MSN Virus - Overclock.net

Forum Jump: 
 
Thread Tools
post #1 of 4 Old 04-26-2008, 03:24 PM - Thread Starter
4.0ghz
 
McStuff's Avatar
 
Join Date: Nov 2007
Location: Del Mar, CA Awesome: Yes
Posts: 3,833
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 222
Send a message via AIM to McStuff Send a message via MSN to McStuff
Hey, I'm currently running avg anti-virus. I have some sort of virus that sends links to my contacts to some site. I have both pidgin and windows live messenger. I d/l'd the nod32 trial and the scan picked up nothing. Here's my hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:21:38 PM, on 4/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\WINDOWS\\Explorer.EXE
C:\\PROGRA~1\\Grisoft\\AVG7\\avgamsvr.exe
C:\\PROGRA~1\\Grisoft\\AVG7\\avgupsvc.exe
C:\\PROGRA~1\\Grisoft\\AVG7\\avgemc.exe
C:\\Program Files\\Common Files\\Microsoft Shared\\VS7DEBUG\\MDM.EXE
C:\\WINDOWS\\System32\
vsvc32.exe
C:\\WINDOWS\\system32\\PnkBstrA.exe
C:\\Program Files\\Viewpoint\\Common\\ViewpointService.exe
C:\\WINDOWS\\system32\\RUNDLL32.EXE
C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\ E_FATIABA.EXE
C:\\Program Files\\Common Files\\Real\\Update_OB\
ealsched.exe
C:\\Program Files\\Java\\jre1.6.0_05\\bin\\jusched.exe
C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe
C:\\WINDOWS\\RTHDCPL.EXE
C:\\WINDOWS\\system32\\ctfmon.exe
C:\\Program Files\\Steam\\Steam.exe
C:\\Program Files\\MSN Messenger\\usnsvc.exe
C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\ekrn.exe
C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe
C:\\Program Files\\Opera\\Opera.exe
C:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe

R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files\\Java\\jre1.6.0_05\\bin\\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll
O4 - HKLM\\..\\Run: [NvCplDaemon] RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup
O4 - HKLM\\..\\Run: [nwiz] nwiz.exe /install
O4 - HKLM\\..\\Run: [NvMediaCenter] RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] "C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe"
O4 - HKLM\\..\\Run: [\\\\CSMITH-HOMEXP\\EPSON Stylus C88 Series] C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\ E_FATIABA.EXE /P39 "\\\\CSMITH-HOMEXP\\EPSON Stylus C88 Series" /O6 "USB002" /M "Stylus C88"
O4 - HKLM\\..\\Run: [TkBellExe] "C:\\Program Files\\Common Files\\Real\\Update_OB\
ealsched.exe" -osboot
O4 - HKLM\\..\\Run: [SunJavaUpdateSched] "C:\\Program Files\\Java\\jre1.6.0_05\\bin\\jusched.exe"
O4 - HKLM\\..\\Run: [AVG7_CC] C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP
O4 - HKLM\\..\\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\\..\\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\\..\\Run: [egui] "C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe" /hide /waitservice
O4 - HKCU\\..\\Run: [ctfmon.exe] C:\\WINDOWS\\system32\\ctfmon.exe
O4 - HKCU\\..\\Run: [Steam] "C:\\Program Files\\Steam\\Steam.exe" -silent
O4 - HKUS\\S-1-5-19\\..\\Run: [AVG7_Run] C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\\S-1-5-20\\..\\Run: [AVG7_Run] C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\\S-1-5-18\\..\\Run: [AVG7_Run] C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\\.DEFAULT\\..\\Run: [AVG7_Run] C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\\PROGRA~1\\MICROS~2\\OFFICE11\\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.6.0_05\\bin\\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.6.0_05\\bin\\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~2\\OFFICE11\\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1205817547536
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\\PROGRA~1\\Grisoft\\AVG7\\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\\PROGRA~1\\Grisoft\\AVG7\\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\\PROGRA~1\\Grisoft\\AVG7\\avgemc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\\WINDOWS\\System32\
vsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\\WINDOWS\\system32\\PnkBstrA.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\\Program Files\\Viewpoint\\Common\\ViewpointService.exe


Any help would be greatly appreciated.
McStuff is offline  
Sponsored Links
Advertisement
 
post #2 of 4 Old 04-26-2008, 03:28 PM
Windows Wrangler
 
Sanders54's Avatar
 
Join Date: Oct 2007
Location: Norway
Posts: 2,732
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 185
Sanders54 is offline  
post #3 of 4 Old 04-26-2008, 03:29 PM - Thread Starter
4.0ghz
 
McStuff's Avatar
 
Join Date: Nov 2007
Location: Del Mar, CA Awesome: Yes
Posts: 3,833
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 222
Send a message via AIM to McStuff Send a message via MSN to McStuff
Quote:
Originally Posted by Sanders54 View Post
I call reinstall os XP/Reformatting
I was gonna see if anyone could analyze the log or have any experience. Format would be a last resort.
McStuff is offline  
Sponsored Links
Advertisement
 
post #4 of 4 Old 04-26-2008, 06:37 PM - Thread Starter
4.0ghz
 
McStuff's Avatar
 
Join Date: Nov 2007
Location: Del Mar, CA Awesome: Yes
Posts: 3,833
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Liked: 222
Send a message via AIM to McStuff Send a message via MSN to McStuff
It's fixed now.
McStuff is offline  
Reply

Quick Reply

Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off