| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 83778 | 2007-10-12 22:17:00 | NOD32 CRC is corrupt due to A virus? | bomby101 (12915) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 601013 | 2007-10-12 22:17:00 | Hey :) I was wondering if any fellow N-Zealanders would be able to help me with A virus problem? :illogical I recently have been infected with eight MSN live viruses, they have been cleaned up, I had A trojan and A few bits of adware I cleaned these with Ad-Aware and Spybot BUT I cant scan with any virus apps for the main virus, it slows down my pc and wrecks Anti-Virus software!! , Ive tried NOD32, Avast Anti-Virus, AVG, Anti Vir Classic and Clamwin!! They all say a simular message " CRC is corrupt cannot scan, possibly due to a virus" then it begins scanning the memory and finds all the .exe files and calls them trojans, I deleted all this once and the computer didnt boot and had to go into recovery console, I really don't have time for a format with the amount of school stuff saved atm and my external HDD broke :horrified Does anyone know how to resolve this? Heres my HijackThis Log Logfile of HijackThis v1.99.1 Scan saved at 11:44:47 AM, on 10/13/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 5.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\HijackThis\HijackThis.exe O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll (file missing) O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 5.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com O17 - HKLM\System\CCS\Services\Tcpip\..\{C576A1B6-AD69-4432-BFAB-94158225E2E0}: NameServer = 202.27.158.40 202.27.156.72 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (file missing) O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (file missing) O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe |
bomby101 (12915) | ||
| 601014 | 2007-10-12 23:21:00 | Hi Bomby101 Welcome toPressF1 - go to this persons ID Speedy (pressf1.pcworld.co.nz) download and update/run the cleaners in his signature - then restart the Pc in safe mode ( press F8 on startup) rerun Nod32. Remove all AV's apart from 1 - since you have Nod32 use that. Post back the HJ This log and speedy may be able to advice when he gets here. |
wainuitech (129) | ||
| 601015 | 2007-10-13 00:00:00 | The log looks clean to me. I would be careful, on how many AV programs you install. And run in the background. Some can conflict with others. Remove / uninstall 2 of them. Run HJT again tick these entries then tick fix checked. Close browser/s. These are safe O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll (file missing) O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h Run these manually. O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background Get this (www.dougknox.com) It'll remove Windows Messenger. You dont need both. This is from here (http://www.dougknox.com/) Uninstal ALL versions of Sun Java, yours is out of date. Its now up to 6 update 3. Link for Java is in my sig. I would also get ccleaner (http://www.ccleaner.com) Install it run it close browser/s, and click on run cleaner. This will get rid of the temp files etc on your hdd. Try trojan remover, in my sig too, update it then click on scan. Then select all options under the utilities menu. |
Speedy Gonzales (78) | ||
| 601016 | 2007-10-16 06:35:00 | Hey :) Thanks heaps for the feedback, Its just a mission because I'm on dial-up currently because of my money situ, so downloading aps is .. slow I booted up in safe mood and scanned with Spy-Bot and Ad-Aware and they came up with a few entries :) but NOD32 still said every .exe was a virus, Ive done Java and scanned with CCleaner but no luck? Is there a way to just get rid of the virus manually? or do I have to use alot of apps? Thanks for the feedback :) btw! |
bomby101 (12915) | ||
| 601017 | 2007-10-16 08:02:00 | Something "Odd" there, the Hijackthis log is not bad, and if every exe was a virus then the files should show differently. Had 1 customers PC that was badly infected (it wouldn't even run) , removed the drive attached as a slave to a workshop PC and Nod said that lots of the exe files were infected, but once removed the PC was completely unbootable - had to reinstall as most of the OS was knackered. Some viruses can be removed manually, but you have to look at each one and find out how, normally searching on google will bring a result - but it may be a long slow task. Have you removed all AV's apart from Nod32 ? |
wainuitech (129) | ||
| 601018 | 2007-10-17 01:23:00 | Hey Man =) R you a computer technician? Yeah man I did remove all the virus programs but NOD32, I used CCleaner and cleared up like 700mb of temp files?, Ad-Aware and Spypot say my system is clean, I tried NOD32 and still says that all the exe files are viruses, btw the .exe files showing up are only programs exe files not SYSTEM32 exe files etc. How would I remove it manually? this virus is preety rouge if it defeated NOD32?, like the program cant keep its self protected? Get Back To Me =) |
bomby101 (12915) | ||
| 601019 | 2007-10-17 01:34:00 | This maybe a stupid idea and suggestion, but you never know. Have you disabled system restore and re-booted the pc, then ran the av check? Disregard this post if you have:blush: |
Sanco (683) | ||
| 601020 | 2007-10-17 06:44:00 | Hey Man =) R you a computer technician? Get Back To Me =) Yeah - and a very tired one at that :stare: This maybe a stupid idea and suggestion, but you never know. Have you disabled system restore and re-booted the pc, then ran the av check? Sanco's Suggestion is not stupid, as some infections put them selves in system restore and no matter how many times you try to clean out thePC they return. Something is "odd though" the HiJAckthis log should have shown lots more damage if the results Nod32 is giving were correct. Suggestion - remove Nod32 completely, just in case it has been damaged some how. Turn off System Restore, reboot, and rerun the cleaners from Speedys SIG again. Reinstall Nod32, update it. Before you do a scan, when opening Nod32 scanner go to the "setup" Tab and tick every thing so it looks like These settings (www.imagef1.net.nz) Then click "scan & Clean. See what it comes back with. Just curious - in your first post you put the computer didnt boot and had to go into recovery console, what exactly did you do in the recovery console - it may give a hint to the actual problem ? |
wainuitech (129) | ||
| 601021 | 2007-10-18 03:11:00 | Sanco Hey I'm going to try that tonight, it could work! :rolleyes: wainuitech ok man Ill try that and see how that goes, heres my Hijack Log that I just took just in case anything new has popped up? Logfile of HijackThis v1.99.1 Scan saved at 4:39:51 PM, on 10/18/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 5.exe C:\Program Files\ Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HijackThis\HijackThis.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll O2 - BHO: (no name) - {E5A1691B-D188-4419-AD02-90002030B8EE} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 5.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\ Spybot - Search & Destroy\TeaTimer.exe O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\ Yahoo! \Common\yinsthelper.dll O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com O17 - HKLM\System\CCS\Services\Tcpip\..\{C576A1B6-AD69-4432-BFAB-94158225E2E0}: NameServer = 202.27.158.40 202.27.156.72 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (file missing) O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (file missing) O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe |
bomby101 (12915) | ||
| 601022 | 2007-10-18 03:14:00 | Oh yeah I almost forgot, what happened was one day I booted up my system and it would log in (with a classic windows login) then even before the icons and system bar appeared it would log me back out with the sound "dun dun" as if I was switching users? Man I hate viruses and spyware they drive me mad and its just people with no life that don't get outside much that create them for fun? |
bomby101 (12915) | ||
| 1 2 | |||||