| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 90906 | 2008-06-19 21:06:00 | AVG says Im Infected | schatten789 (13885) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 680376 | 2008-06-19 21:06:00 | I have avg and everyday it seems to find a threat named Aware Generic2 . UEA . It is in the windows system32 fold and called svchost . exe . Here is a HijackThis log . Logfile of Trend Micro HijackThis v2 . 0 . 2 Scan saved at 3:18:17 PM, on 6/19/2008 Platform: Windows XP SP2 (WinNT 5 . 01 . 2600) MSIE: Internet Explorer v7 . 00 (7 . 00 . 6000 . 16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\Ati2evxx . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\system32\Ati2evxx . exe C:\WINDOWS\system32\spoolsv . exe C:\PROGRA~1\AVG\AVG8\avgwdsvc . exe C:\Program Files\Viewpoint\Common\ViewpointService . exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService . exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2 . exe C:\PROGRA~1\AVG\AVG8\avgrsx . exe C:\WINDOWS\Explorer . EXE C:\PROGRA~1\AVG\AVG8\avgemc . exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa . exe C:\WINDOWS\system32\Rundll32 . exe C:\Program Files\Java\jre1 . 6 . 0_06\bin\jusched . exe C:\PROGRA~1\AVG\AVG8\avgtray . exe C:\WINDOWS\system32\CTHELPER . EXE C:\Program Files\ATI Technologies\ATI . ACE\Core-Static\MOM . exe C:\WINDOWS\system32\ctfmon . exe C:\WINDOWS\System32\svchost . exe C:\Program Files\ATI Technologies\ATI . ACE\Core-Static\ccc . exe C:\Program Files\Mozilla Firefox\firefox . exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig . exe C:\Program Files\Trend Micro\HijackThis\HyJakeTis . exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com O2 - BHO: WormRadar . com IESiteBlocker . NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie . dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1 . 6 . 0_06\bin\ssv . dll O4 - HKLM\ . . \Run: [WUSB54Gv2] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3 . exe O4 - HKLM\ . . \Run: [P17Helper] Rundll32 P17 . dll,P17Helper O4 - HKLM\ . . \Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1 . 6 . 0_06\bin\jusched . exe" O4 - HKLM\ . . \Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask . exe" -atboottime O4 - HKLM\ . . \Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray . exe O4 - HKLM\ . . \Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI . ACE\Core-Static\CLIStart . exe" O4 - HKLM\ . . \Run: [CTHelper] CTHELPER . EXE O4 - HKCU\ . . \Run: [Aim6] "C:\Program Files\AIM6\aim6 . exe" /d locale=en-US ee://aol/imApp O4 - HKCU\ . . \Run: [ctfmon . exe] C:\WINDOWS\system32\ctfmon . exe O4 - HKCU\ . . \Run: [SetDefaultMIDI] MIDIDef . exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 6 . 0_06\bin\ssv . dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 6 . 0_06\bin\ssv . dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag . exe O9 - Extra 'Tools' menuitem: @xpsp3res . dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag . exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp . dll O20 - AppInit_DLLs: avgrsstx . dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc . - C:\WINDOWS\system32\Ati2evxx . exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag . exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s . r . o . - C:\PROGRA~1\AVG\AVG8\avgemc . exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s . r . o . - C:\PROGRA~1\AVG\AVG8\avgwdsvc . exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService . exe O23 - Service: WUSB54Gv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService . exe -- End of file - 4443 bytes Thanks for any help . :thanks |
schatten789 (13885) | ||
| 680377 | 2008-06-19 21:19:00 | Hi welcome to the forum. It makes it easier for people to read the log if you just copy and paste the log into the forum. :) |
Trev (427) | ||
| 680378 | 2008-06-19 21:26:00 | Thanks, I will do that from now on. I tried to edit the post but doesnt look like I can, or im just blind and dont see the button. | schatten789 (13885) | ||
| 680379 | 2008-06-19 22:12:00 | Run HJT again tick these then tick fix checked Close browsers O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime What did it sat you had?? Uninstall this C:\Program Files\Viewpoint\Common\ViewpointService.exe |
Speedy Gonzales (78) | ||
| 680380 | 2008-06-19 23:03:00 | It says I have Adware Generic2 . UEA, I seem to get it at random times . I went to the history and took a screen shot, maby this can tell you more then I can . sorry about the size . I have windows one both hard drives, . photobucket . com/albums/a112/schatten789/untitled-2 . jpg" target="_blank">i10 . photobucket . com Here is the HijackThis log after deleting the things you said . Logfile of Trend Micro HijackThis v2 . 0 . 2 Scan saved at 5:05:04 PM, on 6/19/2008 Platform: Windows XP SP2 (WinNT 5 . 01 . 2600) MSIE: Internet Explorer v7 . 00 (7 . 00 . 6000 . 16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\Ati2evxx . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\system32\Ati2evxx . exe C:\WINDOWS\system32\spoolsv . exe C:\PROGRA~1\AVG\AVG8\avgwdsvc . exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService . exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2 . exe C:\PROGRA~1\AVG\AVG8\avgrsx . exe C:\WINDOWS\Explorer . EXE C:\PROGRA~1\AVG\AVG8\avgemc . exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa . exe C:\WINDOWS\system32\Rundll32 . exe C:\Program Files\Java\jre1 . 6 . 0_06\bin\jusched . exe C:\PROGRA~1\AVG\AVG8\avgtray . exe C:\WINDOWS\system32\CTHELPER . EXE C:\Program Files\ATI Technologies\ATI . ACE\Core-Static\MOM . exe C:\WINDOWS\system32\ctfmon . exe C:\WINDOWS\System32\svchost . exe C:\Program Files\ATI Technologies\ATI . ACE\Core-Static\ccc . exe C:\Program Files\Mozilla Firefox\firefox . exe C:\Program Files\Trend Micro\HijackThis\HyJakeTis . exe C:\WINDOWS\system32\mspaint . exe C:\WINDOWS\system32\svchost . exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com O2 - BHO: WormRadar . com IESiteBlocker . NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie . dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1 . 6 . 0_06\bin\ssv . dll O4 - HKLM\ . . \Run: [WUSB54Gv2] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3 . exe O4 - HKLM\ . . \Run: [P17Helper] Rundll32 P17 . dll,P17Helper O4 - HKLM\ . . \Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1 . 6 . 0_06\bin\jusched . exe" O4 - HKLM\ . . \Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask . exe" -atboottime O4 - HKLM\ . . \Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray . exe O4 - HKLM\ . . \Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI . ACE\Core-Static\CLIStart . exe" O4 - HKLM\ . . \Run: [CTHelper] CTHELPER . EXE O4 - HKCU\ . . \Run: [Aim6] "C:\Program Files\AIM6\aim6 . exe" /d locale=en-US ee://aol/imApp O4 - HKCU\ . . \Run: [ctfmon . exe] C:\WINDOWS\system32\ctfmon . exe O4 - HKCU\ . . \Run: [SetDefaultMIDI] MIDIDef . exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 6 . 0_06\bin\ssv . dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 6 . 0_06\bin\ssv . dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag . exe O9 - Extra 'Tools' menuitem: @xpsp3res . dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag . exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp . dll O20 - AppInit_DLLs: avgrsstx . dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc . - C:\WINDOWS\system32\Ati2evxx . exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag . exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s . r . o . - C:\PROGRA~1\AVG\AVG8\avgemc . exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s . r . o . - C:\PROGRA~1\AVG\AVG8\avgwdsvc . exe O23 - Service: WUSB54Gv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService . exe -- End of file - 4279 bytes :thanks |
schatten789 (13885) | ||
| 680381 | 2008-06-19 23:26:00 | Disable system restore on D. Right mouse on my computer on the desktop. System restore tab, highlight D. Settings on the right. Turn off system restore Then reboot You havent ticked these entries yet O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime |
Speedy Gonzales (78) | ||
| 680382 | 2008-06-19 23:29:00 | Looks pretty good to me, but I'd try downloading Spyware Doctor from here (www.download.com). Install it, and then disable system restore, reboot and run a Full System Scan. Re-post a HJT log when it's done. :thumbs: |
nofam (9009) | ||
| 680383 | 2008-06-20 00:40:00 | Disable system restore on D . Right mouse on my computer on the desktop . System restore tab, highlight D . Settings on the right . Turn off system restore Then reboot You havent ticked these entries yet O4 - HKLM\ . . \Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1 . 6 . 0_06\bin\jusched . exe" O4 - HKLM\ . . \Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask . exe" -atboottime Opps sry it looks like I pasted the wrong log in my post, I did delete them though . The new log is below . Looks pretty good to me, but I'd try downloading Spyware Doctor from here ( . download . com/Spyware-Doctor-Starter-Edition/3000-8022_4-10704508 . html" target="_blank">www . download . com) . Install it, and then disable system restore, reboot and run a Full System Scan . Re-post a HJT log when it's done . :thumbs: I did the scan with the sd and here is what it came up with . . photobucket . com/albums/a112/schatten789/untitled3 . jpg" target="_blank">i10 . photobucket . com Here is the hijackThis log . This should be the new one . lol Logfile of Trend Micro HijackThis v2 . 0 . 2 Scan saved at 6:44:54 PM, on 6/19/2008 Platform: Windows XP SP2 (WinNT 5 . 01 . 2600) MSIE: Internet Explorer v7 . 00 (7 . 00 . 6000 . 16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\csrss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\Ati2evxx . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\system32\Ati2evxx . exe C:\WINDOWS\system32\spoolsv . exe C:\PROGRA~1\AVG\AVG8\avgwdsvc . exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService . exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2 . exe C:\PROGRA~1\AVG\AVG8\avgrsx . exe C:\WINDOWS\Explorer . EXE C:\PROGRA~1\AVG\AVG8\avgemc . exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa . exe C:\WINDOWS\System32\alg . exe C:\WINDOWS\system32\Rundll32 . exe C:\PROGRA~1\AVG\AVG8\avgtray . exe C:\WINDOWS\system32\CTHELPER . EXE C:\Program Files\ATI Technologies\ATI . ACE\Core-Static\MOM . exe C:\WINDOWS\system32\ctfmon . exe C:\WINDOWS\System32\svchost . exe C:\Program Files\ATI Technologies\ATI . ACE\Core-Static\ccc . exe C:\Program Files\Mozilla Firefox\firefox . exe C:\WINDOWS\system32\mspaint . exe C:\WINDOWS\system32\svchost . exe C:\Program Files\Trend Micro\HijackThis\HyJakeTis . exe C:\Program Files\Internet Explorer\iexplore . exe C:\Program Files\Spyware Doctor\pctsAuxs . exe C:\Program Files\Spyware Doctor\pctsSvc . exe C:\Program Files\Spyware Doctor\pctsTray . exe C:\Program Files\Spyware Doctor\pctsGui . exe C:\WINDOWS\system32\wbem\wmiprvse . exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = . microsoft . com/fwlink/?LinkId=54896" target="_blank">go . microsoft . com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = . microsoft . com/fwlink/?LinkId=69157" target="_blank">go . microsoft . com O2 - BHO: WormRadar . com IESiteBlocker . NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie . dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1 . 6 . 0_06\bin\ssv . dll O4 - HKLM\ . . \Run: [WUSB54Gv2] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3 . exe O4 - HKLM\ . . \Run: [P17Helper] Rundll32 P17 . dll,P17Helper O4 - HKLM\ . . \Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray . exe O4 - HKLM\ . . \Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI . ACE\Core-Static\CLIStart . exe" O4 - HKLM\ . . \Run: [CTHelper] CTHELPER . EXE O4 - HKLM\ . . \Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray . exe" O4 - HKCU\ . . \Run: [Aim6] "C:\Program Files\AIM6\aim6 . exe" /d locale=en-US ee://aol/imApp O4 - HKCU\ . . \Run: [ctfmon . exe] C:\WINDOWS\system32\ctfmon . exe O4 - HKCU\ . . \Run: [SetDefaultMIDI] MIDIDef . exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 6 . 0_06\bin\ssv . dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 6 . 0_06\bin\ssv . dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag . exe O9 - Extra 'Tools' menuitem: @xpsp3res . dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag . exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp . dll O20 - AppInit_DLLs: avgrsstx . dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc . - C:\WINDOWS\system32\Ati2evxx . exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag . exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s . r . o . - C:\PROGRA~1\AVG\AVG8\avgemc . exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s . r . o . - C:\PROGRA~1\AVG\AVG8\avgwdsvc . exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs . exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc . exe O23 - Service: WUSB54Gv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService . exe -- End of file - 4783 bytes |
schatten789 (13885) | ||
| 680384 | 2008-06-20 00:44:00 | Disable system restore, on D. If you havent yet, if this adware is still being detected by AVG Log looks ok |
Speedy Gonzales (78) | ||
| 680385 | 2008-06-20 00:44:00 | Ok - looks fine . . . . re-run your full AVG scan and see if you get that warning again . | nofam (9009) | ||
| 1 | |||||