TechSpot

MSN virus..need help

By nick3103
Apr 6, 2007
  1. recently i received a photo album.zip file from my friend..and am affected with it..it spreads the file from my account to my contacts through conversation windows which i did not initiate..
    i deleted the photo album.zip file from "my received files" and "windows" but the problem still persisted..
    here's my HJT log..
     
  2. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    Hello and welcome to TechSpot.

    Very important: Before deciding whether to clean or reformat your system, read this thread and decide what you want to do.

    If, after reading the above thread, you decide to clean your system, read the Viruses/spyware/malware, preliminary removal instructions. Follow all the instructions exactly, then post fresh HJT, ComboFix, and AVG Antispyware logs as attachments into this thread. Also post here the results of the AVG Antirootkit scan.

    Regards :)

    This thread is for the use of nick3103 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
     
  3. nick3103

    nick3103 TS Rookie Topic Starter

    antiroot kit scan

    sry for slow reply..i did the antiroot kit scan and they said no rootkits found...what do i do next?

    also i forgot to add in thatthere is this message when my desktop loads finish>>The system DLL user32.dll was relocated in memory. The application will not run properly. The relocation occured because the DLL C:/WINDOWS/system32/HHCTRL.OCX occupied in address range reserved for Windows system DLLS. The vendor supplying the DLL =something= contacted for a new DLL.

    i missed out the =something= part..is one or 2 words..not sure what is it
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Post the requested log files and we`ll let you know the best way to proceed.

    Regards Howard :wave: :wave:

    This thread is for the use of nick3103 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. nick3103

    nick3103 TS Rookie Topic Starter

    combofix and hjt log

    attached are the logs
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You didn`t post an AVG Antispyware log as requested. Please do so in your next reply.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    Starware347

    Close the control panel.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbubcDyUaazwlbdhenG k1XFrKQxAtHKDlUHfjuYsjQ/LZAS44gamy8lXDI0AA7ZT+X/W42wuVxb2DO0txswspSg+35qL8gIxXli QY2sWzJWEo35T4=

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILEOi+UdWpSlz2q9Dzn13Emww/YwLe98kRA1QsBUa MJt/drxn7fq6KOdHJSRotB7J9qbWOZBq7XgXYyAJjTC02JHlV7c89M1nlPBto4TLe7k7j4UXvBD3B/eV Jj1LbNEhHHHDeA=

    R3 - URLSearchHook: ScriptInocUI Class - - (no file)

    O2 - BHO: (no name) - {45A4902E-4479-4EAE-A186-8D0F7E4C78DE} - C:\Program Files\Starware347\bin\Starware347.dll

    O3 - Toolbar: Starware347 - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - C:\Program Files\Starware347\bin\Starware347.dll

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\Program Files\Starware347<Delete the entire folder.

    Reboot into normal mode and rehide your protected OS files.

    Post a fresh HJT log as well as an AVG Antispyware log.

    Regards Howard :)

    This thread is for the use of nick3103 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. nick3103

    nick3103 TS Rookie Topic Starter

    okay

    thanks a lot...i will go try okay...but can't do it now..it's getting very late here...i can't use computer ready..if possible i will post tomorrow..thanks for the help =)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...