Options

Ok, I FINISHED EVERYTHING from the instructions, now here is my LOG!!!, PLZ HELP!

Unknown
edited March 2006 in Spyware & Virus Removal
Hey, this is jeff again. I just completed what you told me to do. I went through all the information and scanned my pc with "spy bot search and destroy", "adaware", and "spyblaster". I also used two programs to scan for viruses one being "antivir guard" and another trojan application i used was "Ewido Security Sweet". I also cleaned all my temp internet files and creating a back up of the system registery again. NOW, what i said before i had, i'm not sure I still have it. I think I may of deleted it by my self. I went into HJT program and looked for that certain file name and fix checked it so i think its gone. BUT, now just recently i have all kinds of new problems attacking my pc. I had a message that popped on my screen stating that I have the ""black worm Virus"" and i clicked ok, it took me to this site where you can dl a program called "windowsfix2006" i then downloaded it and it turns out, it was a fake program. *sigh* So now i have MORE problems. Not only that, another message popped up stating that i had another kind of virus, called "the Beatle Virus" Now I have no idea, i have never ever had this happend before. But its causing serous issues and its making my computer crash. Also i can't watch movies, they skip like all the time. ANother thing that I noticed, one of the files that my "zone alarm" keeps picking up is a file named "sass.exe" or something close to that. I have no idea what that is, but i scanned with both virus programs and it picked up some trojan dialers and stuff. So i then deleted them, how ever, i'm still getting problems with those message popping up. The site is ameina.com or close to that. Don't click on that link if it is, thats why i made a fake link, i wouldn't want to infect your pc as well. I already infected my friends pc by giving him the link. How ever the message on that link clearly stated that the "black worm virus", or "beatle virus" was activated feburary 2006, i guess. It states that my pc might be infected with that virus, i don't really know. Any ways thats all the information I know about this threat, on my next post i'll post my HJT LOG, and PLZ when you can help me ASAP, that would be great, thanks!!!!

PS: I NEED THIS PROBLEM FIXED ASAP, THANK YOU!!!!!!

Comments

  • link9us-1
    edited March 2006
    Logfile of HijackThis v1.99.1
    Scan saved at 5:18:20 PM, on 3/26/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\lsass.exe
    C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
    C:\Program Files\MSN\MSNCoreFiles\MSN.EXE
    C:\Program Files\MSN\MSNIA\msniasvc.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\System32\ZoneLabs\vsmon.exe
    C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - Default URLSearchHook is missing
    O2 - BHO: DosSpecFolder Object - {3E1BEA96-02D9-4992-B508-9B51819D9D86} - C:\WINDOWS\System32\urqnl.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {538A0179-BDB8-C838-CBC8-94FC2E8FBFBC} - C:\WINDOWS\System32\akgtf.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase7617.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E4691FE7-DF7B-4B06-8C26-717D354B07F9}: NameServer = 209.244.0.3 209.244.0.4
    O20 - Winlogon Notify: urqnl - C:\WINDOWS\System32\urqnl.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
    O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe
    O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINDOWS\shost.exe (file missing)
Sign In or Register to comment.