| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 108371 | 2010-03-25 23:56:00 | virus probelms. | wbham (15693) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 870003 | 2010-03-25 23:56:00 | Hi. I have a computer here that has had ""xp defender", and possibly other viruses. I used a quick scan with SuperAntiSpyware, and found 3 trojans called "Ave.exe", i cleaned them and restarted as requested. Now, it seems to have gone as it is not running, but i think this removal didn't do the job because, now I'm trying to install malwarebytes but when i do that, it comes up with the "Open With" box, and a list of programs I should chose to open the program. This is the same for any other application even if it is installed Is this "open with" problem a virus or something else? Please help, thanks! |
wbham (15693) | ||
| 870004 | 2010-03-26 00:04:00 | Boot into safe mode / networking. Get hijackthis below, run it, click on scan the system and save a log. Copy and paste the log back here. And get trojan remover below, update it then click on scan. Then select all options under the utilities menu. Then try and install malwarebytes. What version of windows is it? | Speedy Gonzales (78) | ||
| 870005 | 2010-03-26 00:21:00 | Thanks. XP Professional, SP3 I Think. (Not my computer) I've booted into safe mode and all programs have the same problem of not opening. The only way i can get installed programs opening, is opening them with the shortcut after the "Open With" box comes up. Log is below: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:17:28 PM, on 3/26/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Roger\My Documents\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe" O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe" O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe" O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe" O4 - HKLM\..\Run: [ASUSTPE] C:\WINDOWS\system32\ASUSTPE.exe O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\ASScrProlog.exe O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\ASScrPro.exe O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\Treshna\RemoteAssist\vnc\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [Netdrive] "C:\Program Files\Netdrive\Netdrive.exe" -tray O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [TRUUpdater] "C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" /bkground O4 - HKLM\..\Run: [WatcherHelper] "C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM') O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user') O4 - .DEFAULT User Startup: CCC.lnk = ? (User 'Default user') O4 - Startup: CCC.lnk = ? O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NetDrive Service (ndsvc) - SolutionBox - C:\Program Files\Netdrive\ndsvc.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe O23 - Service: SWAutoLaunch - Unknown owner - C:\Program Files\Sierra Wireless\3G Wireless Module\Generic\Components\SWAutoLaunch.exe O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\Treshna\RemoteAssist\vnc\WinVNC.exe -- End of file - 6310 bytes |
wbham (15693) | ||
| 870006 | 2010-03-26 01:43:00 | You can tick these then tick fix checked Close browsers O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM') O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user') O4 - .DEFAULT User Startup: CCC.lnk = ? (User 'Default user') O4 - Startup: CCC.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe No sign of any nasties in this. Try trojan remover, update it first, and do a scan with that and then go to the utilities menu, select everything else. So, it can reset everything Then get ccleaner (http://www.ccleaner.com), install it then click on run cleaner. You'll have to close all browsers. Then will remove all the temp files etc |
Speedy Gonzales (78) | ||
| 870007 | 2010-03-26 06:12:00 | Thanks for confirming there was no more malware. I ended up having to download an exe fix registry file. That seems to have fixed everything. Thanks again |
wbham (15693) | ||
| 870008 | 2010-03-26 06:25:00 | cool ! Did you scan with trojan remover and reset everything with it as well? | Speedy Gonzales (78) | ||
| 1 | |||||