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Aida] "C:\DOCUME~1\Jenny\MYDOCU~1\SCURIT~1\javaw.exe" -vt ndrv
    O4 - HKCU\..\Run: [Wpj] C:\WINDOWS\SYSTEM32\SEMBLY~1\iexplore.exe
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O20 - AppInit_DLLs: C:\WINDOWS\system32\winlogon.dll C:\WINDOWS\system32\spoolsv.dll
    O20 - Winlogon Notify: caiuycjk - C:\WINDOWS\SYSTEM32\caiuycjk.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: jkhhe - C:\WINDOWS\system32\jkhhe.dll
    O20 - Winlogon Notify: jndoduag - C:\WINDOWS\SYSTEM32\jndoduag.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

    Also It has adaware se, spywareblaster and spyware guard as well as avg. Comes back as virus free but adaware couldnt remove several things. How do I go about deleting this? Do I need to go into safemode or something?? If So I am not sure how to access safemode on this dell. Thanks
     
    Feartheterp, Jul 11, 2006
    #1
    1. Advertisements

  2. Feartheterp

    Codex85 Mouse Potato VIP Member

    Joined:
    Apr 19, 2005
    Messages:
    776
    Likes Received:
    18
    Location:
    US
    [Rubs hands together] Let's see... Remove these:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmr...1&bm=ho_search
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmr...1&bm=ho_search
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cgi.verizon.net/bookmarks/bmr...6.1&bm=ho_home
    And these:
    R3 - URLSearchHook: (no name) - {8DE16886-F515-FBB9-18F5-F15A603947B2} - (no file) R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    And these:
    O2 - BHO: (no name) - {BF592D32-BEAA-B70E-ADF9-E43B860721E7} - C:\WINDOWS\system32\tnhpj.dll O2 -
    BHO: (no name) - {CA4DC7AA-B9C1-40DB-B642-300CA436C4A2} - C:\WINDOWS\system32\ibiqtjsb.dll
     
    Last edited: Jul 11, 2006
    Codex85, Jul 11, 2006
    #2
    Feartheterp likes this.
    1. Advertisements

  3. Feartheterp

    Feartheterp noob! VIP Member

    Joined:
    Jan 17, 2005
    Messages:
    424
    Likes Received:
    3
    Location:
    Md
    Thanks you very much!!!

    Here is a new hjtlog:

    Logfile of HijackThis v1.99.1
    Scan saved at 6:35:17 AM, on 7/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\AIM\aim.exe
    C:\DOCUME~1\Jenny\MYDOCU~1\SCURIT~1\javaw.exe
    C:\program files\steam\steam.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Jenny\My Documents\HijackThis1-99-1.exe
    O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {5C599F87-55A3-47AB-A754-A20FB1040397} - C:\WINDOWS\system32\ibiqtjsb.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: MSEvents Object - {CE70731D-F28D-4D81-9D61-C8EE60378401} - C:\WINDOWS\system32\jkhhe.dll
    O2 - BHO: (no name) - {D8860B11-655A-44E4-AEF3-D5EC0A8C3D67} - C:\WINDOWS\system32\ibiqtjsb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Aida] "C:\DOCUME~1\Jenny\MYDOCU~1\SCURIT~1\javaw.exe" -vt ndrv
    O4 - HKCU\..\Run: [Wpj] C:\WINDOWS\SYSTEM32\SEMBLY~1\iexplore.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O20 - AppInit_DLLs: C:\WINDOWS\system32\winlogon.dll C:\WINDOWS\system32\spoolsv.dll
    O20 - Winlogon Notify: caiuycjk - C:\WINDOWS\SYSTEM32\caiuycjk.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: jkhhe - C:\WINDOWS\system32\jkhhe.dll
    O20 - Winlogon Notify: jndoduag - C:\WINDOWS\SYSTEM32\jndoduag.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
     
    Feartheterp, Jul 11, 2006
    #3
  4. Feartheterp

    Codex85 Mouse Potato VIP Member

    Joined:
    Apr 19, 2005
    Messages:
    776
    Likes Received:
    18
    Location:
    US
    That looks all right. How's the ping?
     
    Codex85, Jul 11, 2006
    #4
  5. Feartheterp

    Feartheterp noob! VIP Member

    Joined:
    Jan 17, 2005
    Messages:
    424
    Likes Received:
    3
    Location:
    Md
    Well I havent tryed it because Adaware cant delete this spyware called Virtumonde. Adaware has it as a level 10 threat. And as I was running an avg scan it is finding Java/ByteVerify is what is is infecting. Should I follow the path where they are and manually delete them??? Its my second avg scan and they are still there.
     
    Feartheterp, Jul 11, 2006
    #5
  6. Feartheterp

    Codex85 Mouse Potato VIP Member

    Joined:
    Apr 19, 2005
    Messages:
    776
    Likes Received:
    18
    Location:
    US
    There are a few entries in your log I didn't recognize. What's the path it's giving you?
     
    Codex85, Jul 11, 2006
    #6
  7. Feartheterp

    Feartheterp noob! VIP Member

    Joined:
    Jan 17, 2005
    Messages:
    424
    Likes Received:
    3
    Location:
    Md
    The virus is coming from:
    C:\Documents and Settings\username\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-debb6v6-6ba88e29.zip

    The other virus is
    C:\Documents and Settings\username\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\loaderv438.jar-1c4d06ed-4b37edc5.zip

    UPDATE: I went through and manually deleted the 2 viruses above.

    I am still having probloms with a program called "Virtumonde". Adaware SE picked it up but cant delete it. I downloaded a tool from systemantic that was made to delete it and it said it couldnt find any traces of Virtumonde. Any ideas on how to delete it???
     
    Last edited: Jul 11, 2006
    Feartheterp, Jul 11, 2006
    #7
  8. Feartheterp

    Codex85 Mouse Potato VIP Member

    Joined:
    Apr 19, 2005
    Messages:
    776
    Likes Received:
    18
    Location:
    US
    Sorry, I wasn't very thorough the first time through.

    This is Trojan.vundo:
    O2 - BHO: MSEvents Object - {CE70731D-F28D-4D81-9D61-C8EE60378401} - C:\WINDOWS\system32\jkhhe.dll

    These two should go, as well:
    O2 - BHO: (no name) - {5C599F87-55A3-47AB-A754-A20FB1040397} - C:\WINDOWS\system32\ibiqtjsb.dll O2 -
    BHO: (no name) - {D8860B11-655A-44E4-AEF3-D5EC0A8C3D67} - C:\WINDOWS\system32\ibiqtjsb.dll

    If that doesn't work, try the manual removal instructions here.
     
    Codex85, Jul 12, 2006
    #8
  9. Feartheterp

    Zeus Moderator

    Joined:
    Jun 20, 2005
    Messages:
    2,006
    Likes Received:
    33
    Location:
    Virginia
    I think this one might be contributing to the viruses:

    O4 - HKCU\..\Run: [Aida] "C:\DOCUME~1\Jenny\MYDOCU~1\SCURIT~1\javaw.exe " -vt ndrv


    And this one isn't right. IExplorer shouldn't be running from SEMBLY.

    O4 - HKCU\..\Run: [Wpj] C:\WINDOWS\SYSTEM32\SEMBLY~1\iexplore.exe

    Not sure what these are, but by looking at the names they may be trouble (and I'm about to go to bed so I'm too tired to google them and see exactly what they are):

    O20 - AppInit_DLLs: C:\WINDOWS\system32\winlogon.dll C:\WINDOWS\system32\spoolsv.dll

    O20 - Winlogon Notify: caiuycjk - C:\WINDOWS\SYSTEM32\caiuycjk.dll

    O20 - Winlogon Notify: jkhhe - C:\WINDOWS\system32\jkhhe.dll

    O20 - Winlogon Notify: jndoduag - C:\WINDOWS\SYSTEM32\jndoduag.dll


    And I didn't miss one, this one is normal, the others aren't:

    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

    I hope this helps. After you google them post your results, otherwise I will search for them tomorrow.

    Zeus
     
    Zeus, Jul 12, 2006
    #9
  10. Feartheterp

    Codex85 Mouse Potato VIP Member

    Joined:
    Apr 19, 2005
    Messages:
    776
    Likes Received:
    18
    Location:
    US
    Gah, I'm off today. This is Virtumundo:

    O20 - Winlogon Notify: jkhhe - C:\WINDOWS\system32\jkhhe.dll


    Zeus, as usual, cleans up. ;)
     
    Codex85, Jul 12, 2006
    #10
  11. Feartheterp

    Feartheterp noob! VIP Member

    Joined:
    Jan 17, 2005
    Messages:
    424
    Likes Received:
    3
    Location:
    Md
    @codex...

    I got these two to delete:
    O2 - BHO: (no name) - {5C599F87-55A3-47AB-A754-A20FB1040397} - C:\WINDOWS\system32\ibiqtjsb.dll O2 -
    BHO: (no name) - {D8860B11-655A-44E4-AEF3-D5EC0A8C3D67} - C:\WINDOWS\system32\ibiqtjsb.dll

    for the virtumonde I tryed to follow the instructions but just got lost. I also tried the downloader remover with no results.

    and @Zues
    Highjackthis deleted:
    O4 - HKCU\..\Run: [Aida] "C:\DOCUME~1\Jenny\MYDOCU~1\SCURIT~1\javaw.exe " -vt ndrv

    But the rest will not delete. :( Is there a way I cna go about deleting them or do you not recommend it? If I just follow the path n delete the root source of the folder will they dissapear. Thanks for your patients and times. Not to good with all of this.

    Also I dont know if it would make a difference but could I try downloaded synantec fre 90day trial and try to delete it??? Think it will pick it up since they have that tool and all???
     
    Last edited: Jul 12, 2006
    Feartheterp, Jul 12, 2006
    #11
  12. Feartheterp

    Feartheterp noob! VIP Member

    Joined:
    Jan 17, 2005
    Messages:
    424
    Likes Received:
    3
    Location:
    Md
    Hmm this was very weird... I installed norton anti virus and while it was installed I couldnt access the internet... very odd. It still isnt letting me delete what codex and zues told me to delete??? very odd...
     
    Feartheterp, Jul 13, 2006
    #12
  13. Feartheterp

    Goober THQ's Jester Moderator

    Joined:
    Jul 26, 2004
    Messages:
    2,864
    Likes Received:
    35
    Location:
    Colorado
    Have you tried safe mode?
     
    Goober, Jul 13, 2006
    #13
  14. Feartheterp

    Feartheterp noob! VIP Member

    Joined:
    Jan 17, 2005
    Messages:
    424
    Likes Received:
    3
    Location:
    Md
    I went into safemode earlier searching for viruses.Was doing well till the computer just stopped wanted to do anything. Ill shall try it later. The computer is finnaly workable but still has virtumonde on it(tried to delete it manually but got lost). The computer can actually now run more then 2 programs :). Anyone know about viruses classified as: Trojan Horse Downloader.Generic2.EYP

    Just did another scan and now its coming up with these... I am not to great with computer protection. I have deleted a few viruses manually. For the most part I have been using Windows defender 2, Adaware, Spybot Search & destroy, spywareblaster, spyware guard and AVG. Can anyone else recommend any free programs to help clean this computer up???
     
    Feartheterp, Jul 13, 2006
    #14
  15. Feartheterp

    Dave601 Web Guru VIP Member

    Joined:
    Jan 27, 2004
    Messages:
    1,017
    Likes Received:
    22
    Location:
    St. Paul, MN
    Try downloading NOD32 from our Handy Tools. Sometimes that works well.
     
    Dave601, Jul 13, 2006
    #15
  16. Feartheterp

    Feartheterp noob! VIP Member

    Joined:
    Jan 17, 2005
    Messages:
    424
    Likes Received:
    3
    Location:
    Md
    I still cant seem to get rid of these...

    O20 - Winlogon Notify: jkhhe - C:\WINDOWS\system32\jkhhe.dll
    O20 - AppInit_DLLs: C:\WINDOWS\system32\winlogon.dll C:\WINDOWS\system32\spoolsv.dll
    O20 - Winlogon Notify: caiuycjk - C:\WINDOWS\SYSTEM32\caiuycjk.dll
    O20 - Winlogon Notify: jkhhe - C:\WINDOWS\system32\jkhhe.dll
    O20 - Winlogon Notify: jndoduag - C:\WINDOWS\SYSTEM32\jndoduag.dll

    Anyone know why or how to remove these or if you jsut have any suggestions on how I should remove them?
     
    Feartheterp, Jul 14, 2006
    #16
  17. Feartheterp

    Zeus Moderator

    Joined:
    Jun 20, 2005
    Messages:
    2,006
    Likes Received:
    33
    Location:
    Virginia
    What error does it give you when you try to delete the files manually?
     
    Zeus, Jul 14, 2006
    #17
  18. Feartheterp

    SteveKent

    Joined:
    Jul 25, 2006
    Messages:
    2
    Likes Received:
    0
    Location:
    Missouri
    Same Issue

    I am dealing with the same virus (Downloader.Generic2.EYP) Has anyone found a solution. Mine is associated with the update.exe file. I have tried AdWare, AVG, and McAfee. Would appreciate any information you have.

    Thanks

    Steve Kent
     
    SteveKent, Jul 25, 2006
    #18
  19. Feartheterp

    Dave601 Web Guru VIP Member

    Joined:
    Jan 27, 2004
    Messages:
    1,017
    Likes Received:
    22
    Location:
    St. Paul, MN
    Hi and welcome to THQ, Steve. Perhaps you should create a new thread and tell us what you have tried to do on your computer.
     
    Dave601, Jul 26, 2006
    #19
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.