Options
Infected from a Video add-on
my laptop has been infected from a virus/Trojan. I was trying to install a video add on to Internet Explorer and once i finished installing it instead of the add on it appearers a new tool bar in my web browser which named Security Center 7. Even my home page changed to another website.(Thread doesnt allow me to post the link). Also it gave me lot of pop-up windows in Internet Explorer.
After i follow the instructions that has given by u in Steps To Take Before Posting a HijackThis Log page i was able to get rid of the problem. but once after the scan from the Kasperskey it still found 1 virus in my laptop which is still remaining since i cant delete the file using Kaspaskey. I'm currently using Avast Anti-virus. What should i need to do now.
I have attached the Reports from Kasperskey Anti-virus and the Hijack this. I couldn't attached the Panda Anti-virus report since i coudnt scan from it because i doesn't support Vista.
Please help me on this matter, Thanks
After i follow the instructions that has given by u in Steps To Take Before Posting a HijackThis Log page i was able to get rid of the problem. but once after the scan from the Kasperskey it still found 1 virus in my laptop which is still remaining since i cant delete the file using Kaspaskey. I'm currently using Avast Anti-virus. What should i need to do now.
I have attached the Reports from Kasperskey Anti-virus and the Hijack this. I couldn't attached the Panda Anti-virus report since i coudnt scan from it because i doesn't support Vista.
Please help me on this matter, Thanks
0
Comments
Please do the following...
Download SmitfraudFix (by S!Ri)
Double-click SmitfraudFix.exe.
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
This is the report tht i got from SmitfraudFix.
SmitFraudFix v2.240
Scan done at 20:13:23.87, Fri 19/10/2007
Run from C:\Softwares\Setup\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Softwares\Lavasoft\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Softwares\Spybot\SDWinSec.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Windows\System32\rundll32.exe
C:\Softwares\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Users\lasi\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\lasi\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
hosts file corrupted !
127.0.0.1 legal-at-spybot.info
127.0.0.1 legal-at-spybot.info
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\lasi
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\lasi\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\lasi\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/Wireless 3945ABG Network Connection
DNS Server Search Order: 202.188.0.133
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7E01E15F-9B14-4AF9-9205-C644CFC6ECF7}: DhcpNameServer=202.188.0.133 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7E01E15F-9B14-4AF9-9205-C644CFC6ECF7}: DhcpNameServer=202.188.0.133 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7E01E15F-9B14-4AF9-9205-C644CFC6ECF7}: DhcpNameServer=202.188.0.133 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=202.188.0.133 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=202.188.0.133 192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=202.188.0.133 192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Once again Thanks for helping me out here. What should i do next?
Start your comp to safe mode :
PC Hell: How to Start Windows in Safe Mode
Please delete folder :
C:\Program Files\Video Add-on
Boot normally and scan again with kaspersky
I was able to delete the file from Safe mode. After running the Kaspaskey Antivirus no virus found in my laptop. So i guess the problem is done. Once again thanks for helping me out here.