| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 82008 | 2007-08-13 13:46:00 | No icons showing on my desktop | malo (12639) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 580534 | 2007-08-15 05:09:00 | Thanks guys. I will give it a go now and get back to you shortly. you guys rock. |
malo (12639) | ||
| 580535 | 2007-08-15 05:57:00 | I have wallpaper/picture on desktop with no icons. nothing happens when right clicked on desktop. Still have to go through task manager to access program. I'm a little confuse when trying to restart in safe, mode, What are the process, please advise. After running a scan, a few baddies has been detected, here are the details. Please advise on how to get rid of them, thanks. not found: adware not-a-virus:AdWare.Win32.180Solutions.ax File: D:\My Documents\My Pictures\My Videos\Setup.exe//UPX not found: Trojan program Trojan-Downloader.Win32.Agent.auv File: D:\My Documents\ACE\PLAY.exe//UPX detected: riskware Hidden install Running process: C:\Documents and Settings\Mateni\Desktop\Google_Earth_BZXD.exe deleted: Trojan program Trojan-Downloader.Win32.Zlob.bxd File: C:\Documents and Settings\Mateni\Desktop\setup(2).exe//stream//data0006 deleted: Trojan program Trojan-Downloader.Win32.Zlob.bxd File: C:\Documents and Settings\Mateni\Desktop\setup.exe deleted: Trojan program Trojan-Downloader.Win32.Zlob.bxd File: C:\System Volume Information\_restore{E4919499-C624-494E-991A-786DB6F380AF}\RP30\A0007991.exe//stream//data0006 deleted: Trojan program Trojan-Downloader.Win32.Zlob.bxd File: C:\System Volume Information\_restore{E4919499-C624-494E-991A-786DB6F380AF}\RP30\A0007992.exe detected: riskware Hidden data sending Running process: C:\WINDOWS\explorer.exe detected: riskware Invader Running process: C:\WINDOWS\system32\services.exe detected: riskware Hidden data sending Running process: C:\Program Files\Video ActiveX Access\imsmain.exe detected: riskware Invader Running process: C:\WINDOWS\system32\winlogon.exe deleted: adware not-a-virus:AdWare.Win32.Comet.c File: I:\Mumz Stuff\Desktop (2)\AMELIA\sinstaller.exe//data0002 deleted: adware not-a-virus:AdWare.Win32.Mostofate.aa File: I:\Mumz Stuff\Excell and Document Files\BearShareV6int.exe//WiseSFX Dropper//WISE0045.BIN//stream//data0005 deleted: adware not-a-virus:AdWare.Win32.180Solutions.ao File: I:\Mumz Stuff\My Documents (1)\BSINSTALL.exe//WiseSFX Dropper//WISE0023.BIN//clientax.dll deleted: adware not-a-virus:AdWare.Win32.NewDotNet File: I:\Mumz Stuff\My Documents (1)\Install-Animated-Emoticons.exe//stream//data0001 deleted: adware not-a-virus:AdWare.Win32.WebHancer.351 File: I:\Mumz Stuff\My Documents (1)\Install-Animated-Emoticons.exe//stream//data0002//whAgent.exe deleted: adware not-a-virus:AdWare.Win32.WebHancer File: I:\Mumz Stuff\My Documents (1)\Install-Animated-Emoticons.exe//stream//data0002//whInstaller.exe deleted: adware not-a-virus:AdWare.Win32.WebHancer File: I:\Mumz Stuff\My Documents (1)\Install-Animated-Emoticons.exe//stream//data0002//whSurvey.exe deleted: adware not-a-virus:AdWare.Win32.WebHancer File: I:\Mumz Stuff\My Documents (1)\Install-Animated-Emoticons.exe//stream//data0002//webhdll.dll deleted: adware not-a-virus:AdWare.Win32.WebHancer File: I:\Mumz Stuff\My Documents (1)\Install-Animated-Emoticons.exe//stream//data0002//whiehlpr.dll deleted: adware not-a-virus:AdWare.Win32.WinAD.bv File: I:\Mumz Stuff\My Documents (1)\Install-Animated-Emoticons.exe//stream//data0003//UPX deleted: adware not-a-virus:AdWare.Win32.NewDotNet File: I:\Mumz Stuff\My Documents (1)\Install-Funny-Pack.exe//stream//data0001 deleted: adware not-a-virus:AdWare.Win32.WebHancer File: I:\Mumz Stuff\My Documents (1)\Install-Funny-Pack.exe//stream//data0002 deleted: adware not-a-virus:AdWare.Win32.WinAD.bv File: I:\Mumz Stuff\My Documents (1)\Install-Funny-Pack.exe//stream//data0003//UPX deleted: adware not-a-virus:AdWare.Win32.180Solutions.ao File: I:\Mumz Stuff\My Documents (1)\dafont\BSINSTALL.exe//WiseSFX Dropper deleted: adware not-a-virus:AdWare.Win32.180Solutions.ao File: I:\Mumz Stuff\My Documents (1)\dafont\BSINSTALL.exe//WiseSFX Dropper//WISE0023.BIN//clientax.dll deleted: riskware not-a-virus:FraudTool.Win32.VirusProtectPro.e File: C:\Documents and Settings\Mateni\Local Settings\Temp\br301.exe//data0006//Armadillo detected: Trojan program Trojan-Downloader.Win32.Agent.cbm File: C:\Documents and Settings\Mateni\Local Settings\Temp\laf2.exe//EXE-file Security software in use: Kaspersky security 6 Downloaded hijack this. Logfile below. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:59:54 p.m., on 15/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\WINDOWS\system32\gearsec.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Mateni\LOCALS~1\Temp\Rar$EX01.829\Hija ckThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: (no name) - {34E6F97C-34E0-4CE5-B92B-F83634BEDC01} - C:\Program Files\Video ActiveX Access\iesplg.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\__c00A4488.dat O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Program Files\Video ActiveX Access\iesbpl.dll O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video ActiveX Access\imsmain.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\__c001DCAC.dat O22 - SharedTaskScheduler: heterostyly - {cd0e4a1a-dbc2-48f7-9a6a-a41cac20bddc} - C:\WINDOWS\system32\fqdqs.dll O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 4729 bytes |
malo (12639) | ||
| 580536 | 2007-08-15 06:27:00 | Hi You have a lot of nasties to remove so lets start by using this.... Download combofix from download.bleepingcomputer.com **Save it directly to your desktop** Double click on combofix.exe & follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall |
Pancake (6359) | ||
| 580537 | 2007-08-15 06:39:00 | Hi guys. My problem has been fixed. thank you Demonhunter and everyone outthere. however everytime i go into Pcworld forum a new browser opens up with the address below. 85.17.60.179 I also have details of these suspicion baddies available. i have blocked it however what is the best way to deal with these malicious baddies? Here are baddies details. 15/08/2007 5:31:53 p.m. C:\WINDOWS\system32\winlogon.exe Process C:\WINDOWS\system32\winlogon.exe (PID: 776) is attempting to invade process C:\WINDOWS\explorer.exe (PID: 816). This behaviour is typical of some malware. 15/08/2007 5:31:53 p.m. C:\WINDOWS\system32\winlogon.exe Attempt to terminate process 15/08/2007 5:32:30 p.m. C:\WINDOWS\system32\taskmgr.exe Attempt to terminate process: successfully 15/08/2007 5:57:50 p.m. C:\Program Files\Video ActiveX Access\imsmain.exe Process C:\Program Files\Video ActiveX Access\imsmain.exe (PID: 2852) is trying to send data through trusted process. Destination: gateqw.com Data: ! Encoded Data: pn=srch0p3total7s2 15/08/2007 5:57:50 p.m. C:\Program Files\Video ActiveX Access\imsmain.exe Action blocked. |
malo (12639) | ||
| 580538 | 2007-08-15 08:16:00 | Hi guys. My problem has been fixed. thank you Demonhunter and everyone outthere. however everytime i go into Pcworld forum a new browser opens up with the address below. 85.17.60.179 I also have details of these suspicion baddies available. i have blocked it however what is the best way to deal with these malicious baddies? Here are baddies details. 15/08/2007 5:31:53 p.m. C:\WINDOWS\system32\winlogon.exe Process C:\WINDOWS\system32\winlogon.exe (PID: 776) is attempting to invade process C:\WINDOWS\explorer.exe (PID: 816). This behaviour is typical of some malware. 15/08/2007 5:31:53 p.m. C:\WINDOWS\system32\winlogon.exe Attempt to terminate process 15/08/2007 5:32:30 p.m. C:\WINDOWS\system32\taskmgr.exe Attempt to terminate process: successfully 15/08/2007 5:57:50 p.m. C:\Program Files\Video ActiveX Access\imsmain.exe Process C:\Program Files\Video ActiveX Access\imsmain.exe (PID: 2852) is trying to send data through trusted process. Destination: gateqw.com Data: ! Encoded Data: pn=srch0p3total7s2 15/08/2007 5:57:50 p.m. C:\Program Files\Video ActiveX Access\imsmain.exe Action blocked. Don't know about your first problem, kinda wierd. As for your 'badies' list if you don't mind me saying, your pc has been raped ! lol. quite a few badies. Start a new thread with your problem and we will take it for there. Saves threads getting long and having 3 different discussions going on inside them :p |
Bozo (8540) | ||
| 580539 | 2007-08-15 08:45:00 | I would suggest you stay on this thread and take no advice from anyone who has no experience in removing malware and virus as your computer needs expert advice when it come to cleaning.....stay with my instructions in my last post. | Pancake (6359) | ||
| 580540 | 2007-08-15 09:11:00 | I would suggest you stay on this thread and take no advice from anyone who has no experience in removing malware and virus as your computer needs expert advice when it come to cleaning.....stay with my instructions in my last post. ok, whatever. I just don't like threads that get too long thats all. I will leave the rest up to you, to avoid butting in on you, and your credentials certainly qualify you for such a job! :thumbs: Enjoy |
Bozo (8540) | ||
| 580541 | 2007-08-15 09:27:00 | Rogueremover / trojan remover in my sig, may remove some of those entries from the registry. Like the video codecs. (Rogueremover has a few in its database). |
Speedy Gonzales (78) | ||
| 580542 | 2007-08-15 09:58:00 | Its about time that this site caught up with the rest of the world and had its own dedicacted malware site instead of trying to mingle it in with the rest of the forum. | Pancake (6359) | ||
| 580543 | 2007-08-15 10:01:00 | Meh, it works just fine the way it is. Speedy does a fantastic job dealing with such issues. | beeswax34 (63) | ||
| 1 2 3 | |||||