avg problems deleting or saving in volt.

mavitymavity
edited May 2005 in Spyware & Virus Removal
Hi folks, I recently ran avg after searching a few crack sites for a serial for a program, had problems before with trojans from these sites. Anyway I got a list of about 1000 virus which had hidden extentions, exe type files. These were located in windows folders, trouble is avg will not delete them nor can i search and locate the folders which they are supposidly in.

First i went to my computer icon then clicked tools, then folder option, and made sure that all hidden files and extentions, sub folders and what not were on show all hidden extentions and what not, it still will not locate the folders using start, then scroll up to search, any clues how to locate and delete hidden extentions found with avg 7.0?

Many thanks :)

Comments

  • Shadow2018Shadow2018 Northwest Missouri
    edited May 2005
    Post a HiJack This log.

    A trojan is not a virus and AV programs typically will not remove them. It must be done manually.
  • mavitymavity
    edited May 2005
    Shadow2018 wrote:
    Post a HiJack This log.

    Just used hijack this and this is my log.

    Logfile of HijackThis v1.99.1
    Scan saved at 12:43:33, on 26/05/2005
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\AOL 9.0\waol.exe
    C:\Program Files\AOL 9.0\shellmon.exe
    C:\Program Files\Common Files\AOL\aoltpspd.exe
    C:\Program Files\BearShare\BearShare.exe
    C:\WINNT\system32\wuauclt.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\unzipped\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.aol.co.uk/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.co.uk/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.aol.co.uk/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.aol.co.uk/
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0E079048-A0FE-4600-95A4-6BEE01A4F468}: NameServer = 152.163.0.26 205.188.64.153
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BB656FA8-8E4C-4047-B19D-9DD0AAC036E3}: NameServer = 205.188.146.145
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0E079048-A0FE-4600-95A4-6BEE01A4F468}: NameServer = 152.163.0.26 205.188.64.153
    O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
  • Shadow2018Shadow2018 Northwest Missouri
    edited May 2005
    Please make sure that all files are visible:
    Open my computer>click tools>click folder options>
    click view tab>check show hidden files>uncheck hide file extensions>
    click apply>click OK>exit

    Post a new log if you have not done this. If you have then disregard this.

    I do not see anything in your log. Have you been able to resolve any of your issues?
  • mavitymavity
    edited May 2005
    Shadow2018 wrote:
    Please make sure that all files are visible:
    Post a new log if you have not done this. If you have then disregard this.

    I do not see anything in your log. Have you been able to resolve any of your issues?


    Latest log after doing the above.

    Logfile of HijackThis v1.99.1
    Scan saved at 16:16:22, on 26/05/2005
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\Media Access\MediaAccK.exe
    C:\Program Files\ISTsvc\istsvc.exe
    C:\WINNT\hbcctko.exe
    C:\temp\salm.exe
    C:\WINNT\system32\ap9h4qmo.exe
    C:\Program Files\Internet Optimizer\optimize.exe
    C:\Program Files\Media Access\MediaAccess.exe
    C:\Program Files\Webroot\Washer\wwDisp.exe
    C:\WINNT\system32\p2pnetwork.exe
    C:\Program Files\AOL 9.0\waol.exe
    C:\Program Files\AOL 9.0\shellmon.exe
    C:\Program Files\Common Files\AOL\aoltpspd.exe
    C:\unzipped\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.aol.co.uk/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.co.uk/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem220.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
    O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
    O4 - HKLM\..\Run: [p2pnetwork] p2pnetwork.exe
    O4 - HKLM\..\Run: [MlGr] C:\WINNT\hbcctko.exe
    O4 - HKLM\..\RunServices: [p2pnetwork] p2pnetwork.exe
    O4 - HKCU\..\Run: [p2pnetwork] p2pnetwork.exe
    O4 - HKCU\..\RunServices: [p2pnetwork] p2pnetwork.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.aol.co.uk/
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0E079048-A0FE-4600-95A4-6BEE01A4F468}: NameServer = 152.163.0.26 205.188.64.153
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BB656FA8-8E4C-4047-B19D-9DD0AAC036E3}: NameServer = 205.188.146.145
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0E079048-A0FE-4600-95A4-6BEE01A4F468}: NameServer = 152.163.0.26 205.188.64.153
    O17 - HKLM\System\CS2\Services\Tcpip\..\{0E079048-A0FE-4600-95A4-6BEE01A4F468}: NameServer = 205.188.146.145
    O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
  • Shadow2018Shadow2018 Northwest Missouri
    edited May 2005
    Place a check next to these entries and click Fix Checked:
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
    O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
    O4 - HKLM\..\Run: [p2pnetwork] p2pnetwork.exe
    O4 - HKLM\..\RunServices: [p2pnetwork] p2pnetwork.exe
    O4 - HKCU\..\Run: [p2pnetwork] p2pnetwork.exe
    O4 - HKCU\..\RunServices: [p2pnetwork] p2pnetwork.exe

    Then reboot into safe mode. Tap f8 at start up.

    Then delete these files or directories:
    C:\Program Files\Media Access
    C:\Program Files\ISTsvc
    C:\temp\salm.exe
    C:\Program Files\Internet Optimizer
    C:\WINNT\system32\p2pnetwork.exe

    The salm.exe file may or may not be located in a specific directory. Whatever directory you find this in delete it. It may be labeled 180 solutions. If it is a stand alone file then just delete that file. If there is a directory for the p2pnetwork then delete the whole directory as well.

    Then download ewido security suite from here:
    http://www.ewido.net/en/download/
    Run the set up program>update the program>exit this for now.



    Then download Adaware se and spybot s/d from here:
    http://majorgeeks.com/download506.html
    http://majorgeeks.com/download2471.html
    Run the set up program>update the program>exit these for now.

    In normal mode run a scan with ewido security, Adaware se and spybot.

    Please post a new log when finished.
Sign In or Register to comment.