lesser-equity

Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

Please help me with this horrible virus

Register Site Spy Member List Donate Search Today's Posts Mark Forums Read Forum Rules


Register


Reply
 
Thread Tools
  #1  
Old 9th Jan 2009, 07:39
New Member Group
  
My laptop has been infected with some ridiculous that's not being detected by Avira AntiVir Premium (updated), Superantispyware, and Windows Defender. The virus has disabled or blocked everything related to Microsoft - Windows updates, IE Phishing filter, Microsoft website, etc. Home pages of all major security applications have also been blocked, which means I can't update any security tool that uses the same domain for both home page and update servers.
I've scanned with AntiVir on "High Heuristics" mode thrice but to no effect. :(


This is the Security Analyzer log of Advanced SystemCare (same as Hijack This) :


Logfile of Advanced SystemCare 3 Security Analyzer
Scan saved at 19:59:57, on 09-01-2009
Platform: Windows Vista (WinNT 6.0)
MSIE: Internet Explorer v7.0 (7.0.6001.18000)
Boot mode: Normal
Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\WinPatrol\WinPatrol.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Cyberoam Client\CyberoamClient.exe
C:\PROGRAM FILES\HEWLETT-PACKARD\HP QUICKTOUCH\HPKBDAPP.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP QUICK LAUNCH BUTTONS\QLBCTRL.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Adobe Reader\Reader\AcroRd32.exe
C:\Program Files\Adobe Reader\Reader\AcroRd32Info.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\IEPro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\WinPatrol\winpatrol.exe -expressboot
O8 - Extra context menu item: &Clean Traces -
O8 - Extra context menu item: &Download with &DAP -
O8 - Extra context menu item: Download &all with DAP -
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} -
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} -
O9 - Extra button: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} -
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_11) - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: (Ati External Event Utility) - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: Biometric Authentication Service (DPS) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown - %ProgramFiles%\Windows Media Player\wmpnetwk.exe



Please help me!
  #2  
Old 9th Jan 2009, 09:36
New Member Group
  
Is you copy of windows legit? What browser are you using?

Try Firefox and see if it produce same result.

if not, uninstall your AV and install Eset or AVG. Failing that, i suggest you secure your data and reinstall windows.
  #3  
Old 9th Jan 2009, 09:51
Administrator Group
  
Quote:
Originally Posted by nashsaint View Post
Is you copy of windows legit? What browser are you using?

Try Firefox and see if it produce same result.

if not, uninstall your AV and install Eset or AVG. Failing that, i suggest you secure your data and reinstall windows.
Please leave malware logs for the malware team, thanks.
__________________

My System: Hybr!d

Processor(s):
AMD Turion 64 x2 TL-64 2.2GHz
Motherboard:
HP nForce 560
RAM Memory:
2GB DDR2 PC2-5300
Graphics Card(s):
Nvidia 7150M Onboard Integrated
Sound Card:
5.1 Onboard Integrated
Hard Drive(s):
250GB 5400RPM SATA300
Optical Drive(s):
18x CD/DVDRW-DL ATA
Case / PSU:
Stock HP
Cooling:
Stock HP
Network / Internet:
10/100 Nic / 10MB Virgin Cable
Monitor(s):
17" WXGA+ HD BrightView Widescreen
Operating System(s):
Windows 7 Ultimate 32Bit
  #4  
Old 9th Jan 2009, 10:09
Moderator Group
  
Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.
  • Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers.
  • Then search for TDSSserv.sys
  • Let me know if you find this or not.
  • If you do find it, right click on it, and select “Disable”. Do not try to uninstall it.
  • Also if this is found and you disable it.
  • Now reboot.

----------

Go HERE and run the scans. Post the 3 logs when complete.
__________________
Reply

Register
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright ©2006 - 2009 Computer Juice.
Contact - Privacy - Sitemap - Top

Powered by vBulletin® Copyright ©2000 - 2009 Jelsoft Enterprises Ltd. SEO by vBSEO ©2009, Crawlability, Inc.