| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 87703 | 2008-03-01 08:58:00 | Help!! Msn tio VIRUS T__T | xKat (13458) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 645308 | 2008-03-01 08:58:00 | Ytd my friend & i were chatting. He juz broke up wz his gf and we chatted for awile. Then he "send" me a link. Once i click on it... WALAH... My comp get the virus... T________T (His comp get the virus as well.. He didn't realiese until i told him) I'm totally know 0% abt all this (PC) stuff. I have no idea wad that virus called. All i know is i'll get auto-kick from my Msn. While i kicked off from MSN, that virus will auto log on to my ID & send virus to all ppl on my list... It even auto send when i offline... And coz of this... A few of my friend got the virus from me... I tried to run my ccleaner/anti-virus. But it juz dun seems working... It is still send out ard... Anyone know anythg bout this & willing to help me? T__T... I dunno if this is the right place to ask for this kind of help... But i reli nid it... T_T... Looking forward for sum help over here T_T Best Rgds, Kathy |
xKat (13458) | ||
| 645309 | 2008-03-01 09:12:00 | Welcome to Press F1 Kathy, Ccleaner does not contain a antivirus, its mainly a file cleaner. Down load Nod32 Trial (www.eset.com), install it, run it. Download also from my sig, Spybot S& D, spyware doctor, install & Run. & Super antispyware (http://www.superantispyware.com/) Download HijackThis (www.trendsecure.com) Save it to a folder on your desktop, run it, and select Save a Log File. Copy / Paste the complete log file back here. Some one will advice further. |
wainuitech (129) | ||
| 645310 | 2008-03-01 09:24:00 | Dear wainuitech, T_T... Ty for ur reply. So, i shall dl all of the abc that u advise? I mean the Anti-Spywere stuff? Sry.. Kinda know "nth" bout PC... Here... I wonder is this the log file u mention? --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:19:11 PM, on 01 Mar 2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\VistaDrive\VistaDrive.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe D:\eMule\emule.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\DllHost.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\SDO-X\BugRep.bin C:\Program Files\FlashGet\flashget.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://VeryCD.265.com R3 - URLSearchHook: (no name) - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - (no file) R3 - URLSearchHook: (no name) - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [ avast! ] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe O4 - HKLM\..\Run: [stup.exe] Rundll32.exe C:\PROGRA~1\TENCENT\SSPlus\SPlus1.dll,Rundll32 R O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart O4 - HKCU\..\Run: [eMuleAutoStart] D:\eMule\emule.exe -AutoStart O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Add to QQ Customized Emoticons - C:\Program Files\QQ\Africa2003\AddEmotion.htm O8 - Extra context menu item: Add to QQ Customized Panel - C:\Program Files\QQ\Africa2003\AddPanel.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send Picture with QQ MMS - C:\Program Files\QQ\Africa2003\SendMMS.htm O8 - Extra context menu item: ·¢ËÍͼƬµ½ÊÖ»ú - C:\Program Files\P4P\cx.htm O8 - Extra context menu item: ʹÓÃËѹ·Ö±Í¨³µÏÂÔØ - C:\Program Files\P4P\dl.htm O8 - Extra context menu item: Ìí¼Óµ½QQ±íÇé - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: Ìí¼Óµ½¡°ÎҵĶ©ÔÄ¡± - C:\Program Files\P4P\rss.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: ÎҵĶ©ÔÄ - {8755CE6E-0BF7-4441-8751-FB728941B0B4} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - messenger.zone.msn.com O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - www.nvidia.com O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - download.divx.com O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - www.acclaim.com O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - cdn1.acclaimdownloads.com O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com O17 - HKLM\System\CCS\Services\Tcpip\..\{C2CA9B88-C778-4B46-BB1F-F9E9FBD03224}: NameServer = 202.188.0.133 202.188.1.5 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\SoDAHK.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe -- End of file - 10354 bytes Looking forward again... Thx in advance ~ |
xKat (13458) | ||
| 645311 | 2008-03-01 09:34:00 | Okay I See you have avast - you may not need the Nod32 - but run the other programs I mentioned. Hopefully a guy called speedy will see this and look at the log - he knows more on advising them. |
wainuitech (129) | ||
| 645312 | 2008-03-01 09:44:00 | Oh... Ok... I have dl "Super antispyware" ^ "HijackThis" Now i'm running my scann... Hopefully [Speedy] will c this... *Pray hard* My friend start scolding me ady T_T Thank you so much for ur help =) |
xKat (13458) | ||
| 645313 | 2008-03-01 09:46:00 | You should update all those programs then reboot into safe mode to run them. To get into safe mode, keep pressing F8 as your computer boots up. If the windows logo shows up instead of a menu, you will have to reboot & try again. If you don't have IE7, install it, then use the reset button in internet options - advanced. You could download & run stevengould.org instead if that is easier. ps. Please use proper English as much as you can. You can start by ticking the following entries in hijackthis & clicking fix. Speedy will be able to help you more. R3 - URLSearchHook: (no name) - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - (no file) R3 - URLSearchHook: (no name) - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - (no file) O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [stup.exe] Rundll32.exe O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [eMuleAutoStart] D:\eMule\emule.exe -AutoStart O8 - Extra context menu item: ·¢ËÍͼƬµ½ÊÖ»ú - C:\Program Files\P4P\cx.htm O8 - Extra context menu item: ʹÓÃËѹ·Ö±Í¨³µÏÂÔØ - C:\Program Files\P4P\dl.htm O8 - Extra context menu item: Ìí¼Óµ½¡° ÎҵĶ©ÔÄ ¡± - C:\Program Files\P4P\rss.htm O9 - Extra button: ÎҵĶ©ÔÄ - {8755CE6E-0BF7-4441-8751-FB728941B0B4} - C:\WINDOWS\system32\shdocvw.dll |
Greven (91) | ||
| 645314 | 2008-03-01 09:56:00 | Some of those Antispy wont work fully in safe mode | wainuitech (129) | ||
| 645315 | 2008-03-01 15:34:00 | Try MSNCleaner Google for it. Download the newest MSN as well |
apsattv (7406) | ||
| 645316 | 2008-03-01 17:08:00 | Run HJT again tick these then tick fix checked Close browser/s This is nasty O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) These are safe but dont have to be in startup O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKCU\..\Run: "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [eMuleAutoStart] D:\eMule\emule.exe -AutoStart [B]Do you know what this belongs to? If you dont tick them O8 - Extra context menu item: Add to QQ Customized Emoticons - C:\Program Files\QQ\Africa2003\AddEmotion.htm O8 - Extra context menu item: Add to QQ Customized Panel - C:\Program Files\QQ\Africa2003\AddPanel.htm O8 - Extra context menu item: Send Picture with QQ MMS - C:\Program Files\QQ\Africa2003\SendMMS.htm O8 - Extra context menu item: ·¢ËÍͼƬµ½ÊÖ»ú - C:\Program Files\P4P\cx.htm O8 - Extra context menu item: ʹÓÃËѹ·Ö±Í¨³µÏÂÔØ - C:\Program Files\P4P\dl.htm O8 - Extra context menu item: Ìí¼Óµ½¡°ÎҵĶ©ÔÄ¡± - C:\Program Files\P4P\rss.htm These are nasty O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll O20 - AppInit_DLLs: C:\WINDOWS\system32\SoDAHK.DLL Uninstall Emule and Bittorent, these will only make things worse Uninstall all versions of Java yours is out of date. Link is in my sig, under here. Get trojan remover in my sig, install it update it, click on scan, then select all options under the utilities menu |
Speedy Gonzales (78) | ||
| 645317 | 2008-03-01 19:45:00 | Gosh Speedie to the rescue again! Dont you ever stop?? =P | password (5384) | ||
| 1 2 | |||||