[Resolved] Is there any virus or harmful things in my computer?

[casper11]

hello there,
,
i've seen that something extra in working aroung in my computer n i tried to slove myself but i failed, i used combofix and SmitfraudFix to scan, i used adware 2007 to scan , i used AVG antispyware, i used AVg antivirus to scan , and sypbot too.. but the result was nothing... so do help me with this..

it is like isass.exe. MDM.exe or maybe there's more.. i don't know..


help...

regards,
casper11

 

[howard_hopkinso]

Your HJT log is clean.

it is like isass.exe. MDM.exe or maybe there's more.. i don't know..

It`s like, just doesn`t help at all. I need to know exactly what it is and where you`re seeing the files you mentioned.

Regards Howard

 

[casper11]

i just know that when i look at my window task manager. it is always there when i start up computer n i tried to end the program but it doesn't allow me to do so

 

[howard_hopkinso]

What`s always there? I`ve already said I need to know exactly what it is. If you can see it in task manager, you can tell me what it is, yes?

Now, do you think you could give me the exact names of the processes you`re seeing in task manager?

Regards Howard

 

[casper11]

MDM.EXE
Path:C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
command line:"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
current directory:C:\WINDOWS\system32\
parent: services.exe(792)
user: NT AUTHORITY\SYSTEM


This(thing that i think is harmful??) is the pathway that i can give u by checking from a program called process explorer.

hope these help..??!!??

 

[howard_hopkinso]

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

That`s the Microsoft machine debug manager and is perfectly safe.

C:\WINDOWS\system32\services.exe<This is the correct file path and is where this file is supposed to be running from.

services.exe is a part of the Microsoft Windows Operating System and manages the operation of starting and stopping services. This process also deals with the automatic starting of services during the computers boot-up and the stopping of services during shut-down. This program is important for the stable and secure running of your computer and should not be terminated.

You`re just worrying unnecessarily.

Regards Howard

 

[casper11]

may i ask..? is there any different between mdm.exe and MDM.EXE?and the path and the current directory?

 

[howard_hopkinso]

No, mdm.exe and MDM.exe are the same file, just in a different case.

Unless you`re having problems, then stop worrying.

Regards Howard

 

[casper11]

recently i've format my computer n install everything n updated everything but when i scan with AVG antisypware and ad aware it appears many problem....

 

[casper11]

can someone please tell me what to do? this is because i've not take any action on it yet!!! ....

 

[momok]

Hi,

I suggest you do the following before doing anything else

Important: Please read this thread HERE before deciding if you should CLEAN or FORMAT your system

Should you decide to that cleaning your system is the best option, please go to Viruses/Spyware/Malware, preliminary removal instructions and follow the steps given.
Do follow all the instructions exactly.

Thereafter, please post fresh HijackThis, AVG Antispyware and Combofix logs as attachments into this thread.
Do not copy and paste your logs if not they will be removed.

Our experts here will tend to your queries thereafter.

Also, please provide the results of the Antirootkit scan


Regards,
momok

This thread is for the use of casper11 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and The Web forum.

 

[casper11]

the HERE that u suggest me to visit is an ad.. are u sure about this?

 

[casper11]

this are the results..

 

[momok]

Hi,

Sorry for the late reply. Where is your AVG antispyware log file?

1. Open notepad and copy/paste the text in the quote box below into it (all except the word QUOTE):
   
   

   File::
   C:\WINDOWS\iun6002.exe
   C:\sqmdata19.sqm
   C:\sqmnoopt19.sqm
   C:\sqmnoopt18.sqm
   C:\sqmdata18.sqm
   C:\sqmdata17.sqm
   C:\sqmnoopt17.sqm
   C:\sqmnoopt16.sqm
   C:\sqmdata16.sqm
   C:\sqmnoopt15.sqm
   C:\sqmdata15.sqm
   C:\sqmdata14.sqm
   C:\sqmnoopt14.sqm
   C:\sqmnoopt13.sqm
   C:\sqmdata13.sqm
   C:\sqmdata12.sqm
   C:\sqmnoopt12.sqm
   C:\sqmnoopt11.sqm
   C:\sqmdata11.sqm
   C:\sqmdata10.sqm
   C:\sqmnoopt10.sqm
   C:\sqmnoopt09.sqm
   C:\sqmdata09.sqm
   C:\sqmnoopt08.sqm
   C:\sqmdata08.sqm
   C:\sqmdata07.sqm
   C:\sqmnoopt07.sqm
   C:\sqmnoopt06.sqm
   C:\sqmdata06.sqm
   C:\sqmdata05.sqm
   C:\sqmnoopt05.sqm
   C:\sqmnoopt04.sqm
   C:\sqmdata04.sqm
   C:\sqmdata03.sqm
   C:\sqmnoopt03.sqm
   C:\sqmnoopt02.sqm
   C:\sqmdata02.sqm
   C:\sqmdata01.sqm
   C:\sqmnoopt01.sqm
   C:\sqmnoopt00.sqm
   C:\sqmdata00.sqm
   Folder::
   C:\9ed2a68272498a225820ffd10476e4
   C:\92340e797007a78d6120b8

2. Save this as CFScript on the desktop.
3. Referring to the image below, drag CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe.
   
   
   
   
4. ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply.
   
   Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang

Thereafter, please post fresh HJT and AVG Antispyware logs and the resultant ComboFix log from the above instructions as attachments into this thread.


Regards,
momok =)

This thread is for the use of casper11 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and The Web forum.

 

[casper11]

this are the result. the AVG antispyware result show nothing found

 

[momok]

Hi,

1. Open notepad and copy/paste the text in the quote box below into it (all except the word QUOTE):
   
   

   Registry::
   [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67e7d9c9-b4fa-11dc-ab67-001b77591f60}]

2. Save this as CFScript on the desktop.
3. Referring to the image below, drag CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe.
   
   
   
   
4. ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply.
   
   Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang

Thereafter, please post a fresh HJT log and the resultant ComboFix log from the above instructions as attachments into this thread.

I also suggest you check all your USB storage devices as they are possibly infected.


Regards,
momok =)

This thread is for the use of casper11 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and The Web forum.

 

[casper11]

each time i scan with combofix my Avg antivirus will pop up and said:

Treat detected!!
While opening file: C:\DOCUME~1\VINCEN~1\LOCALS~1\Temp\lwhvyplu.dll
Trojan horse Generic9.AJZR

I've clicked the heal button but the next time i scan with combofix the same thing appear...

 

[momok]

Hi,

Please boot into safe mode and conduct a FULL system scan with your AVG antivirus. Set the action for all detected entries to quarantine (move to vault).

Thereafter go through my instructions in the previous post (post #16) once more.

Let me know the results.

Regards,
momok

 

[casper11]

both result are from safe mode. AVG antivirus detect nothing. >)

 

[momok]

Hi,

Please download and run CCleaner via step 9 of the instructions HERE.

Next, have HijackThis fix these 2 entries:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - (no file)

Navigate manually in Windows Explorer and delete this entire folder:
C:\Program Files\VVSN

Are you experiencing any further problems?

Regards,
momok

 

[casper11]

what is Windows Explorer?? where can i find it??

 

[casper11]

Navigate manually in Windows Explorer and delete this entire folder:
C:\Program Files\VVSN

Are you experiencing any further problems?

yes i do.. i don't know where to get Windows Explorer. n i've not delete C:\Program Files\VVSN yet.. could u tell me more on this?

 

[momok]

Simply open "My Computer", and navigate manually to the file path C:\Program Files\VVSN and delete it.

 

[casper11]

could i send u another result just to make sure there's nothing harmful to my computer ?

i need another help from you. i wish that my computer can start up faster.. can u help me on this?

 

[momok]

Yes, in fact I require you to post fresh HijackThis and ComboFix logs from normal mode.

For information to speed up your system, please read this thread HERE.

Regards,
momok

This thread is for the use of casper11 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and The Web forum.