MSN "Is this you" virus
Hey
Yesterday I got a virus on my computer through MSN. I got a link from a friend saying "is this you?" followed by a link which was supposed to be a photo. When clicking the link I got a virus that was sending this message to everyone in my msn list automatically. I also got this 888Bar in my internet explorer and lots of pop-ups which I usually don't get. Also, I have many new virsu files popping up on my desktop that will come back even if I delete them.
Just made this Hijackthis scan and smitFraud Fix file... hopefully someone can help me out.
Thanks!
Yesterday I got a virus on my computer through MSN. I got a link from a friend saying "is this you?" followed by a link which was supposed to be a photo. When clicking the link I got a virus that was sending this message to everyone in my msn list automatically. I also got this 888Bar in my internet explorer and lots of pop-ups which I usually don't get. Also, I have many new virsu files popping up on my desktop that will come back even if I delete them.
Just made this Hijackthis scan and smitFraud Fix file... hopefully someone can help me out.
Thanks!
Logfile of HijackThis v1.99.1
Scan saved at 16:19:33, on 28/11/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
E:\XP\System32\smss.exe
E:\XP\system32\winlogon.exe
E:\XP\system32\services.exe
E:\XP\system32\lsass.exe
E:\XP\system32\svchost.exe
E:\XP\System32\svchost.exe
E:\XP\system32\ZoneLabs\vsmon.exe
E:\XP\Explorer.EXE
E:\Program Files\Eset\nod32kui.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\Program Files\NETGEAR\WG111T\wlan111t.exe
E:\Program Files\LimeWire\LimeWire.exe
E:\XP\system32\spoolsv.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\Program Files\Eset\nod32krn.exe
E:\XP\System32\svchost.exe
E:\XP\wanmpsvc.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\XP\System32\svchost.exe
E:\Documents and Settings\Nathan.NATHAN-IGMUFAOE\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/8SE/1?http://toolba...=MsgrIn stall
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\XP\System32\msdxm.ocx
O4 - HKLM\..\Run: [explorer] E:\Documents and Settings\Nathan.NATHAN-IGMUFAOE\Desktop\winstall.exe
O4 - HKLM\..\Run: [nod32kui] "E:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Zone Labs Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: LimeWire On Startup.lnk = E:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .pdf: E:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab50997.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by115fd.bay115.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/190f5226...p/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab50997.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - E:\XP\system32\drivers\KodakCCS.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - E:\Program Files\Eset\nod32krn.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\XP\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - E:\XP\wanmpsvc.exe
SmitFraudFix v2.125
Scan done at 16:55:06.27, 28/11/2006
Run from E:\Documents and Settings\Nathan.NATHAN-IGMUFAOE\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» E:\
»»»»»»»»»»»»»»»»»»»»»»»» E:\XP
»»»»»»»»»»»»»»»»»»»»»»»» E:\XP\system
»»»»»»»»»»»»»»»»»»»»»»»» E:\XP\Web
»»»»»»»»»»»»»»»»»»»»»»»» E:\XP\system32
»»»»»»»»»»»»»»»»»»»»»»»» E:\Documents and Settings\Nathan.NATHAN-IGMUFAOE
»»»»»»»»»»»»»»»»»»»»»»»» E:\Documents and Settings\Nathan.NATHAN-IGMUFAOE\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» E:\DOCUME~1\NATHAN~1.NAT\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» E:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="about:Home"
"SubscribedURL"="about:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Hopefully, somebody can help me - it is really frustrating.
SO far, Mcafee, and Nod32 and Zone alarm haven't managed to get rid of it.
I have fixed all the files that were to be fixed on the HijackThis and now I am stuck
Please help.
0
This discussion has been closed.
Comments
O4 - HKLM\..\Run: [explorer] E:\Documents and Settings\Nathan.NATHAN-IGMUFAOE\Desktop\winstall.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
[STEP 2] Remove Malicious Files:
E:\Documents and Settings\Nathan.NATHAN-IGMUFAOE\Desktop\winstall.exe
[STEP 3]Report Back to us: