TechSpot

BuddyPic / jpg infected me, popups and sending of IMs to spread virus

By kthorne
Dec 4, 2005
  1. Help! I accidently opened a link from my sister and am now infected. What's happening is, I get popups occasionally, but also, whenever I start to run IM programs, they randomly send out a msg like, "Hey, I found your pic. Click here: http:\\....buddypic.com\....jpg." But that's an exe that infects you.

    Attached is my hjt log.
     
  2. Mictlantecuhtli

    Mictlantecuhtli TS Evangelist Posts: 4,345   +11

    I'd kill these processes:

    C:\WINDOWS\csrvs.exe
    C:\WINDOWS\system32\wdfmgr.exe
    c:\windows\adtech2006.exe
    C:\WINDOWS\S2V2aW4gVGhvcm5l\command.exe
    C:\PROGRA~1\COMMON~1\qzkq\qzkqm.exe
    C:\PROGRA~1\COMMON~1\qzkq\qzkqa.exe
    C:\WINDOWS\system32\igps.exe
    C:\WINDOWS\system32\pgws.exe


    And fix these with HJT:

    O4 - HKLM\..\Run: [timessquare] C:\windows\timessquare.exe
    O4 - HKLM\..\Run: [adtech2006] c:\windows\adtech2006.exe
    O4 - HKLM\..\Run: [lspins] "C:\WINDOWS\system32\igps.exe"
    O4 - HKLM\..\Run: [0wao06rs.dll] RUNDLL32.EXE 0wao06rs.dll,b 25724421
    O4 - HKCU\..\Run: [AutoUpdate] C:\Program Files\Serials3k\s3k_autoupdate.exe
    O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\Program Files\QL\qlink32.dll
    O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\sle.dll
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\S2V2aW4gVGhvcm5l\command.exe
    O23 - Service: Secure HTTP (Service Secured) - Unknown owner - C:\WINDOWS\csrvs.exe
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...