also @ TechSpot: Updated Microsoft EULA prohibits class action lawsuits

TechSpot

[Solved] Have downloaded Malware but virus is blocking access to it

Discussion in 'Virus and Malware Removal' started by gill12, Feb 26, 2011.

Thread Status:
Not open for further replies.
Page 4 of 4

  1. gill12 Newcomer, in training

    I meant the past few days.
    gill12, Mar 16, 2011
    #61

  2. Broni Malware Annihilator

    Cool [IMG]
    Good luck and stay safe :)
    Broni, Mar 16, 2011
    #62

  3. gill12 Newcomer, in training

    Thanks very much, I really appreciate your help.

    I am posting an Avira log because I got another Trojan today. Does it end? I get loads of spam mails so maybe that's the source. I am going to study your link on 'how did i get infected'.




    Avira AntiVir Personal
    Report file date: 17 March 2011 10:45

    Scanning for 2497697 virus strains and unwanted programs.

    The program is running as an unrestricted full version.
    Online services are available:

    Licensee : Avira AntiVir Personal - FREE Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Windows XP
    Windows version : (Service Pack 3) [5.1.2600]
    Boot mode : Normally booted
    Username : SYSTEM
    Computer name : OWNER-D61B4598E

    Version information:
    BUILD.DAT : 10.0.0.635 31822 Bytes 07/03/2011 12:15:00
    AVSCAN.EXE : 10.0.3.5 435368 Bytes 10/01/2011 14:23:31
    AVSCAN.DLL : 10.0.3.0 46440 Bytes 01/04/2010 12:57:04
    LUKE.DLL : 10.0.3.2 104296 Bytes 10/01/2011 14:23:40
    LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 23:40:49
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 09:05:36
    VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 14:23:50
    VBASE002.VDF : 7.11.3.0 1950720 Bytes 09/02/2011 00:08:03
    VBASE003.VDF : 7.11.3.1 2048 Bytes 09/02/2011 00:08:03
    VBASE004.VDF : 7.11.3.2 2048 Bytes 09/02/2011 00:08:03
    VBASE005.VDF : 7.11.3.3 2048 Bytes 09/02/2011 00:08:03
    VBASE006.VDF : 7.11.3.4 2048 Bytes 09/02/2011 00:08:03
    VBASE007.VDF : 7.11.3.5 2048 Bytes 09/02/2011 00:08:03
    VBASE008.VDF : 7.11.3.6 2048 Bytes 09/02/2011 00:08:03
    VBASE009.VDF : 7.11.3.7 2048 Bytes 09/02/2011 00:08:04
    VBASE010.VDF : 7.11.3.8 2048 Bytes 09/02/2011 00:08:04
    VBASE011.VDF : 7.11.3.9 2048 Bytes 09/02/2011 00:08:04
    VBASE012.VDF : 7.11.3.10 2048 Bytes 09/02/2011 00:08:04
    VBASE013.VDF : 7.11.3.59 157184 Bytes 14/02/2011 00:08:05
    VBASE014.VDF : 7.11.3.97 120320 Bytes 16/02/2011 00:08:05
    VBASE015.VDF : 7.11.3.148 128000 Bytes 19/02/2011 00:08:05
    VBASE016.VDF : 7.11.3.183 140288 Bytes 22/02/2011 00:08:06
    VBASE017.VDF : 7.11.3.216 124416 Bytes 24/02/2011 00:08:06
    VBASE018.VDF : 7.11.3.251 159232 Bytes 28/02/2011 00:08:06
    VBASE019.VDF : 7.11.4.33 148992 Bytes 02/03/2011 00:08:07
    VBASE020.VDF : 7.11.4.73 150016 Bytes 06/03/2011 00:08:07
    VBASE021.VDF : 7.11.4.108 122880 Bytes 08/03/2011 00:08:07
    VBASE022.VDF : 7.11.4.150 133120 Bytes 10/03/2011 00:08:08
    VBASE023.VDF : 7.11.4.183 122368 Bytes 14/03/2011 21:27:08
    VBASE024.VDF : 7.11.4.228 123392 Bytes 16/03/2011 21:27:10
    VBASE025.VDF : 7.11.4.229 2048 Bytes 16/03/2011 21:27:10
    VBASE026.VDF : 7.11.4.230 2048 Bytes 16/03/2011 21:27:10
    VBASE027.VDF : 7.11.4.231 2048 Bytes 16/03/2011 21:27:10
    VBASE028.VDF : 7.11.4.232 2048 Bytes 16/03/2011 21:27:11
    VBASE029.VDF : 7.11.4.233 2048 Bytes 16/03/2011 21:27:11
    VBASE030.VDF : 7.11.4.234 2048 Bytes 16/03/2011 21:27:11
    VBASE031.VDF : 7.11.4.235 2048 Bytes 16/03/2011 21:27:11
    Engineversion : 8.2.4.186
    AEVDF.DLL : 8.1.2.1 106868 Bytes 10/01/2011 14:23:26
    AESCRIPT.DLL : 8.1.3.56 1261945 Bytes 11/03/2011 00:08:16
    AESCN.DLL : 8.1.7.2 127349 Bytes 10/01/2011 14:23:26
    AESBX.DLL : 8.1.3.2 254324 Bytes 10/01/2011 14:23:26
    AERDL.DLL : 8.1.9.8 639346 Bytes 16/03/2011 21:27:22
    AEPACK.DLL : 8.2.4.12 520567 Bytes 16/03/2011 21:27:20
    AEOFFICE.DLL : 8.1.1.17 205177 Bytes 11/03/2011 00:08:15
    AEHEUR.DLL : 8.1.2.86 3350903 Bytes 16/03/2011 21:27:18
    AEHELP.DLL : 8.1.16.1 246134 Bytes 11/03/2011 00:08:11
    AEGEN.DLL : 8.1.5.2 397683 Bytes 11/03/2011 00:08:11
    AEEMU.DLL : 8.1.3.0 393589 Bytes 10/01/2011 14:23:18
    AECORE.DLL : 8.1.19.2 196983 Bytes 11/03/2011 00:08:10
    AEBB.DLL : 8.1.1.0 53618 Bytes 10/01/2011 14:23:18
    AVWINLL.DLL : 10.0.0.0 19304 Bytes 10/01/2011 14:23:32
    AVPREF.DLL : 10.0.0.0 44904 Bytes 10/01/2011 14:23:30
    AVREP.DLL : 10.0.0.8 62209 Bytes 17/06/2010 14:27:13
    AVREG.DLL : 10.0.3.2 53096 Bytes 10/01/2011 14:23:31
    AVSCPLR.DLL : 10.0.3.2 84328 Bytes 10/01/2011 14:23:31
    AVARKT.DLL : 10.0.22.6 231784 Bytes 10/01/2011 14:23:27
    AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 10/01/2011 14:23:28
    SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 14:27:22
    AVSMTP.DLL : 10.0.0.17 63848 Bytes 10/01/2011 14:23:31
    NETNT.DLL : 10.0.0.0 11624 Bytes 17/06/2010 14:27:21
    RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 13:10:20
    RCTEXT.DLL : 10.0.58.0 97128 Bytes 10/01/2011 14:23:52

    Configuration settings for the scan:
    Jobname.............................: avguard_async_scan
    Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_4dec4102\guard_slideup.avp
    Logging.............................: low
    Primary action......................: interactive
    Secondary action....................: quarantine
    Scan master boot sector.............: on
    Scan boot sector....................: off
    Process scan........................: on
    Scan registry.......................: off
    Search for rootkits.................: off
    Integrity checking of system files..: off
    Scan all files......................: All files
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: high

    Start of the scan: 17 March 2011 10:45

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'NclRSSrv.exe' - '1' Module(s) have been scanned
    Scan process 'NclUSBSrv.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avshadow.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'sua.exe' - '1' Module(s) have been scanned
    Scan process 'PSIA.exe' - '1' Module(s) have been scanned
    Scan process 'PSI_TRAY.exe' - '1' Module(s) have been scanned
    Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'PresentationFontCache.exe' - '1' Module(s) have been scanned
    Scan process 'ServiceLayer.exe' - '1' Module(s) have been scanned
    Scan process 'iPodService.exe' - '1' Module(s) have been scanned
    Scan process 'YahooAUService.exe' - '1' Module(s) have been scanned
    Scan process 'TosBtSrv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
    Scan process 'jqs.exe' - '1' Module(s) have been scanned
    Scan process 'FsUsbExService.Exe' - '1' Module(s) have been scanned
    Scan process 'DVDRAMSV.exe' - '1' Module(s) have been scanned
    Scan process 'dgdersvc.exe' - '1' Module(s) have been scanned
    Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'RAMASST.exe' - '1' Module(s) have been scanned
    Scan process 'KiesTrayAgent.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
    Scan process 'OneTouchMon.exe' - '1' Module(s) have been scanned
    Scan process 'psqltray.exe' - '1' Module(s) have been scanned
    Scan process 'realsched.exe' - '1' Module(s) have been scanned
    Scan process 'lxbkbmon.exe' - '1' Module(s) have been scanned
    Scan process 'lxbkbmgr.exe' - '1' Module(s) have been scanned
    Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
    Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
    Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned
    Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
    Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
    Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned

    Starting the file scan:

    Begin scan in 'C:\WINDOWS\system32\msible.dll'
    C:\WINDOWS\system32\msible.dll
    [DETECTION] Is the TR/Agent.horo.5 Trojan

    Beginning disinfection:
    C:\WINDOWS\system32\msible.dll
    [DETECTION] Is the TR/Agent.horo.5 Trojan
    [NOTE] The registration entry <HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004\LibraryPath> was removed successfully.
    [NOTE] The file was moved to the quarantine directory under the name '575b6666.qua'.


    End of the scan: 17 March 2011 10:46
    Used time: 00:02 Minute(s)

    The scan has been done completely.

    0 Scanned directories
    59 Files were scanned
    1 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 files were deleted
    0 Viruses and unwanted programs were repaired
    1 Files were moved to quarantine
    0 Files were renamed
    0 Files cannot be scanned
    58 Files not concerned
    0 Archives were scanned
    0 Warnings
    1 Notes


    The scan results will be transferred to the Guard.
    gill12, Mar 17, 2011
    #63

  4. gill12 Newcomer, in training

    Hi, me again.

    I can't access the internet now on that computer: my windows wireless configuration file has gone and am unable to set up a wireless connection. Probably something to do with that last Trojan and the quarantined file? HELP
    gill12, Mar 17, 2011
    #64

  5. Broni Malware Annihilator

    Please download MiniToolBox and run it.

    Checkmark following boxes:
    • Report IE Proxy Settings
    • List content of Hosts
    • List IP configuration
    Click Go and post the result.
    Broni, Mar 17, 2011
    #65

  6. gill12 Newcomer, in training

    MiniToolBox by Farbar
    Ran by Owner at 2011-03-17 23:12:07
    Microsoft Windows XP Service Pack 3 (X86)

    ***************************************************************************


    ========================= IE Proxy Settings: ==============================

    Proxy is not enabled.
    No Proxy Server is set.

    ========================= End of IE Proxy Settings ========================
    =============== Hosts content: ============================================

    127.0.0.1 localhost

    =============== End of Hosts ==============================================

    ================= IP Configuration: ======================================= Initialization Function InitHelperDll in IPMONTR.DLL failed to start with error code 11003


    # ----------------------------------
    # Interface IP Configuration
    # ----------------------------------
    pushd interface ip


    # Interface IP Configuration for "Local Area Connection"

    set address name="Local Area Connection" source=dhcp
    set dns name="Local Area Connection" source=dhcp register=PRIMARY
    set wins name="Local Area Connection" source=dhcp

    # Interface IP Configuration for "Wireless Network Connection"

    set address name="Wireless Network Connection" source=dhcp
    set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
    set wins name="Wireless Network Connection" source=dhcp


    popd
    # End of interface IP configuration




    Windows IP Configuration



    Host Name . . . . . . . . . . . . : owner-d61b4598e

    Primary Dns Suffix . . . . . . . :

    Node Type . . . . . . . . . . . . : Unknown

    IP Routing Enabled. . . . . . . . : No

    WINS Proxy Enabled. . . . . . . . : No



    Ethernet adapter Local Area Connection:



    Media State . . . . . . . . . . . : Media disconnected

    Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection

    Physical Address. . . . . . . . . : 00-0E-7B-37-1C-97



    Ethernet adapter Wireless Network Connection:



    Connection-specific DNS Suffix . : Home

    Description . . . . . . . . . . . : Intel(R) PRO/Wireless 3945ABG Network Connection

    Physical Address. . . . . . . . . : 00-13-02-CC-CF-4D

    Dhcp Enabled. . . . . . . . . . . : Yes

    Autoconfiguration Enabled . . . . : Yes

    IP Address. . . . . . . . . . . . : 0.0.0.0

    Subnet Mask . . . . . . . . . . . : 0.0.0.0

    Default Gateway . . . . . . . . . :

    DHCP Server . . . . . . . . . . . : 0.0.0.0

    DNS Servers . . . . . . . . . . . : 0.0.0.0

    Server: UnKnown
    Address: (null)

    Unable to initialize Windows Sockets interface, error code 0.

    Server: UnKnown
    Address: (null)

    Unable to initialize Windows Sockets interface, error code 0.

    Unable to initialize Windows Sockets interface, error code 0.

    ===========================================================================
    Interface List
    0x1 ........................... MS TCP Loopback interface
    0x2 ...00 0e 7b 37 1c 97 ...... Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
    0x40003 ...00 13 02 cc cf 4d ...... Intel(R) PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
    ===========================================================================
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    ===========================================================================
    Persistent Routes:
    None

    ================= End of IP Configuration =================================
    gill12, Mar 17, 2011
    #66

  7. Broni Malware Annihilator

    Yeah, your connection settings are totally messed up.

    Can you check, if you can connect, if you hardwire your computer to the router, using ethernet cable?
    Any other computers on the same router? No problems there?
    Broni, Mar 17, 2011
    #67

  8. gill12 Newcomer, in training

    It doesn't work with the cable either. My other computer can access internet on the same wireless system.

    On the bad computer I cannot access any of the wireless options, although a a local, free service is showing up but with poor connectivity.
    Windows says 'cannot configure this wireless connection. If you have enabled another program to to manage wireless connection, use that software. '[
    gill12, Mar 17, 2011
    #68

  9. Broni Malware Annihilator

    Try some basic steps...

    Make sure, your computer is set to obtain IP address automatically.
    1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel)
    2. Double click Network Connections (Vista/7 users: Network and Sharing Center)
    3. Vista/7 users - From the list of tasks on the left, click Manage network connections.
    4. For a wired network connection, right-click Local Area Connection, and then select Properties.
    For a wireless network connection, right-click Wireless Network Connection, and then select Properties.
    5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol (TCP/IP), make sure it is checked, and then click Properties
    6. Click Obtain an IP Address Automatically, and then click OK.

    If that doesn't work...
    Turn off computer. Disconnect router, and modem from power source for 1 minute. At the same time disconnect ethernet cable as well.
    Reconnect everything.
    Restart computer.

    If that doesn't work, bypass router, and connect computer straight to the modem.

    If that doesn't work...
    Go Start>Run (Start search in Vista), type in:
    cmd
    Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

    In Command Prompt window, type in following commands, and hit Enter after each one:
    ipconfig /flushdns
    ipconfig /registerdns
    ipconfig /release
    ipconfig /renew
    net stop "dns client"
    net start "dns client"


    Restart computer.

    If that doesn't work...
    Go Start>Run (Start search in Vista and 7), type in:
    cmd
    Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

    At Command Prompt, type in:
    netsh int ip reset reset.log
    Hit Enter.
    Type in:
    netsh winsock reset catalog
    Hit Enter.

    Restart computer.


    If that doesn't work...
    Download, install, and run WinSockFix: http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml (doesn't work in Vista and 7)
    Restart computer, and check again.

    If that doesn't work...
    Download Dial-A-Fix (DAF) (doesn't work in Vista and 7):
    http://wiki.lunarsoft.net/wiki/Dial-a-fix#Mirrors.2Fdownload_locations.2C_and_articles

    Have XP CD available in case DAF needs a file. Likely not!

    Check all boxes on the screen (clear any restrictions if it shows any)
    Then click GO!

    When the entire page is finished click the HammerHead at bottom to go to the second DAF page.

    Here, one at a time, do the below:

    Reinstall BITS
    Reinstall Windows Firewall
    Repair Permissions
    Reset networking

    Watch for any File not found or other errors and make note as this may lead to the fix!

    Restart computer.
    Broni, Mar 17, 2011
    #69

  10. gill12 Newcomer, in training

    i will do this now, but just wondered if reinstating the quarantined file from this morning might fix things (except the virus).
    gill12, Mar 17, 2011
    #70

  11. Broni Malware Annihilator

    No, that file looks suspicious.
    It may be simply a coincidence between Avast finding a trojan and your lost connection.
    We'll see.
    Broni, Mar 17, 2011
    #71

  12. gill12 Newcomer, in training

    At ipconfig /registerdns, the message said failed: RPC server unavailable.
    Shall I carry on at cmd
    gill12, Mar 17, 2011
    #72

  13. Broni Malware Annihilator

    Yeah, whatever doesn't work, skip it and go to next step.
    Broni, Mar 17, 2011
    #73

  14. gill12 Newcomer, in training

    All fixed with WinsockFix. Back in business.
    Thank you, thank you, thank you.
    gill12, Mar 17, 2011
    #74

  15. Broni Malware Annihilator

    Wonderful :)
    Broni, Mar 17, 2011
    #75
Page 4 of 4
Thread Status:
Not open for further replies.