Crazy Virus HJT attached

By Crazee
Aug 23, 2008
  1. I'm unsure how to even explain this virus really, so I'm not gonna try. All I can say really is the reason that only a HJT log is included is because when I run ComboFix my computer completely freezes when it gets to 5th step. Also my SuperAntiSpyware log isn't included because everytime I try to view the log it notepad completely freezes before I can even copy and paste it or save it as a new file. Originally I believe I had a varient of the Vundo virus, but I believe I finally killed that, but apparently it allowed something much worse in. Whatever it is likes to run utility.exe, temps.exe, and many more processes I've never seen before. I attempted googling almost every aspect of this virus I can think of and come up with nothing so you guys and gals are my final hope. This has been going on for the past 4 days. Started out as nothing and now is getting steadily worse. So without further ado here is my HJT log. Hope it tells you more then it has me.

    Attached Files:

  2. Crazee

    Crazee TS Rookie Topic Starter

    ~bump~ really need help soon please! Getting worse!
  3. rf6647

    rf6647 TS Maniac Posts: 829

    Caution: I am NOT certified as trained in malware removal

    Recommendation: Use HJT, checkmark all of the following;
    HJT can reverse any of these actions.

    HJT: Checkmark Sets services (023) to DISABLE:
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

    Remark: Keep "punkster" from confusing the issue.

    HJT: Checkmark deletes; considered malware
    F2 -REG:system.ini:UserInit=C:\WINDOWS\SYSTEM\Userinit.exe,C:\WINDOWS\system32\ntos.exe,

    Questioable / open to debate / your choice
    O2 - BHO: XBTB05199 - {A06DD01F-46E5-4C6C-B80B-B2C2F9011A8B} - C:\Program Files\Netdisaster\netdisaster_v1.2.dll

    Highly suspicious

    O4 - HKLM\..\Policies\Explorer\Run: [dljj_df] C:\WINDOWS\system\llzjy080817.exe
    O4 - HKLM\..\Policies\Explorer\Run: [kcien32] kncer30.exe

    O21 - SSODL: twainyy.dll - {434FA69C-5F0A-42e1-82B8-10AF2C8E53C6} - C:\WINDOWS\system32\twainyy.dll
    O21 - SSODL: kbdgrms.dll - {E560642D-A32D-432c-9E7E-9A135CC37E0F} - C:\WINDOWS\system32\kbdgrms.dll
    O21 - SSODL: lweurqhx.dll - {71A78CD4-E470-4a18-8457-E0E0283DD507} - C:\WINDOWS\system32\lweurqhx.dll
    O21 - SSODL: bootvidgj.dll - {D3112B69-A745-4805-874E-ABD480EA1299} - C:\WINDOWS\system32\bootvidgj.dll
    O21 - SSODL: cliconfgzx.dll - {7A6DF30E-D0F2-446f-B4F0-BF4232D60E07} - C:\WINDOWS\system32\cliconfgzx.dll
    O21 - SSODL: fsusdtd.dll - {B7F5682F-1D2C-49b5-8723-E75ED258CA0D} - C:\WINDOWS\system32\fsusdtd.dll

    Overall impression: The list of services (o23) is lengthy. Punkster & bit-torrent hog internet resources. Please follow Malware Removal Instructions. This is your best hope for a thorough cleaning.

    First post cited these programs. Use HJT to Disable.
    O23 - Service: Distributed Link Tracking Client Service (ClientService) - Unknown owner -C:\WINDOWS\system32\utilty.exe
    O23 - Service: Windows Accounts Driver (WindowsRemote) - Unknown owner - C:\WINDOWS\system32\temps.exe

    Following the Malware Removal Procedure may fully remove these threats. Advance features for HJT may also remove these threats.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...