TechSpot

some wierd virus i guess...

By sungod
Oct 26, 2005
  1. i couldnt open my task manager so i downloaded security task manager.

    it shows 2 files name is:
    name is: process id 1812
    C:\WINDOWS\SYSTEM32\MOULEDLG.EXE
    and the text within the files says Error: The system cannot find the file specified.
    well its there cause its running a process....

    name is: proccess id 3356
    C:\PROGRAM FILES\AIMFTNYX\DAVKRSRC.EXE
    Error: The system cannot find the file specified

    both of these when i try to kill process just come back somehow... i ran spyware doctor and it doesnt find anything...

    and then i have a process
    C:\Program Files\winupdates\winupdates.exe
    which seems to be wierd since it takes 93% of my cpu
    under the security rating it says functions: monitor and inpute data.

    my hjk log is:

    Logfile of HijackThis v1.99.1
    Scan saved at 7:02:09 PM, on 10/26/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\wnntwbm.exe
    C:\Program Files\winupdates\winupdates.exe
    C:\program files\advanced system optimizer\memtuneup.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\U29rb2wA\command.exe
    C:\WINDOWS\System32\NMSSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\SYSTEM32\cidaemon.exe
    C:\Program Files\Opera\Opera.exe
    C:\Program Files\BitComet\BitComet.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Security Task Manager\TaskMan.exe
    C:\Documents and Settings\Sokol\Desktop\HijackThis.exe

    N3 - Netscape 7: # Mozilla User Preferences

    /* Do not edit this file.
    *
    * If you make changes to this file while the browser is running,
    * the changes will be overwritten when the browser exits.
    *
    * To make a manual change to preferences, you can visit the URL about:config
    * For more information, see http://www.mozilla.org/unix/customizing.html#prefs
    */

    user_pref("browser.activation.checkedNNFlag", true);
    user_pref("browser.bookmarks.added_static_root", true);
    user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
    user_pref("browser.startup.homepage_override.mstone", "rv:1.7.2");
    user_pref("dom.disable_open_during_load", true);
    user_pref("intl.charsetmenu.browser.cache", "ISO-8859-1");
    user_pref("network.cookie.prefsMigrated", true);
    user_pref("prefs.converted-to-utf8", true);
    user_pref("privacy.popups.first_popup", false);
    user_pref("signon.SignonFileName", "6785254.s");
    user_pref("browser.helperApps.neverAsk.openFile", "app
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [wnntwbm] C:\WINDOWS\wnntwbm.exe
    O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
    O4 - HKCU\..\Run: [Systweak Memory Optimizer] c:\program files\advanced system optimizer\memtuneup.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U29rb2wA\command.exe (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (file missing)
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Windows Tracks Washer Registry Service (WTWService) - Unknown owner - C:\Program Files\Windows Tracks Washer\washservice.exe (file missing)
     
  2. themadcoyote

    themadcoyote TS Rookie

    instead of ending simply the program.. right click on it and hit end process tree, that way it ends all programs connected to the malware or virus. then try to run norton or ad-aware
     
  3. just_a_nobody

    just_a_nobody TS Rookie Posts: 182

    It does not look like you have an anti-virus program installed, download AVG free: http://www.majorgeeks.com/download886.html

    C:\Program Files\winupdates\winupdates.exe
    C:\WINDOWS\U29rb2wA\command.exe
    O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto

    These 3 are bad ones and should be removed. First turn off your system restore, empty your recycle bin, and remove any temp internet files (IE/Tools Menu/Internet Options/Temorary Internet Files/Delete Files button.

    Then put a check mark next to the 3 items above and select fix items in HJT.

    Reboot and turn your system restore back on.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...