New Posts  All Forums:Forum Nav:

virus

post #1 of 10
Thread Starter 
i have a virus that pops up random pron windows on both of my screens
i know where it is but it says to stop the activity before i can stop it and each time i stop via ctrl-alt-del, it restarts.its in my windows sys 32 folder. i have avg anti-virus running and scanning, also i have nod32 anti-virus and lastly ad-aware se running and scanning. none of them find it. now what do i do?i know nothing about regedit so i cant use that to get rid of it

plz help me!!!
    
CPUMotherboardGraphicsRAM
c2d 1.6ghz laptop laptop 8600 M GT 2GB DDR 667MGHZ 
Hard DriveOptical DriveOSMonitor
DELL 120gb Sata dell dvdrw windows xp 15.4" laptop 
KeyboardCaseMouseMouse Pad
thermaltake set laptop thermaltake set everglide dual side thingy 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
c2d 1.6ghz laptop laptop 8600 M GT 2GB DDR 667MGHZ 
Hard DriveOptical DriveOSMonitor
DELL 120gb Sata dell dvdrw windows xp 15.4" laptop 
KeyboardCaseMouseMouse Pad
thermaltake set laptop thermaltake set everglide dual side thingy 
  hide details  
Reply
post #2 of 10
www.majorgeeks.com

This is the site that brought hope back to me.

Download HighJackThis and post your log up here. (Be sure to do it in Safe mode.)
MSI Wind
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel Atom 1.6Ghz Intel® 945GSE+ICH7M UMA 1GB DDR2-667 
Hard DriveOptical DriveMonitorCase
80GB N/A 10" 1024x600 MSI Wind 
  hide details  
Reply
MSI Wind
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel Atom 1.6Ghz Intel® 945GSE+ICH7M UMA 1GB DDR2-667 
Hard DriveOptical DriveMonitorCase
80GB N/A 10" 1024x600 MSI Wind 
  hide details  
Reply
post #3 of 10
If you know where it is you could boot into safe mode and delete it.
It goes to eleven
(13 items)
 
  
CPUMotherboardGraphicsRAM
E6300 DS3 EVGA 8600GTS 2GB XMS2 DDR2-800 
Hard DriveOSMonitorKeyboard
1.294 TB Arch Linux/XP Samsung 226bw Eclipse II 
PowerCaseMouse
Corsair 520HX Lian-Li v1000B Plus G7 
  hide details  
Reply
It goes to eleven
(13 items)
 
  
CPUMotherboardGraphicsRAM
E6300 DS3 EVGA 8600GTS 2GB XMS2 DDR2-800 
Hard DriveOSMonitorKeyboard
1.294 TB Arch Linux/XP Samsung 226bw Eclipse II 
PowerCaseMouse
Corsair 520HX Lian-Li v1000B Plus G7 
  hide details  
Reply
post #4 of 10
Thread Starter 
heres my log from hijackthis in safe mode

Logfile of HijackThis v1.99.1
Scan saved at 7:18:18 PM, on 10/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\Explorer.EXE
C:\\Documents and Settings\\Administrator\\Desktop\\HijackThis.exe

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://overclock.net/
R1 - HKCU\\Software\\Microsoft\\Internet Connection Wizard,ShellNext = http://overclock.net/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files\\Java\\jre1.5.0_06\\bin\\ssv.dll
O2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - C:\\Program Files\\VideoCompressionCodec\\isaddon.dll (file missing)
O4 - HKLM\\..\\Run: [D-Link Wireless G WUA-1340] C:\\Program Files\\D-Link\\Wireless G WUA-1340\\AirGCFG.exe
O4 - HKLM\\..\\Run: [ANIWZCS2Service] C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe
O4 - HKLM\\..\\Run: [NvCplDaemon] RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup
O4 - HKLM\\..\\Run: [NvMediaCenter] RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\\..\\Run: [RivaTunerStartupDaemon] "C:\\Program Files\\RivaTuner v2.0 RC 16\\RivaTuner.exe" /S
O4 - HKLM\\..\\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\\..\\Run: [ViewMgr] C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe
O4 - HKLM\\..\\Run: [DiskeeperSystray] "C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe"
O4 - HKLM\\..\\Run: [SunJavaUpdateSched] C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe
O4 - HKLM\\..\\Run: [nod32kui] "C:\\Program Files\\Eset\
od32kui.exe" /WAITSERVICE
O4 - HKLM\\..\\Run: [!AVG Anti-Spyware] "C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe" /minimized
O4 - HKCU\\..\\Run: [AIM] C:\\Program Files\\AIM\\aim.exe -cnetwait.odl
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.5.0_06\\bin\\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.5.0_06\\bin\\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\\Program Files\\AIM\\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\\WINDOWS\\system32\\WPDShServiceObj.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\\Program Files\\ANI\\ANIWZCS2 Service\\ANIWZCSdS.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\\Program Files\\Eset\
od32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\\WINDOWS\\system32\
vsvc32.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\\WINDOWS\\system32\\wbem\\wmiapsrv.exe (file missing)

thats where i think the virus is but i deleted all of the files i could and still have it running pop-ups
so evidently i dont know where it is
    
CPUMotherboardGraphicsRAM
c2d 1.6ghz laptop laptop 8600 M GT 2GB DDR 667MGHZ 
Hard DriveOptical DriveOSMonitor
DELL 120gb Sata dell dvdrw windows xp 15.4" laptop 
KeyboardCaseMouseMouse Pad
thermaltake set laptop thermaltake set everglide dual side thingy 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
c2d 1.6ghz laptop laptop 8600 M GT 2GB DDR 667MGHZ 
Hard DriveOptical DriveOSMonitor
DELL 120gb Sata dell dvdrw windows xp 15.4" laptop 
KeyboardCaseMouseMouse Pad
thermaltake set laptop thermaltake set everglide dual side thingy 
  hide details  
Reply
post #5 of 10
Thread Starter 
bump
    
CPUMotherboardGraphicsRAM
c2d 1.6ghz laptop laptop 8600 M GT 2GB DDR 667MGHZ 
Hard DriveOptical DriveOSMonitor
DELL 120gb Sata dell dvdrw windows xp 15.4" laptop 
KeyboardCaseMouseMouse Pad
thermaltake set laptop thermaltake set everglide dual side thingy 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
c2d 1.6ghz laptop laptop 8600 M GT 2GB DDR 667MGHZ 
Hard DriveOptical DriveOSMonitor
DELL 120gb Sata dell dvdrw windows xp 15.4" laptop 
KeyboardCaseMouseMouse Pad
thermaltake set laptop thermaltake set everglide dual side thingy 
  hide details  
Reply
post #6 of 10
well, there allways is the last resort (a r34orma7) then you will know for sure that it is'nt there anymore.
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Pentium 1 166MHz Sparton Nvid GF8800GTX 128Kb's x2 
Hard DriveOSMonitorPower
10.2Mb's win 3.1 9" black and white 2x D batteries 
CaseMouse
cardboard box ahh!! where?!?!? 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Pentium 1 166MHz Sparton Nvid GF8800GTX 128Kb's x2 
Hard DriveOSMonitorPower
10.2Mb's win 3.1 9" black and white 2x D batteries 
CaseMouse
cardboard box ahh!! where?!?!? 
  hide details  
Reply
post #7 of 10
Here is a on-line sight that has helped me before...Takes a while to run it, but it might help when your rig is infected...Trend Microâ„¢ HouseCall
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
E8600 4545Mhz*9 w/1.29V DFI DK P45 XFX 8800 GS D9GKX & D9GMH 
Hard DriveOptical DriveOSPower
2x Seagate 160 Perp. RD-1 2x Asus Vista Premium Corsair HX 620 
Case
Open Bench 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
E8600 4545Mhz*9 w/1.29V DFI DK P45 XFX 8800 GS D9GKX & D9GMH 
Hard DriveOptical DriveOSPower
2x Seagate 160 Perp. RD-1 2x Asus Vista Premium Corsair HX 620 
Case
Open Bench 
  hide details  
Reply
post #8 of 10
Thread Starter 
a wat?!
edit: does anybody know of the "video compression codec".........i think thats the virus i could be wrong though
    
CPUMotherboardGraphicsRAM
c2d 1.6ghz laptop laptop 8600 M GT 2GB DDR 667MGHZ 
Hard DriveOptical DriveOSMonitor
DELL 120gb Sata dell dvdrw windows xp 15.4" laptop 
KeyboardCaseMouseMouse Pad
thermaltake set laptop thermaltake set everglide dual side thingy 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
c2d 1.6ghz laptop laptop 8600 M GT 2GB DDR 667MGHZ 
Hard DriveOptical DriveOSMonitor
DELL 120gb Sata dell dvdrw windows xp 15.4" laptop 
KeyboardCaseMouseMouse Pad
thermaltake set laptop thermaltake set everglide dual side thingy 
  hide details  
Reply
post #9 of 10
well, the best thing 2 do (in my experience) is to type the .dll file or .exe file in google and see what it says. I did this with the "video compression codec" of yours (isaddon.dll) and all the results said it was "bad", its a trojan file and you should get rid of it quickly. Hope i was of help
post #10 of 10
"video compression codec" isnt likely to be the problem. Viruses usually come in the form of dodjily or randomly named .exe files.

Also, r34orma7 is a stupid geek way of spelling reformat - nice one jmc7983
Bob
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Athlon 64 3800+ ASUS A8N- SLI Premium XFX GeForce 7800GT Extreme Edition 2GB (2X1GB) Corsair XMS Pro LED TwinX DDR400 
Hard DriveOptical DriveOSMonitor
2x200GB Barracuda SATA RAID0 + 250Gb ATA SONY CDR-RW Ultra speed Windows Vista Home Premium x64 Hanns G 19" widescreen HW191D 
PowerCaseMouse
Antec TruePower 550W Thermaltake Armour Logitech LX5 
  hide details  
Reply
Bob
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Athlon 64 3800+ ASUS A8N- SLI Premium XFX GeForce 7800GT Extreme Edition 2GB (2X1GB) Corsair XMS Pro LED TwinX DDR400 
Hard DriveOptical DriveOSMonitor
2x200GB Barracuda SATA RAID0 + 250Gb ATA SONY CDR-RW Ultra speed Windows Vista Home Premium x64 Hanns G 19" widescreen HW191D 
PowerCaseMouse
Antec TruePower 550W Thermaltake Armour Logitech LX5 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security