Options

EXTREME HELP!!! PLZZ!!!!! - My HI jack this log!!!

Unknown
edited March 2006 in Spyware & Virus Removal
Hi, my name is Jeff. I heard this forum is the best for getting rid of viruses and spyware from a friend of mine. I am in GREAT need of help. I have tried EVERYTHING i can. I need your help, I just got off the phone with microsoft, i have been the phone for about 4 or 5 hrs. They helped me take care of my pc, its running really smoothly now, I did have a whole ton of stuff before. i am installing msn9 on my pc right now. BUT, there is still one spyware that not even them was able to help me with. I have my zone alarm blocking it now, but it is trying to axcess my pc and there was 70 intrusion attemps from this spyware alone, so i still need to get rid of that and once i do my pc will be back in good working order, I think. SO... here is the name... "rjatyd.exe" - ... please, help ASAP!!!!!! ok, I have been working and trying to resolve this issue for a very long time. I'm not even sure its a spyware. I think its a virus or a worm. I tried scanning it with nortons and avg. It still couldn't get rid of it. I also tried using the online scan trendmicro, and beta live, not to mention they scans i download, which would be syblocker and adaware. Still this threat still remains. How ever, i did try and search for the file name other "search all files and folders" I found it in the Prefetch in the windows folder in the Root of C. I then Deleted it, then restarted my pc. I went back there and the file was GONE. But how ever, as soon as I went back online, that file was running in my system processes again and causing pc to crash and i can't connect to the interenet. It causes problems with that as well. I ALSO tried deleting start up items from the registery and and backed up my pc, and did a restore. Still, the problem is not fixed, thats why i say. I am hoping that you guys can help me, your my last hope. If you can, i don't know who can. I even reformated my hard drive like 4 or 5 times. Any ways i'll post my hI jack this LOg on the post right below this on ok, i would appreciate it if you can get to this message ASAP ok, thanks!!

Comments

  • KwitkoKwitko Sheriff of Banning (Retired) By the thing near the stuff Icrontian
    edited March 2006
    Moved to SVT. Welcome to Short-Media. In order to help you with your spyware problem - which I'm almost positive it is- you'll need to do some prep work. Please follow the steps in this thread. If, after going through the steps you are still having a problem, post your HijackThis log and we will do our best to help you.
  • link9us-1
    edited March 2006
    Logfile of HijackThis v1.99.1
    Scan saved at 7:01:58 PM, on 3/24/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\DOCUME~1\JEFFMA~1\LOCALS~1\Temp\rjatyd.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\System32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {ADCD30FF-0119-4906-8A8B-D52D1EED044B} - C:\WINDOWS\System32\vturq.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Anti-Virus Update Scheduler] C:\DOCUME~1\JEFFMA~1\LOCALS~1\Temp\rjatyd.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase7617.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E4691FE7-DF7B-4B06-8C26-717D354B07F9}: NameServer = 209.244.0.3 209.244.0.4
    O20 - Winlogon Notify: vturq - C:\WINDOWS\SYSTEM32\vturq.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
    O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe (file missing)

    I need help trying to get rid of the certain virues or spyare called "RYATD", thanks!!
  • primesuspectprimesuspect Beepin n' Boopin Detroit, MI Icrontian
    edited March 2006
    Read this first and then repost your log.
Sign In or Register to comment.