| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 110120 | 2010-06-04 03:41:00 | friends pc has "antimalware doctor" virus | goodiesguy (15316) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1106539 | 2010-06-04 03:41:00 | ok . im in teamviewer looking at his desktop . he has a dell dimension 2400 with xp service pack 1 . i have run rkill . exe to kill the process . i ran avast also . then today its come back any ideas? i ran a malware bytes scan . i'll post the rkill log:This log file is located at C:\rkill . log . Please post this only if requested to by the person helping you . Otherwise you can close this log when you wish . Ran as Owner on 04/06/2010 at 14:34:58 . Processes terminated by Rkill or while it was running: C:\Documents and Settings\Owner\Application Data\62C0CA9E13364ED83D038C28C519D824\gotnewupdate 005001 . exe C:\Documents and Settings\Owner\My Documents\Downloads\rkill . com Rkill completed on 04/06/2010 at 14:35:06 . anyways . with teamviewer, does it use their internet connection when im browsing on theirs thru teamviewer? |
goodiesguy (15316) | ||
| 1106540 | 2010-06-04 03:55:00 | here's a hijack this log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 2:53:28 p.m., on 4/06/2010 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\hkcmd.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\TeamViewer\Version5\TeamViewer.exe C:\WINDOWS\explorer.exe C:\WINDOWS\System32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = 346a high street dunedin O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [gotnewupdate005001.exe] C:\Documents and Settings\Owner\Application Data\62C0CA9E13364ED83D038C28C519D824\gotnewupdate 005001.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload.macromedia.com O20 - Winlogon Notify: cryptnet32 - cryptnet32.dll (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- End of file - 3445 bytes |
goodiesguy (15316) | ||
| 1106541 | 2010-06-04 04:07:00 | Disable system restore, tick these then tick fix checked Or use ccleaner and delete the entries in startup, and run it so it removes temp files Then update windows O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [gotnewupdate005001.exe] C:\Documents and Settings\Owner\Application Data\62C0CA9E13364ED83D038C28C519D824\gotnewupdate 005001.exe. <- If this file is there after you reboot, go to this folder, and delete this file O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O20 - Winlogon Notify: cryptnet32 - cryptnet32.dll (file missing). Uninstall spybot then reboot, then update malwarebytes, then do a full scan. You have to be on the net to use teamviewer (I think) |
Speedy Gonzales (78) | ||
| 1106542 | 2010-06-04 04:21:00 | rkill . exe will temp kill the process, but running malwarebytes and avast is no where near enough . (avast is hopeless anyway, it misses to much) You need to run several others as well,all available from my sig,in full scan modes, expect to take at least 4-5 hours of scanning to clean it correctly . BUT even that may not be enough - some times you have to manually remove infections or even run programs that "really get in deep" the problem is if they screw the system, and sometimes they do, you have to know how to undo what you have done . Sometimes when the infections are removed the system is unbootable . It also pays to clone the drive before doing any of the fixes, as if its really badly infected you may make the system totally unbootable . Not a job for remote fixing . |
wainuitech (129) | ||
| 1106543 | 2010-06-04 04:28:00 | i hace spybot on it. speedy told be to get rid of it though. but i find spybot does a good job for the harder viruses. explain how avast is hopless? what do you reccomend ( i use avast) |
goodiesguy (15316) | ||
| 1106544 | 2010-06-04 04:35:00 | Spybot isnt a virus scanner and never will be. And its not good for everything. There are better programs around now | Speedy Gonzales (78) | ||
| 1106545 | 2010-06-04 04:50:00 | Example of a clean out, that took most of the day on a customers PC, that had avast, yet the PC was obviously infected. Uninstalled Avast. Run the following programs one after the other, fully updated, each scan took approx 1 3/4 - 2 Hours (apart from TR, that took about 5 minutes) Results from the program along with the number of malware after the name, then a Virus Scan with Nod32. (all with system restore turned off) Removed known malware infections Trojan Remover -- 18 then Malware Bytes --- 45 then Spybot S&D ---79 then Super Antispyware - 9 then Combofix --- 3 Then a Scan with Nod32 antivirus -----14 Avast said the PC was clean -- HA! :eek: Running another program now - Still scanning est time left 2.5 hours so far at 1/4 way through --- clean Edited: still have to fix the damaged system files as some are obviously damaged, as well as update the PC from XP SP2 >> SP3 and run other program updates. In this case reinstalling is not an option -- as some of the programs, while legit, can not be reinstalled as the CD's are lost and the programs are used a lot so the person said. |
wainuitech (129) | ||
| 1106546 | 2010-06-04 04:51:00 | hey speedy. i figured out the issue with my pc. well changing my second smaller 256 stick of ram didnt work. i was at the stage where it woulnt boot. just before i decided to take out my bigger 512mb stick and replaced it with another 256. wolla, it boots fine and works better than ever. im on it now. my 17 inch main monitor seems so big compared the the laptops 12". anyways my 511mb stick was knackerd. i found damage on the circut on it. i can take a picture if you like |
goodiesguy (15316) | ||
| 1106547 | 2010-06-04 04:51:00 | thanks for the info wanuitech | goodiesguy (15316) | ||
| 1106548 | 2010-06-04 05:00:00 | thanks for the info wanuitech Not a problem-- this is where you can tell the "Cowboys" in this business, some say you can clean out a badly infected PC in 30 minutes. While some times that's true ( very rare), to tell a customer its only going to take that long without even seeing the problem is a ---- -- ---- Well you guess the words :D |
wainuitech (129) | ||
| 1 2 | |||||