TechSpot

Browser Modifier Malware

By APL1373
Jul 22, 2009
  1. hey can someone help me remove some malware. i keep getting an error message from windows defender saying that i have a threat "browser modifier win:32. when i click the remove button it just pops up again later. can anyone please help me. ive run hijack this and this is what i've got.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:04:55 AM, on 7/21/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16850)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Acer\Empowering Technology\admServ.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\sopidkc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Acer\Empowering Technology\admtray.exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\PROGRA~1\LAUNCH~1\LManager.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
    C:\WINDOWS\system32\ElkCtrl.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\DOCUME~1\ANDREW~1\LOCALS~1\Temp\RtkBtMnt.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Verizon\McciTrayApp.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Acer\Empowering Technology\admtray.exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\PROGRA~1\LAUNCH~1\LManager.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
    C:\WINDOWS\system32\ElkCtrl.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Verizon\McciTrayApp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\DOCUME~1\Andrew\LOCALS~1\Temp\RtkBtMnt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
    C:\DOCUME~1\Andrew\LOCALS~1\Temp\Temporary Directory 2 for HiJackThis.zip\HijackThis.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
     
  2. raybay

    raybay TS Evangelist Posts: 7,241   +9

    Did you try removing in <SAFE MODE>? It appears the infestation remains?

    What removal tools (software) did you use to attempt the removal, or have you?

    Suggest you try SuperAntiSpyware and MalwareBytes as a start... even though you apparently have Symantec, I would try Avira Antivir or AVAST...

    Scan in both full mode and Safe Mode.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...