computer has infected by malware WinAntiVirus2007
- Thread starter cyc85
- Start date
- Status
howard_hopkinso
Posts: 21,238 +17
You`re running an outdated version of HijackThis.
Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.
If after reading the above, you wish to clean your system, do the following.
Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.
Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.
Also, let me know the results of the AVG Antirootkit scan.
Regards Howard
This thread is for the use of cyc85 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.
If after reading the above, you wish to clean your system, do the following.
Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.
Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.
Also, let me know the results of the AVG Antirootkit scan.
Regards Howard
This thread is for the use of cyc85 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
momok
Posts: 2,127 +6
Hi,
It appears you have 'Megaupload Toolbar' installed. It has a questionable reputation. QUOTE From the Eula:
"This toolbar integrates certain services from alexa internet,inc. ("Alexa"). The toolbar may exchange data with Alexa in order to provide: (a) information to you about the web pages you view (ranking information, for example) and basic information to alexa on your use of the toolbar, including the ip address of your computer, the url of the web pages you visit and, because the toolbar communicates via http, data typical of normal http communications such as user agent and operating system, will be communicated."
I suggest uninstalling it. If you wish to uninstall Megaupload Toolbar, please do the following steps:
Close running browsers. (You may wish to copy and paste the contents of this thread to notepad or something)
Go to Start > Control Panel > Add or Remove Programs. Remove Megaupload Toolbar if found.
Go to Windows explorer and navigate to D:\PROGRA~1\MEGAUP~1 and delete this folder and its contents.
Run your HijackThis scan and place a check on the following and click 'fix', if found:
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
Also fix this, if found:
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
Clean your cache and cookies in your browsers.
For IE:
Close all instances of outlook express and internet explorer.Go to Control Panel > Internet Options > General tab
Click the "Delete Cookies" button
Next to it, Click the "Delete Files" button
When prompted, place a check in: "Delete all offline content", click OK
For Firefox:
Go to the Firefox browser, click Tools > Options.
Click Privacy in the menu on the left side of the Options window.
Click the Clear button located to the right of each option (History, Cookies, Cache)
Alternatively, you can clear all information stored while browsing by clicking Clear All.
I suggest you also download AVG Anti-Spyware 7 and rename your HijackThis.exe. Follow steps 5 and 6 as listed HERE
After you have followed the above steps, please post a fresh HJT log and AVG log.
PS. I may not be able to guide you through the entire solution, but the best you can do is to follow the above steps for now until a more experienced member replies you.
It appears you have 'Megaupload Toolbar' installed. It has a questionable reputation. QUOTE From the Eula:
"This toolbar integrates certain services from alexa internet,inc. ("Alexa"). The toolbar may exchange data with Alexa in order to provide: (a) information to you about the web pages you view (ranking information, for example) and basic information to alexa on your use of the toolbar, including the ip address of your computer, the url of the web pages you visit and, because the toolbar communicates via http, data typical of normal http communications such as user agent and operating system, will be communicated."
I suggest uninstalling it. If you wish to uninstall Megaupload Toolbar, please do the following steps:
Close running browsers. (You may wish to copy and paste the contents of this thread to notepad or something)
Go to Start > Control Panel > Add or Remove Programs. Remove Megaupload Toolbar if found.
Go to Windows explorer and navigate to D:\PROGRA~1\MEGAUP~1 and delete this folder and its contents.
Run your HijackThis scan and place a check on the following and click 'fix', if found:
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
Also fix this, if found:
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
Clean your cache and cookies in your browsers.
For IE:
Close all instances of outlook express and internet explorer.Go to Control Panel > Internet Options > General tab
Click the "Delete Cookies" button
Next to it, Click the "Delete Files" button
When prompted, place a check in: "Delete all offline content", click OK
For Firefox:
Go to the Firefox browser, click Tools > Options.
Click Privacy in the menu on the left side of the Options window.
Click the Clear button located to the right of each option (History, Cookies, Cache)
Alternatively, you can clear all information stored while browsing by clicking Clear All.
I suggest you also download AVG Anti-Spyware 7 and rename your HijackThis.exe. Follow steps 5 and 6 as listed HERE
After you have followed the above steps, please post a fresh HJT log and AVG log.
PS. I may not be able to guide you through the entire solution, but the best you can do is to follow the above steps for now until a more experienced member replies you.
howard_hopkinso
Posts: 21,238 +17
I have removed your Combofix and HJT logs, because they were posted as .doc files and therefore carry a risk of infection.
Please repost Combofix and HJT logs as either .txt of .log files.
Regards Howard
This thread is for the use of cyc85 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Please repost Combofix and HJT logs as either .txt of .log files.
Regards Howard
This thread is for the use of cyc85 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
momok
Posts: 2,127 +6
Hi
Your system is infected with adware.
I noticed that your AVG Antispyware log say all items have "No Action Taken". That`s because you didn`t tell AVG Antispyware to quarantine it`s results. I also see that you still have megaupload toolbar in your system. Let's settle that first.
You might wish to copy this into notepad or print out this page for reference.
First turn off system restore (XP/ME only). Learn how to do HERE.
Boot into safe mode under your normal user name. See how HERE
Next turn on "Show all files and folders, including hidden and system". See how HERE
Run AVG antispyware scan and quarantine the items. See HERE for instructions.
After that, run HijackThis and fix the following entries, if found:
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {B94B2252-D2B3-4A2D-8C3C-1E11690F3B9F} - D:\WINDOWS\system32\ddayx.dll (file missing)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
Go to Windows explorer and navigate to and delete these folders and their contents.:
D:\PROGRA~1\MEGAUP~1
D:\DOCUME~1\CYC_KI~1\APPLIC~1\MegauploadToolbar
Reboot into normal mode and rehide all your OS files.
Please post fresh HJT logs and AVG antispyware logs only after doing the above.e
Your system is infected with adware.
I noticed that your AVG Antispyware log say all items have "No Action Taken". That`s because you didn`t tell AVG Antispyware to quarantine it`s results. I also see that you still have megaupload toolbar in your system. Let's settle that first.
You might wish to copy this into notepad or print out this page for reference.
First turn off system restore (XP/ME only). Learn how to do HERE.
Boot into safe mode under your normal user name. See how HERE
Next turn on "Show all files and folders, including hidden and system". See how HERE
Run AVG antispyware scan and quarantine the items. See HERE for instructions.
After that, run HijackThis and fix the following entries, if found:
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {B94B2252-D2B3-4A2D-8C3C-1E11690F3B9F} - D:\WINDOWS\system32\ddayx.dll (file missing)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
Go to Windows explorer and navigate to and delete these folders and their contents.:
D:\PROGRA~1\MEGAUP~1
D:\DOCUME~1\CYC_KI~1\APPLIC~1\MegauploadToolbar
Reboot into normal mode and rehide all your OS files.
Please post fresh HJT logs and AVG antispyware logs only after doing the above.e
howard_hopkinso
Posts: 21,238 +17
I agree with momok. You should get rid of the megaupload toolbar.
In addition to the entries momok told you to fix. Have HJT fix these entries as well.
O2 - BHO: (no name) - {513B749B-188A-4154-9041-BA2CA7EF781D} - (no file)
O2 - BHO: (no name) - {B94B2252-D2B3-4A2D-8C3C-1E11690F3B9F} - D:\WINDOWS\system32\ddayx.dll (file missing)
I`d also like you to have the following file checked out over at Jotti`s.
Please visit this link http://virusscan.jotti.org/
* Click the Browse... button
* Navigate to the following file D:\Program Files\PowerArchiver\PASTARTER.EXE
* Click Open
* Please let me know the results.
See HERE for instructions on how to use AVG Antispyware.
Post a fresh HJT log as well as another AVG Antispyware log.
Regards Howard
This thread is for the use of cyc85 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
In addition to the entries momok told you to fix. Have HJT fix these entries as well.
O2 - BHO: (no name) - {513B749B-188A-4154-9041-BA2CA7EF781D} - (no file)
O2 - BHO: (no name) - {B94B2252-D2B3-4A2D-8C3C-1E11690F3B9F} - D:\WINDOWS\system32\ddayx.dll (file missing)
I`d also like you to have the following file checked out over at Jotti`s.
Please visit this link http://virusscan.jotti.org/
* Click the Browse... button
* Navigate to the following file D:\Program Files\PowerArchiver\PASTARTER.EXE
* Click Open
* Please let me know the results.
See HERE for instructions on how to use AVG Antispyware.
Post a fresh HJT log as well as another AVG Antispyware log.
Regards Howard
This thread is for the use of cyc85 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
If you wish to keep the MegaUpload toolbar, that`s up to you. Just be aware that it`s of dubious repute.
Regards Howard
This thread is for the use of cyc85 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Regards Howard
This thread is for the use of cyc85 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
About the file that u ask me 2 scan at http://virusscan.jotti.org/ nth was found....
I remembered that last time after i scan my computer with AVG antispyware, i forgot to click apply deletion... lolx
I remembered that last time after i scan my computer with AVG antispyware, i forgot to click apply deletion... lolx
howard_hopkinso
Posts: 21,238 +17
You have posted your HJT log from safe mode. Please post a fresh HJT log from normal mode.
Delete all files in AVG Antispyware quarantine.
can you tell me what this programmes is? It certainly wasn`t in any other of your previous HJT logs.
O4 - HKLM\..\RunOnce: [.\PSpice Student 9.1\1] D:\WINDOWS\system32\REGSVR32.EXE /s D:\WINDOWS\system32\atl.dll
Regards Howard
This thread is for the use of cyc85 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Delete all files in AVG Antispyware quarantine.
can you tell me what this programmes is? It certainly wasn`t in any other of your previous HJT logs.
O4 - HKLM\..\RunOnce: [.\PSpice Student 9.1\1] D:\WINDOWS\system32\REGSVR32.EXE /s D:\WINDOWS\system32\atl.dll
Regards Howard
This thread is for the use of cyc85 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
I saw the tag in front is PSpice...so i think is a a software i installed few days ago...
A software that is use in engineering course to draw circuit.....
I wonder why Pspice will load in safe mode but it didnt load in normal mode cuz it was not appear in this hijackthis log....
A software that is use in engineering course to draw circuit.....
I wonder why Pspice will load in safe mode but it didnt load in normal mode cuz it was not appear in this hijackthis log....
howard_hopkinso
Posts: 21,238 +17
Have HJT fix this entry.
O2 - BHO: (no name) - {513B749B-188A-4154-9041-BA2CA7EF781D} - (no file)
Other than that, your HJT log is clean.
Turn off system restore.(XP/ME only) See how HERE.
Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of cyc85 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
O2 - BHO: (no name) - {513B749B-188A-4154-9041-BA2CA7EF781D} - (no file)
Other than that, your HJT log is clean.
Turn off system restore.(XP/ME only) See how HERE.
Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of cyc85 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
- Status
Similar threads
