[Resolved] Is there any virus or harmful things in my computer?

By casper11
Nov 2, 2007
Topic Status:
Not open for further replies.
  1. hello there,
    ,
    i've seen that something extra in working aroung in my computer n i tried to slove myself but i failed, i used combofix and SmitfraudFix to scan, i used adware 2007 to scan , i used AVG antispyware, i used AVg antivirus to scan , and sypbot too.. but the result was nothing... so do help me with this..

    it is like isass.exe. MDM.exe or maybe there's more.. i don't know..


    help...

    regards,
    casper11
  2. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    Your HJT log is clean.

    It`s like, just doesn`t help at all. I need to know exactly what it is and where you`re seeing the files you mentioned.

    Regards Howard :)
  3. casper11

    casper11 Newcomer, in training Topic Starter Posts: 95

    i just know that when i look at my window task manager. it is always there when i start up computer n i tried to end the program but it doesn't allow me to do so:(
  4. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    What`s always there? I`ve already said I need to know exactly what it is. If you can see it in task manager, you can tell me what it is, yes?

    Now, do you think you could give me the exact names of the processes you`re seeing in task manager?

    Regards Howard :)
  5. casper11

    casper11 Newcomer, in training Topic Starter Posts: 95

    MDM.EXE
    Path:C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    command line:"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
    current directory:C:\WINDOWS\system32\
    parent: services.exe(792)
    user: NT AUTHORITY\SYSTEM


    This(thing that i think is harmful??) is the pathway that i can give u by checking from a program called process explorer.

    hope these help..??!!??
  6. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    That`s the Microsoft machine debug manager and is perfectly safe.

    C:\WINDOWS\system32\services.exe<This is the correct file path and is where this file is supposed to be running from.

    services.exe is a part of the Microsoft Windows Operating System and manages the operation of starting and stopping services. This process also deals with the automatic starting of services during the computers boot-up and the stopping of services during shut-down. This program is important for the stable and secure running of your computer and should not be terminated.

    You`re just worrying unnecessarily.

    Regards Howard :)
  7. casper11

    casper11 Newcomer, in training Topic Starter Posts: 95

    may i ask..? is there any different between mdm.exe and MDM.EXE?and the path and the current directory?
  8. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    No, mdm.exe and MDM.exe are the same file, just in a different case.

    Unless you`re having problems, then stop worrying.

    Regards Howard :)
  9. casper11

    casper11 Newcomer, in training Topic Starter Posts: 95

    recently i've format my computer n install everything n updated everything but when i scan with AVG antisypware and ad aware it appears many problem....
  10. casper11

    casper11 Newcomer, in training Topic Starter Posts: 95

    can someone please tell me what to do? this is because i've not take any action on it yet!!! ....
  11. momok

    momok Newcomer, in training Posts: 2,272

    Hi,

    I suggest you do the following before doing anything else

    Important: Please read this thread HERE before deciding if you should CLEAN or FORMAT your system

    Should you decide to that cleaning your system is the best option, please go to Viruses/Spyware/Malware, preliminary removal instructions and follow the steps given.
    Do follow all the instructions exactly.

    Thereafter, please post fresh HijackThis, AVG Antispyware and Combofix logs as attachments into this thread.
    Do not copy and paste your logs if not they will be removed.

    Our experts here will tend to your queries thereafter.

    Also, please provide the results of the Antirootkit scan


    Regards,
    momok

    This thread is for the use of casper11 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and The Web forum.
  12. casper11

    casper11 Newcomer, in training Topic Starter Posts: 95

    the HERE that u suggest me to visit is an ad.. are u sure about this?
  13. casper11

    casper11 Newcomer, in training Topic Starter Posts: 95

    this are the results..
     
  14. momok

    momok Newcomer, in training Posts: 2,272

    Hi,

    Sorry for the late reply. Where is your AVG antispyware log file?

    1. Open notepad and copy/paste the text in the quote box below into it (all except the word QUOTE):

    2. Save this as CFScript on the desktop.
    3. Referring to the image below, drag CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe.
      [​IMG]
    4. ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply.

      Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang

    Thereafter, please post fresh HJT and AVG Antispyware logs and the resultant ComboFix log from the above instructions as attachments into this thread.


    Regards,
    momok =)

    This thread is for the use of casper11 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and The Web forum.
  15. casper11

    casper11 Newcomer, in training Topic Starter Posts: 95

    this are the result. the AVG antispyware result show nothing found
  16. momok

    momok Newcomer, in training Posts: 2,272

    Hi,

    1. Open notepad and copy/paste the text in the quote box below into it (all except the word QUOTE):

    2. Save this as CFScript on the desktop.
    3. Referring to the image below, drag CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe.
      [​IMG]
    4. ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply.

      Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang

    Thereafter, please post a fresh HJT log and the resultant ComboFix log from the above instructions as attachments into this thread.

    I also suggest you check all your USB storage devices as they are possibly infected.


    Regards,
    momok =)

    This thread is for the use of casper11 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and The Web forum.
  17. casper11

    casper11 Newcomer, in training Topic Starter Posts: 95

    each time i scan with combofix my Avg antivirus will pop up and said:

    Treat detected!!
    While opening file: C:\DOCUME~1\VINCEN~1\LOCALS~1\Temp\lwhvyplu.dll
    Trojan horse Generic9.AJZR

    I've clicked the heal button but the next time i scan with combofix the same thing appear...
  18. momok

    momok Newcomer, in training Posts: 2,272

    Hi,

    Please boot into safe mode and conduct a FULL system scan with your AVG antivirus. Set the action for all detected entries to quarantine (move to vault).

    Thereafter go through my instructions in the previous post (post #16) once more.

    Let me know the results.

    Regards,
    momok
  19. casper11

    casper11 Newcomer, in training Topic Starter Posts: 95

    both result are from safe mode. AVG antivirus detect nothing.:( >)
  20. momok

    momok Newcomer, in training Posts: 2,272

    Hi,

    Please download and run CCleaner via step 9 of the instructions HERE.

    Next, have HijackThis fix these 2 entries:
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - (no file)

    Navigate manually in Windows Explorer and delete this entire folder:
    C:\Program Files\VVSN

    Are you experiencing any further problems?

    Regards,
    momok
  21. casper11

    casper11 Newcomer, in training Topic Starter Posts: 95

    what is Windows Explorer?? where can i find it??
  22. casper11

    casper11 Newcomer, in training Topic Starter Posts: 95

    yes i do.. i don't know where to get Windows Explorer. n i've not delete C:\Program Files\VVSN yet.. could u tell me more on this?
  23. momok

    momok Newcomer, in training Posts: 2,272

    Simply open "My Computer", and navigate manually to the file path C:\Program Files\VVSN and delete it.
  24. casper11

    casper11 Newcomer, in training Topic Starter Posts: 95

    could i send u another result just to make sure there's nothing harmful to my computer ?

    i need another help from you. i wish that my computer can start up faster.. can u help me on this?
  25. momok

    momok Newcomer, in training Posts: 2,272

    Yes, in fact I require you to post fresh HijackThis and ComboFix logs from normal mode.

    For information to speed up your system, please read this thread HERE.

    Regards,
    momok

    This thread is for the use of casper11 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and The Web forum.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.