Help me get rid of this virus - Free Antivirus Forum

Help me get rid of this virus

BullGuard Antivirus Forum > Virus > Virus Questions > Help me get rid of this virus

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

sanu
New Member

Date Joined May 2007
Total Posts : 8

Posted 6-17-2007 2:59 (GMT +1)

Please help my system is infected with Rontokbro@MM virus, i have removed it many times & done complete system scan that show no virus found after some days alert keep coming that this virus found

i also want if anyone can tell me how can i disable this alert of NOrton Antivirus so that it silently removes the infected file...

please help

Post Edited (sanu) : 17-06-2007 18:03:50 GMT

Image Attachment :

virusprob.JPG 26KB (image/pjpeg)

This image has been viewed 25 time(s).

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 16319

Posted 6-17-2007 4:39 (GMT +1)

Hi sanu

Click here - ->> Before posting a log

After You have run the scan tools -

Reboot normally

Post AVG Antispyware log along with hijackthis log, rootchk log

in this thread and tell how things are running

Do NOT post your problem in someone elses thread.

Start a new topic so that it may receive proper attention.

Member of - Alliance of Security Analysis Professionals

sanu
New Member

Date Joined May 2007
Total Posts : 8

Posted 6-17-2007 6:58 (GMT +1)

[b]Here is the log of Rootchk:[/b]

********************************* ROOTCHK-(29-05-07b)-LOG, by ejvindh
Sun 06/17/2007 23:14:56.18

Driver nm (visible) is present. Run COMBOFIX by sUBs.
Driver irmon (visible) is present. A rootkit scan is recommended.

********************************* ROOTCHK-LOG-end

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-17 23:14:57
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0
_________________________________________________

AVG scanning is still going on, nothing much found than just Adware.MyTool that has 4 infectd file..

sanu
New Member

Date Joined May 2007
Total Posts : 8

Posted 6-17-2007 7:00 (GMT +1)

one more thing while scanning registry i was getting message that Registry is blocked by system administrator.... when i never didi this as i am the system administrator.

sanu
New Member

Date Joined May 2007
Total Posts : 8

Posted 6-18-2007 6:57 (GMT +1)

AVG Anti-Spyware Report:
_______________________________________
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:26:16 AM 6/18/2007

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{6AE02E1C-8859-4F57-9097-5A55A56A4CAF} -> Adware.MyTool : Ignored.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{6AE02E1C-8859-4F57-9097-5A55A56A4CAF} -> Adware.MyTool : Ignored.
HKU\S-1-5-21-2464275778-1709965631-2030837822-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{6AE02E1C-8859-4F57-9097-5A55A56A4CAF} -> Adware.MyTool : Ignored.
HKU\S-1-5-21-2464275778-1709965631-2030837822-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6AE02E1C-8859-4F57-9097-5A55A56A4CAF} -> Adware.MyTool : Ignored.
:mozilla.85:C:\Program Files\FirefoxPortable\Data\profile\cookies.txt -> TrackingCookie.Adtech : Ignored.
:mozilla.86:C:\Program Files\FirefoxPortable\Data\profile\cookies.txt -> TrackingCookie.Adtech : Ignored.
:mozilla.18:C:\Program Files\FirefoxPortable\Data\profile\cookies.txt -> TrackingCookie.Clickbank : Ignored.
:mozilla.84:C:\Program Files\FirefoxPortable\Data\profile\cookies.txt -> TrackingCookie.Doubleclick : Ignored.
:mozilla.17:C:\Program Files\FirefoxPortable\Data\profile\cookies.txt -> TrackingCookie.Hitslink : Ignored.
:mozilla.78:C:\Program Files\FirefoxPortable\Data\profile\cookies.txt -> TrackingCookie.Realmedia : Ignored.
:mozilla.79:C:\Program Files\FirefoxPortable\Data\profile\cookies.txt -> TrackingCookie.Realmedia : Ignored.
:mozilla.80:C:\Program Files\FirefoxPortable\Data\profile\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.96:C:\Program Files\FirefoxPortable\Data\profile\cookies.txt -> TrackingCookie.Webtrends : Ignored.
:mozilla.74:C:\Program Files\FirefoxPortable\Data\profile\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.75:C:\Program Files\FirefoxPortable\Data\profile\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.76:C:\Program Files\FirefoxPortable\Data\profile\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.

::Report end

It did not cleaned maybe uts not full version just took action of ignore once

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 16319

Posted 6-18-2007 7:07 (GMT +1)

Please download Combofix:

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

download.bleepingcomputer.com/sUBs/ComboFix.exe
and save to the desktop.

1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Post the contents of that log in your next reply with a new hijackthis log.

Note:
Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

Do NOT post your problem in someone elses thread.

Start a new topic so that it may receive proper attention.

Member of - Alliance of Security Analysis Professionals

sanu
New Member

Date Joined May 2007
Total Posts : 8

Posted 6-18-2007 8:26 (GMT +1)

********************************* ROOTCHK-(29-05-07b)-LOG, by ejvindh
Mon 06/18/2007 12:46:13.29

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-18 12:46:13
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0
____________________________Combofix_____________________________________

2007-06-18 12:30      11942    --a------    C:\Qoobox\Quarantine\Registry_backups\services_nm.reg.cf

Folder PATH listing for volume VAIO
Volume serial number is 54A5-8EF0
C:\QOOBOX
\---Quarantine
    \---Registry_backups
            services_nm.reg.cf

---------------------------_____________________________________---------------------------------
ComboFix 07-06-13.3 - C:\Documents and Settings\VAIO\Desktop\ComboFix.exe
"VAIO" - 2007-06-18 12:23:35 - Service Pack 2 NTFS

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\DOWNLO~1.\backup

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\nm

((((((((((((((((((((((((( Files Created from 2007-05-18 to 2007-06-18 )))))))))))))))))))))))))))))))

2007-06-18 11:53 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-17 22:44 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-17 22:14 <DIR> d-------- C:\Program Files\CCleaner
2007-06-17 14:10 <DIR> d-------- C:\DOCUME~1\VAIO\APPLIC~1\Thunderbird
2007-06-17 14:09 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2007-06-16 16:58 237,568 --a------ C:\WINDOWS\system32\msworld.exe
2007-06-15 15:41 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-06-15 15:35 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2007-06-15 15:35 <DIR> d-------- C:\Program Files\Autodesk
2007-06-15 15:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk
2007-06-15 01:41 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-06-15 00:18 <DIR> d-------- C:\Program Files\IE7Pro
2007-06-15 00:17 <DIR> d-------- C:\DOCUME~1\VAIO\APPLIC~1\IE7pro
2007-06-15 00:15 <DIR> d-------- C:\Program Files\Quicknation
2007-06-14 21:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zabersoft
2007-06-14 21:32 <DIR> d-------- C:\Program Files\!!!!Fish
2007-06-14 17:54 <DIR> d-------- C:\DOCUME~1\VAIO\APPLIC~1\uTorrent
2007-06-14 00:12 <DIR> d-------- C:\DOCUME~1\VAIO\APPLIC~1\Google
2007-06-13 22:35 57,344 --a------ C:\WINDOWS\system32\sticversion.exe
2007-06-13 22:35 557,056 --a------ C:\WINDOWS\system32\AltST.dll
2007-06-13 22:35 <DIR> d-------- C:\Program Files\Common Files\SoftTech InterCorp
2007-06-13 22:35 <DIR> d-------- C:\Program Files\Batch Rename .EXE
2007-06-13 13:40 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-06-12 23:00 65,052 --ah----- C:\WINDOWS\system32\mlfcache.dat
2007-06-12 22:47 <DIR> d-------- C:\DOCUME~1\VAIO\APPLIC~1\Apple Computer
2007-06-12 22:46 <DIR> d-------- C:\Program Files\Safari
2007-06-12 22:46 <DIR> d-------- C:\Program Files\Bonjour
2007-06-12 22:44 <DIR> d-------- C:\Program Files\Apple Software Update
2007-06-12 22:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-06-09 05:52 1,310,720 --ah----- C:\DOCUME~1\LNSS_M~1\NTUSER.DAT
2007-06-09 05:52 <DIR> d-------- C:\DOCUME~1\LNSS_M~1\APPLIC~1\Symantec
2007-06-09 05:52 <DIR> d-------- C:\DOCUME~1\LNSS_M~1\APPLIC~1\Sony Corporation
2007-06-09 05:48 <DIR> d-------- C:\Program Files\GFI
2007-06-07 05:39 <DIR> d-------- C:\Program Files\FirefoxPortable
2007-05-31 18:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
2007-05-28 17:22 <DIR> d-------- C:\Program Files\ExtractNow
2007-05-27 23:15 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-05-27 23:15 <DIR> d-------- C:\WINDOWS\system32\windows media
2007-05-27 23:15 <DIR> d-------- C:\Program Files\Windows Media Components
2007-05-27 15:56 <DIR> d-------- C:\DOCUME~1\VAIO\APPLIC~1\Scrapboy
2007-05-27 13:42 122,880 --a------ C:\WINDOWS\UnGins.exe
2007-05-27 13:42 <DIR> d-------- C:\Program Files\eLitecore
2007-05-26 23:16 154 --a------ C:\WINDOWS\Vue 5 Infinite.reg
2007-05-26 23:14 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2007-05-26 23:14 287 --a------ C:\WINDOWS\Vue 5 Infinite Trial.reg
2007-05-26 23:12 <DIR> d-------- C:\Program Files\e-on software
2007-05-26 22:11 <DIR> d-------- C:\DOCUME~1\VAIO\APPLIC~1\Logitech
2007-05-26 22:07 69,760 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2007-05-26 22:07 55,808 --a------ C:\WINDOWS\system32\drivers\L8042MOU.SYS
2007-05-26 21:30 53,248 --a------ C:\WINDOWS\system32\KemXML.dll
2007-05-26 21:30 36,736 --a------ C:\WINDOWS\system32\drivers\LHidUsbK.sys
2007-05-26 21:30 155,648 --a------ C:\WINDOWS\system32\kemutb.dll
2007-05-26 21:30 126,976 --a------ C:\WINDOWS\system32\KemUtil.dll
2007-05-26 21:30 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2007-05-26 21:29 94,208 --a------ C:\WINDOWS\KHALMNPR.Exe
2007-05-26 21:29 27,008 --a------ C:\WINDOWS\system32\drivers\LHidKE.Sys
2007-05-26 21:29 13,568 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys
2007-05-26 21:29 <DIR> d-------- C:\Program Files\Logitech
2007-05-26 21:29 <DIR> d-------- C:\Program Files\Common Files\Logitech
2007-05-19 16:47 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-05-19 16:43 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-17 09:31:48 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-16 13:41:59 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-14 16:03:48 -------- d-----w C:\Program Files\FlashGet
2007-06-13 17:19:46 -------- d-----w C:\Program Files\WordWeb
2007-06-13 06:44:18 -------- d-----w C:\Program Files\Norton Internet Security
2007-05-27 09:49:04 7 --sh--w C:\AUTOEXEC.BAT
2007-05-17 23:00:21 -------- d-----w C:\Program Files\Google
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-05 15:46:09 -------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2007-05-05 15:29:51 -------- d-----w C:\Program Files\WIDCOMM
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-22 12:44:38 4,882 ----a-w C:\WINDOWS\mozver.dat
2007-04-21 11:04:55 -------- d-----w C:\Program Files\Symantec
2007-04-21 11:04:52 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-04-21 11:04:52 115,000 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-15 16:34:36 0 ----a-w C:\WINDOWS\nsreg.dat
2007-03-28 13:21:54 538,256 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-03-28 13:21:52 161,424 ----a-w C:\WINDOWS\system32\SymRedir.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{00011268-E188-40DF-A514-835FCD78B1BF}=C:\Program Files\IE7Pro\IE7Pro.dll [2007-04-23 15:16]
{29C88E20-4234-41B9-A9DB-982958C95FB1}=C:\Program Files\!!!!Fish\!!!!Fish.dll [2006-04-27 00:12]
{75B1A646-CDCE-4C06-B52F-84F4463B4FC8}=C:\Program Files\!!!!Fish\FloatBar.dll [2006-04-26 15:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-11 01:52]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 13:32]
{9ECB9560-04F9-4bbc-943D-298DDF1699E1}=C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll [2005-10-23 06:59]
{A5366673-E8CA-11D3-9CD9-0090271D075B}=C:\Program Files\FlashGet\jccatch.dll [2002-01-16 19:12]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}=C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2007-05-23 12:13]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 17:45]
{BDCA7AC9-C27B-4D30-A808-9B9081279C03}=C:\PROGRA~1\QUICKN~1\YOUTUB~1.DLL [2007-02-17 12:29]
{CC7E636D-39AA-49b6-B511-65413DA137A1}=C:\Program Files\Internet Explorer Developer Toolbar\IEDevToolbar.dll [2006-03-18 05:38]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2005-10-20 10:37]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 22:19]
"Resume copy"="copyfstq.exe" [2006-11-05 02:48 C:\WINDOWS\copyfstq.exe]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-11-17 17:17]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 14:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VisualTaskTips"="C:\Program Files\VisualTaskTips\VisualTaskTips.exe" [2006-07-31 17:03]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 17:30]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableCMD"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 17:59]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winopn32]
winopn32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WordWeb.lnk]
backup=C:\WINDOWS\pss\WordWeb.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^VAIO^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
C:\Program Files\Sony\ISB Utility\ISBMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
C:\Program Files\LClock\lclock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
ICO.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSWorld]
C:\WINDOWS\system32\msworld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
C:\Program Files\Norton Internet Security\UrlLstCk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
"C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOCameraUtility]
"C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Macromedia Licensing Service"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"Visual Studio Analyzer RPC bridge"=3 (0x3)
"WebClient"=2 (0x2)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"Spooler"=2 (0x2)
"Schedule"=2 (0x2)
"mnmsrvc"=3 (0x3)
"usnsvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"AdobeActiveFileMonitor4.0"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SsAAD.exe"=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
"<NO NAME>"=
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f254586f-6c45-11db-bd5b-0013a9446bb8}]
Auto\command- boot.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

*Newly Created Service* - AVGASCLN

Contents of the 'Scheduled Tasks' folder
2007-06-12 17:14:12 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-02-11 14:54:57 C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
2006-11-06 03:40:21 C:\WINDOWS\tasks\Low Battery Alarm Program.job
2006-12-03 08:06:36 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - VAIO.job
2007-06-05 23:19:44 C:\WINDOWS\tasks\Norton AntiVirus - Run Norton QuickScan - VAIO.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-18 12:40:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-18 12:46:01 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-18 12:45

--- E O F ---
Now tELL ME whats the prob

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 16319

Posted 6-18-2007 8:45 (GMT +1)

The problem is rootkits -

Download
http://www.spywareinfo.dk/download/Rustbfix.exe
http://www.ctrlaltdel.dk/rustbfix.exe
http://uploads.ejvindh.andymanchesta.com/Rustbfix.exe...and save it to your desktop.

Double click on rustbfix.exe to run the tool. If a Rustock.b-infection is found, you will shortly hereafter be asked to reboot the computer. The reboot will probably take quite a while, and perhaps 2 reboots will be needed. But this will happen automatically. After the reboot 2 logfiles will open (%root%\avenger.txt & %root%\rustbfix\pelog.txt). Post the content of these logfiles along with a new HijackThis log.

Do NOT post your problem in someone elses thread.

Start a new topic so that it may receive proper attention.

Member of - Alliance of Security Analysis Professionals

sanu
New Member

Date Joined May 2007
Total Posts : 8

Posted 6-18-2007 9:06 (GMT +1)

hi ,

I am online since i last cleaned things as u said with AVG , Combofix & Rootchk.

Now i havent got any virus alert neither by NISnor fromAvir antivirus.. if i get any alert i will follow your lastly posted things & wil let u know till now what i only get is my prob seem to be solved,i think AVG seem to solve the prob . coz i rescan & deleted the infected files.

Forum Information

Currently it is Saturday, November 21, 2009 3:21 PM (GMT +1)
There are a total of 73.033 posts in 17.116 threads.
In the last 3 days there were 14 new threads and 70 reply posts. View Active Threads