Options
Another Aim Best Friends Thread
So, a friend of mine has the best friends AIM virus and I have been trying to help her get rid of it. I had her download Hijackthis and got her to send me a logfile:
Logfile of HijackThis v1.99.0
Scan saved at 4:59:52 PM, on 1/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\svcmon\wircd.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\lsess.exe
C:\WINDOWS\System32\mqguard.exe
C:\WINDOWS\System32\winxpsp2.exe
C:\WINDOWS\System32\ndis.exe
C:\WINDOWS\System32\xin.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\wupdatemon.exe
C:\WINDOWS\System32\ewinupdate32.exe
C:\WINDOWS\System32\bioswin.exe
C:\WINDOWS\System32\windowsXT.exe
C:\Program Files\Windows ControlAd\WinCtlAd.exe
C:\WINDOWS\System32\services32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Windows ControlAd\WinCtlAdAlt.exe
C:\Program Files\Admanager Controller\AdManCtl.exe
C:\Program Files\Admanager Controller\AdManKeep.exe
C:\WINDOWS\System32\mswctl32.exe
C:\WINDOWS\System32\SVCHOSTA.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Program Files\Windows TaskAd\WinTaskAd.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows TaskAd\WinSched.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory
2 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://webmail.juniata.edu/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://channels.aimtoday.com/search/aimtoolbar.jsp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = 169.254.12.122
R3 - Default URLSearchHook is missing
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} -
C:\WINDOWS\nem220.dll
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} -
C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} -
C:\WINDOWS\wsem302.dll
O2 - BHO: Viewpoint Toolbar BHO -
{A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA}
- C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} -
C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Viewpoint Toolbar -
{F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program
Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Windows Network Controller] mqguard.exe
O4 - HKLM\..\Run: [zghyhwn] C:\WINDOWS\zghyhwn.exe
O4 - HKLM\..\Run: [Windows XP Service Pack 2] winxpsp2.exe
O4 - HKLM\..\Run: [NDIS Adapter] ndis.exe
O4 - HKLM\..\Run: [x80] test.exe
O4 - HKLM\..\Run: [wupdatemon] wupdatemon.exe
O4 - HKLM\..\Run: [WindowsRegKey updated] ewinupdate32.exe
O4 - HKLM\..\Run: [Netbios Micrsoft helper] bioswin.exe
O4 - HKLM\..\Run: [blah service] windowsXT.exe
O4 - HKLM\..\Run: [Win32SysV] xin.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows
ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [system32.exe] services32.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint
Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Admanager Controller] C:\Program Files\Admanager
Controller\AdManCtl.exe
O4 - HKLM\..\Run: [Microsoft Windows Control] mswctl32.exe
O4 - HKLM\..\Run: [Windows Logon Procedure] SVCHOSTA.EXE
O4 - HKLM\..\Run: [vptray] C:\Program
Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows
TaskAd\WinTaskAd.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Sysino] lsess.exe
O4 - HKLM\..\RunServices: [Sysino] lsess.exe
O4 - HKLM\..\RunServices: [Windows Network Controller] mqguard.exe
O4 - HKLM\..\RunServices: [Windows XP Service Pack 2] winxpsp2.exe
O4 - HKLM\..\RunServices: [NDIS Adapter] ndis.exe
O4 - HKLM\..\RunServices: [x80] test.exe
O4 - HKLM\..\RunServices: [wupdatemon] wupdatemon.exe
O4 - HKLM\..\RunServices: [WindowsRegKey updated] ewinupdate32.exe
O4 - HKLM\..\RunServices: [Netbios Micrsoft helper] bioswin.exe
O4 - HKLM\..\RunServices: [Microsoft Manager] windll23.exe
O4 - HKLM\..\RunServices: [blah service] windowsXT.exe
O4 - HKLM\..\RunServices: [Win32SysV] xin.exe
O4 - HKLM\..\RunServices: [system32.exe] services32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Control] mswctl32.exe
O4 - HKLM\..\RunOnce: [Sysino] lsess.exe
O4 - HKLM\..\RunOnce: [Windows Network Controller] mqguard.exe
O4 - HKLM\..\RunOnce: [Windows XP Service Pack 2] winxpsp2.exe
O4 - HKLM\..\RunOnce: [NDIS Adapter] ndis.exe
O4 - HKLM\..\RunOnce: [Win32SysV] xin.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Sysino] lsess.exe
O4 - HKCU\..\Run: [Windows Network Controller] mqguard.exe
O4 - HKCU\..\Run: [Windows XP Service Pack 2] winxpsp2.exe
O4 - HKCU\..\Run: [x80] test.exe
O4 - HKCU\..\Run: [NDIS Adapter] ndis.exe
O4 - HKCU\..\Run: [WindowsRegKey updated] ewinupdate32.exe
O4 - HKCU\..\Run: [Netbios Micrsoft helper] bioswin.exe
O4 - HKCU\..\Run: [Win32SysV] xin.exe
O4 - HKCU\..\Run: [Microsoft Manager] windll23.exe
O4 - HKCU\..\RunOnce: [NDIS Adapter] ndis.exe
O4 - HKCU\..\RunOnce: [Win32SysV] xin.exe
O4 - HKCU\..\RunOnce: [Windows XP Service Pack 2] winxpsp2.exe
O4 - HKCU\..\RunOnce: [Windows Network Controller] mqguard.exe
O4 - HKCU\..\RunOnce: [Sysino] lsess.exe
O4 - HKCU\..\RunOnce: [Windows Logon Procedure] SVCHOSTA.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM
Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program
Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
C:\Program Files\AIM\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}
- C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://static.windupdates.com/cab/GamesUnlimited/ie/bridge-c18.cab
O23 - Service: DefWatch - Symantec Corporation -
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client - Symantec Corporation -
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: UnrealIRCd - none - C:\WINNT\svcmon\wircd.exe
O23 - Service: WLTRYSVC - Unknown - C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe (file missing)
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe
I know she has plenty of other spyware which I am helping her remove now. Can anyone tell me how to get rid of this particular virus?
here is what appears when the virus puts up an away message:
OMG LOOK http://www.ricotec.hu/[put b in here]estfriends.scr ?!!!??!?
thanks in advance
Logfile of HijackThis v1.99.0
Scan saved at 4:59:52 PM, on 1/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\svcmon\wircd.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\lsess.exe
C:\WINDOWS\System32\mqguard.exe
C:\WINDOWS\System32\winxpsp2.exe
C:\WINDOWS\System32\ndis.exe
C:\WINDOWS\System32\xin.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\wupdatemon.exe
C:\WINDOWS\System32\ewinupdate32.exe
C:\WINDOWS\System32\bioswin.exe
C:\WINDOWS\System32\windowsXT.exe
C:\Program Files\Windows ControlAd\WinCtlAd.exe
C:\WINDOWS\System32\services32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Windows ControlAd\WinCtlAdAlt.exe
C:\Program Files\Admanager Controller\AdManCtl.exe
C:\Program Files\Admanager Controller\AdManKeep.exe
C:\WINDOWS\System32\mswctl32.exe
C:\WINDOWS\System32\SVCHOSTA.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Program Files\Windows TaskAd\WinTaskAd.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows TaskAd\WinSched.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory
2 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://webmail.juniata.edu/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://channels.aimtoday.com/search/aimtoolbar.jsp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = 169.254.12.122
R3 - Default URLSearchHook is missing
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} -
C:\WINDOWS\nem220.dll
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} -
C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} -
C:\WINDOWS\wsem302.dll
O2 - BHO: Viewpoint Toolbar BHO -
{A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA}
- C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} -
C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Viewpoint Toolbar -
{F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program
Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Windows Network Controller] mqguard.exe
O4 - HKLM\..\Run: [zghyhwn] C:\WINDOWS\zghyhwn.exe
O4 - HKLM\..\Run: [Windows XP Service Pack 2] winxpsp2.exe
O4 - HKLM\..\Run: [NDIS Adapter] ndis.exe
O4 - HKLM\..\Run: [x80] test.exe
O4 - HKLM\..\Run: [wupdatemon] wupdatemon.exe
O4 - HKLM\..\Run: [WindowsRegKey updated] ewinupdate32.exe
O4 - HKLM\..\Run: [Netbios Micrsoft helper] bioswin.exe
O4 - HKLM\..\Run: [blah service] windowsXT.exe
O4 - HKLM\..\Run: [Win32SysV] xin.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows
ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [system32.exe] services32.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint
Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Admanager Controller] C:\Program Files\Admanager
Controller\AdManCtl.exe
O4 - HKLM\..\Run: [Microsoft Windows Control] mswctl32.exe
O4 - HKLM\..\Run: [Windows Logon Procedure] SVCHOSTA.EXE
O4 - HKLM\..\Run: [vptray] C:\Program
Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows
TaskAd\WinTaskAd.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Sysino] lsess.exe
O4 - HKLM\..\RunServices: [Sysino] lsess.exe
O4 - HKLM\..\RunServices: [Windows Network Controller] mqguard.exe
O4 - HKLM\..\RunServices: [Windows XP Service Pack 2] winxpsp2.exe
O4 - HKLM\..\RunServices: [NDIS Adapter] ndis.exe
O4 - HKLM\..\RunServices: [x80] test.exe
O4 - HKLM\..\RunServices: [wupdatemon] wupdatemon.exe
O4 - HKLM\..\RunServices: [WindowsRegKey updated] ewinupdate32.exe
O4 - HKLM\..\RunServices: [Netbios Micrsoft helper] bioswin.exe
O4 - HKLM\..\RunServices: [Microsoft Manager] windll23.exe
O4 - HKLM\..\RunServices: [blah service] windowsXT.exe
O4 - HKLM\..\RunServices: [Win32SysV] xin.exe
O4 - HKLM\..\RunServices: [system32.exe] services32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Control] mswctl32.exe
O4 - HKLM\..\RunOnce: [Sysino] lsess.exe
O4 - HKLM\..\RunOnce: [Windows Network Controller] mqguard.exe
O4 - HKLM\..\RunOnce: [Windows XP Service Pack 2] winxpsp2.exe
O4 - HKLM\..\RunOnce: [NDIS Adapter] ndis.exe
O4 - HKLM\..\RunOnce: [Win32SysV] xin.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Sysino] lsess.exe
O4 - HKCU\..\Run: [Windows Network Controller] mqguard.exe
O4 - HKCU\..\Run: [Windows XP Service Pack 2] winxpsp2.exe
O4 - HKCU\..\Run: [x80] test.exe
O4 - HKCU\..\Run: [NDIS Adapter] ndis.exe
O4 - HKCU\..\Run: [WindowsRegKey updated] ewinupdate32.exe
O4 - HKCU\..\Run: [Netbios Micrsoft helper] bioswin.exe
O4 - HKCU\..\Run: [Win32SysV] xin.exe
O4 - HKCU\..\Run: [Microsoft Manager] windll23.exe
O4 - HKCU\..\RunOnce: [NDIS Adapter] ndis.exe
O4 - HKCU\..\RunOnce: [Win32SysV] xin.exe
O4 - HKCU\..\RunOnce: [Windows XP Service Pack 2] winxpsp2.exe
O4 - HKCU\..\RunOnce: [Windows Network Controller] mqguard.exe
O4 - HKCU\..\RunOnce: [Sysino] lsess.exe
O4 - HKCU\..\RunOnce: [Windows Logon Procedure] SVCHOSTA.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM
Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program
Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -
C:\Program Files\AIM\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}
- C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://static.windupdates.com/cab/GamesUnlimited/ie/bridge-c18.cab
O23 - Service: DefWatch - Symantec Corporation -
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client - Symantec Corporation -
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: UnrealIRCd - none - C:\WINNT\svcmon\wircd.exe
O23 - Service: WLTRYSVC - Unknown - C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe (file missing)
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe
I know she has plenty of other spyware which I am helping her remove now. Can anyone tell me how to get rid of this particular virus?
here is what appears when the virus puts up an away message:
OMG LOOK http://www.ricotec.hu/[put b in here]estfriends.scr ?!!!??!?
thanks in advance
0
Comments