Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Windows XP Windows XP
Search Search
Search for:
Tech Support Guy > > >

Solved: Infected WinXP Box


(!)

spog71's Avatar
spog71 spog71 is offline
Junior Member with 4 posts.
THREAD STARTER
 
Join Date: Apr 2007
Location: Detroit, MI
Experience: Advanced
28-Apr-2007, 10:25 PM #1
Solved: Infected WinXP Box
Part 1

I have been working on this computer for a friend of mine. He claimed it would boot into safe mode.

Here are the specs:
Dell Dimension 2400
Intel Pentium 4 2.53 GHz
512 MB Ram
MS Windows XP Home
Version 2002
SP2

I loaded AVG Anti-Virus 7.5 into it as soon as I got it.

Here is a list of the viruses that were removed.

Trojan horse PSW.Agent.GYF C:\WINDOWS\system32\dsbshell32.dll 4/27/2007 10:51:08 PM dsbshell32.dll 15 KB
Trojan horse BackDoor.Generic5.XJH C:\WINDOWS\system32\drivers\ip6fw.sys 4/27/2007 10:51:17 PM ip6fw.sys 7.13 KB
Trojan horse Generic3.VKZ C:\WINDOWS\Temp\83734.exe 4/27/2007 10:51:23 PM 83734.exe 34.5 KB
Trojan horse BackDoor.Generic6.ENC C:\WINDOWS\system32\ksys.sys 4/27/2007 10:51:26 PM ksys.sys 3.63 KB
Trojan horse Proxy.AMP C:\WINDOWS\system32\qux.dll 4/27/2007 10:51:32 PM qux.dll 14.5 KB
Trojan horse Proxy.MYP C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll 4/28/2007 9:28:05 AM winsys2f.dll 14.49 KB
Trojan horse Proxy.NAL C:\WINDOWS\system32\a3dxx.dll 4/28/2007 10:50:04 AM a3dxx.dll 9.81 KB
Trojan horse Clicker.FGI C:\WINDOWS\system32\lzx32.sys 4/28/2007 10:51:12 AM lzx32.sys 69.93 KB
Virus found Klone C:\WINDOWS\system32\dsoucmp.dll 4/27/2007 9:55:39 PM dsoucmp.dll 16.54 KB
Trojan horse Downloader.Tibs.4.BB C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89IRK56J\cent[1].exe 4/28/2007 12:16:07 AM cent[1].exe 89.33 KB
Trojan horse Downloader.Tibs.4.BI C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89IRK56J\cent[2].exe 4/28/2007 12:16:07 AM cent[2].exe 89.33 KB
Trojan horse Downloader.Tibs.4.BA C:\Documents and Settings\Owner\Local Settings\Temp\2.dllb 4/28/2007 12:16:07 AM 2.dllb 19.16 KB
Trojan horse SpamTool.UX C:\Documents and Settings\Owner\Local Settings\Temp\2E1.tmp 4/28/2007 12:16:07 AM 2E1.tmp 104.5 KB
Trojan horse Generic3.VAS C:\Documents and Settings\Owner\Local Settings\Temp\2E2.tmp 4/28/2007 12:16:08 AM 2E2.tmp 75 KB
Trojan horse SpamTool.UX C:\Documents and Settings\Owner\Local Settings\Temp\32D.tmp 4/28/2007 12:16:08 AM 32D.tmp 104.5 KB
Trojan horse Generic3.VAS C:\Documents and Settings\Owner\Local Settings\Temp\32E.tmp 4/28/2007 12:16:08 AM 32E.tmp 75 KB
Trojan horse SpamTool.UX C:\Documents and Settings\Owner\Local Settings\Temp\332.tmp 4/28/2007 12:16:08 AM 332.tmp 104.5 KB
Trojan horse Downloader.Tibs.4.BA C:\Documents and Settings\Owner\Local Settings\Temp\6.dllb 4/28/2007 12:16:08 AM 6.dllb 7.66 KB
Trojan horse Downloader.Tibs.4.BA C:\Documents and Settings\Owner\Local Settings\Temp\7.dllb 4/28/2007 12:16:08 AM 7.dllb 7.66 KB
Trojan horse Downloader.Agent.KJE C:\Documents and Settings\Owner\Local Settings\Temp\qv3xt3.game 4/28/2007 12:16:08 AM qv3xt3.game 18 KB
Trojan horse Downloader.Agent.KGR C:\Documents and Settings\Owner\Local Settings\Temp\tmp1A4.tmp.exe 4/28/2007 12:16:08 AM tmp1A4.tmp.exe 40 KB
Trojan horse Generic3.UVC C:\Documents and Settings\Owner\Local Settings\Temp\tmp2DE.tmp.exe 4/28/2007 12:16:08 AM tmp2DE.tmp.exe 48.81 KB
Trojan horse Downloader.Agent.KGR C:\Documents and Settings\Owner\Local Settings\Temp\tmp327.tmp.exe 4/28/2007 12:16:08 AM tmp327.tmp.exe 40 KB
Trojan horse Generic3.UUL C:\Documents and Settings\Owner\Local Settings\Temp\tmp328.tmp.exe 4/28/2007 12:16:08 AM tmp328.tmp.exe 120 KB
Trojan horse Generic3.UZD C:\Documents and Settings\Owner\Local Settings\Temp\tmp358.tmp.exe 4/28/2007 12:16:08 AM tmp358.tmp.exe 48.81 KB
Trojan horse Downloader.Agent.KGR C:\Documents and Settings\Owner\Local Settings\Temp\tmp412.tmp.exe 4/28/2007 12:16:08 AM tmp412.tmp.exe 40 KB
Trojan horse Downloader.Agent.KGR C:\Documents and Settings\Owner\Local Settings\Temp\tmpCD.tmp.exe 4/28/2007 12:16:08 AM tmpCD.tmp.exe 40 KB
Trojan horse Downloader.Agent.KHO C:\Documents and Settings\Owner\Local Settings\Temp\v4x3.ga2me 4/28/2007 12:16:08 AM v4x3.ga2me 12 KB
Trojan horse Proxy.NAL C:\Documents and Settings\Owner\Local Settings\Temp\vx1t3.game 4/28/2007 12:16:09 AM vx1t3.game 9.81 KB
Trojan horse Downloader.Tibs.4.BA C:\Documents and Settings\Owner\Local Settings\Temp\vx3t2.game 4/28/2007 12:16:09 AM vx3t2.game 6.8 KB
Trojan horse Downloader.Tibs.4.BA C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2H0J2161\cent[1].exe 4/28/2007 12:16:09 AM cent[1].exe 89.8 KB
Trojan horse Downloader.Agent.KGR C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2H0J2161\lientnstaller15_02[1] 4/28/2007 12:16:09 AM lientnstaller15_02[1] 40 KB
Trojan horse Generic3.VAS C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2H0J2161\winsp4[1].exe 4/28/2007 12:16:09 AM winsp4[1].exe 75 KB
Trojan horse Proxy.NDA C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\6NEZY1EJ\ecfndijn3fre[1].jpg 4/28/2007 12:16:09 AM ecfndijn3fre[1].jpg 69.34 KB
Trojan horse Generic3.UZD C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\6NEZY1EJ\fish20070418[1] 4/28/2007 12:16:09 AM fish20070418[1] 48.81 KB
Trojan horse BackDoor.Agent.FFD C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\6NEZY1EJ\pcfbruytte[1].jpg 4/28/2007 12:16:09 AM pcfbruytte[1].jpg 50.87 KB
Trojan horse Downloader.Tibs.4.AZ C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KDKV43WR\adv_4[1].exe 4/28/2007 12:16:09 AM adv_4[1].exe 9.3 KB
Trojan horse Proxy.NCB C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KDKV43WR\dbvuernk3cfre[1].jpg 4/28/2007 12:16:09 AM dbvuernk3cfre[1].jpg 73.64 KB
Trojan horse Proxy.MZK C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KDKV43WR\dvefni2crew[1].jpg 4/28/2007 12:16:09 AM dvefni2crew[1].jpg 70.71 KB
Trojan horse Proxy.MZK C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KDKV43WR\dvefni2crew[2].jpg 4/28/2007 12:16:10 AM dvefni2crew[2].jpg 70.71 KB
Trojan horse Downloader.Tibs.4.BA C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KDKV43WR\pdp[1].exe 4/28/2007 12:16:10 AM pdp[1].exe 39.8 KB
Trojan horse BackDoor.Agent.FFD C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KDKV43WR\pxbujvfj[1].jpg 4/28/2007 12:16:10 AM pxbujvfj[1].jpg 50.87 KB
Trojan horse Generic3.UUL C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KDKV43WR\smysmymr20070406[1] 4/28/2007 12:16:10 AM smysmymr20070406[1] 120 KB
Trojan horse Generic3.UVC C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KPUB8HMF\vodka[1] 4/28/2007 12:16:10 AM vodka[1] 48.81 KB
Trojan horse SpamTool.UX C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OLO1EVCD\winig[1].exe 4/28/2007 12:16:10 AM winig[1].exe 104.5 KB
Trojan horse Generic3.VBL C:\WINDOWS\ddddcc.dll 4/28/2007 12:16:18 AM ddddcc.dll 104.26 KB
Trojan horse BackDoor.Agent.FFD C:\WINDOWS\dfhtgregre.exe 4/28/2007 12:16:18 AM dfhtgregre.exe 50.87 KB
Trojan horse Proxy.NDA C:\WINDOWS\dqwcesfr.exe 4/28/2007 12:16:18 AM dqwcesfr.exe 69.34 KB
Trojan horse Proxy.NCB C:\WINDOWS\erthgfwfregre.exe 4/28/2007 12:16:18 AM erthgfwfregre.exe 73.64 KB
Trojan horse Proxy.MZK C:\WINDOWS\njhbgvbvdc.exe 4/28/2007 12:16:18 AM njhbgvbvdc.exe 70.71 KB
Trojan horse BackDoor.Agent.FFD C:\WINDOWS\ujyhvfbgfvd.exe 4/28/2007 12:16:19 AM ujyhvfbgfvd.exe 50.87 KB
Trojan horse Downloader.Tibs.4.BA C:\WINDOWS\xpupdate.exe 4/28/2007 12:16:19 AM xpupdate.exe 19.16 KB
Trojan horse Clicker.FGI C:\WINDOWS\system32:lzx32.sys 4/28/2007 12:16:19 AM system32:lzx32.sys 69.93 KB
Trojan horse Downloader.Tibs.4.BA C:\WINDOWS\system32\cent.exe.exe 4/28/2007 12:16:19 AM cent.exe.exe 89.8 KB
Trojan horse Downloader.Tibs.4.BA C:\WINDOWS\system32\dlh9jkd1q2.exe 4/28/2007 12:16:19 AM dlh9jkd1q2.exe 19.16 KB
Trojan horse Downloader.Tibs.4.BA C:\WINDOWS\system32\dlh9jkd1q6.exe 4/28/2007 12:16:19 AM dlh9jkd1q6.exe 7.66 KB
Trojan horse Downloader.Tibs.4.BA C:\WINDOWS\system32\dlh9jkd1q7.exe 4/28/2007 12:16:19 AM dlh9jkd1q7.exe 7.66 KB
Trojan horse Downloader.Tibs.4.AZ C:\WINDOWS\system32\kernels32.exe 4/28/2007 12:16:19 AM kernels32.exe 9.3 KB
Trojan horse Downloader.Tibs.4.BA C:\WINDOWS\system32\pdp.exe.exe 4/28/2007 12:16:20 AM pdp.exe.exe 39.8 KB
Trojan horse Generic3.VBJ C:\WINDOWS\system32\tmp2DE.tmp.dll 4/28/2007 12:16:20 AM tmp2DE.tmp.dll 36.78 KB
Trojan horse Downloader.Tibs.4.BA C:\WINDOWS\system32\vexg4am1et2.exe 4/28/2007 12:16:20 AM vexg4am1et2.exe 6.8 KB
Trojan horse Downloader.Agent.KHO C:\WINDOWS\system32\vexga5me3.exe 4/28/2007 12:16:20 AM vexga5me3.exe 12 KB
Trojan horse Generic3.NLG C:\WINDOWS\system32\ws2_32.dll:fork2 4/28/2007 12:16:20 AM ws2_32.dll:fork2 22 KB
Trojan horse Downloader.Tibs.4.AZ C:\WINDOWS\system32\~.exe 4/28/2007 12:16:21 AM ~.exe 9.3 KB
Trojan horse BackDoor.Generic5.XJH C:\WINDOWS\system32\drivers\ip6fw.sys 4/28/2007 12:16:21 AM ip6fw.sys 7.13 KB
Trojan horse SpamTool.UN C:\WINDOWS\system32\drivers\ndis.sys 4/28/2007 12:16:21 AM ndis.sys 274.75 KB
Trojan horse Downloader.Tibs.4.BI C:\WINDOWS\Temp\win5F74.tmp 4/28/2007 12:16:21 AM win5F74.tmp 29.33 KB
Trojan horse Downloader.Tibs.4.BI C:\WINDOWS\Temp\winB987.tmp 4/28/2007 12:16:21 AM winB987.tmp 29.33 KB
Trojan horse Proxy.MVQ C:\WINDOWS\system32\adllsmmp.exe 4/27/2007 10:23:23 PM adllsmmp.exe 72.37 KB
Trojan horse Proxy.MXF C:\WINDOWS\system32\iocndtl.exe 4/27/2007 10:23:24 PM iocndtl.exe 70.64 KB
Trojan horse Proxy.MXD C:\WINDOWS\system32\mseacx.exe 4/27/2007 10:23:24 PM mseacx.exe 74.56 KB
Trojan horse Proxy.MSA C:\WINDOWS\twain_32.exe 4/27/2007 10:23:25 PM twain_32.exe 14.5 KB
Trojan horse Downloader.Generic.QUS C:\Documents and Settings\Owner\Local Settings\Temp\1.dllb 4/27/2007 10:23:25 PM 1.dllb 2.46 KB
Trojan horse Downloader.Tibs.4.Q C:\Documents and Settings\Owner\Local Settings\Temp\5.dllb 4/27/2007 10:23:25 PM 5.dllb 7.63 KB
Trojan horse Proxy.MSA C:\Documents and Settings\Owner\Local Settings\Temp\lghruxkb.exe 4/27/2007 10:23:25 PM lghruxkb.exe 14.5 KB
Trojan horse Downloader.Generic.QUS C:\Documents and Settings\Owner\Local Settings\Temp\qvxt34.game 4/27/2007 10:23:25 PM qvxt34.game 1.59 KB
Trojan horse Downloader.Generic.QUS C:\Documents and Settings\Owner\Local Settings\Temp\qvxt42.game 4/27/2007 10:23:25 PM qvxt42.game 1.59 KB
Trojan horse Downloader.Tibs.4.V C:\Documents and Settings\Owner\Local Settings\Temp\spoolsvv.exe 4/27/2007 10:23:25 PM spoolsvv.exe 29.15 KB
Trojan horse Generic2.QIK C:\Documents and Settings\Owner\Local Settings\Temp\tmp9D.tmp.exe 4/27/2007 10:23:25 PM tmp9D.tmp.exe 41.55 KB
Trojan horse Dropper.Agent.CZC C:\Documents and Settings\Owner\Local Settings\Temp\tmpB1.tmp.exe 4/27/2007 10:23:25 PM tmpB1.tmp.exe 41.68 KB
Trojan horse Generic3.HHN C:\Documents and Settings\Owner\Local Settings\Temp\tmpBF.tmp.exe 4/27/2007 10:23:25 PM tmpBF.tmp.exe 104.52 KB
Trojan horse Agent.AHW C:\Documents and Settings\Owner\Local Settings\Temp\tmpC1.tmp.exe 4/27/2007 10:23:26 PM tmpC1.tmp.exe 105 KB
Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI27B.tmp.exe 4/27/2007 10:23:26 PM UNI27B.tmp.exe 405.38 KB
Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI27C.tmp.exe 4/27/2007 10:23:26 PM UNI27C.tmp.exe 405.38 KB
Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI27F.tmp.exe 4/27/2007 10:23:26 PM UNI27F.tmp.exe 405.38 KB
Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI280.tmp.exe 4/27/2007 10:23:26 PM UNI280.tmp.exe 405.38 KB
Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI281.tmp.exe 4/27/2007 10:23:26 PM UNI281.tmp.exe 405.38 KB
Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI282.tmp.exe 4/27/2007 10:23:26 PM UNI282.tmp.exe 405.38 KB
Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI283.tmp.exe 4/27/2007 10:23:26 PM UNI283.tmp.exe 405.38 KB
Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI286.tmp.exe 4/27/2007 10:23:26 PM UNI286.tmp.exe 405.38 KB
Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI289.tmp.exe 4/27/2007 10:23:26 PM UNI289.tmp.exe 405.38 KB
Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI28A.tmp.exe 4/27/2007 10:23:26 PM UNI28A.tmp.exe 405.38 KB
Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI28D.tmp.exe 4/27/2007 10:23:26 PM UNI28D.tmp.exe 405.38 KB
Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI28F.tmp.exe 4/27/2007 10:23:26 PM UNI28F.tmp.exe 405.38 KB
Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI293.tmp.exe 4/27/2007 10:23:26 PM UNI293.tmp.exe 405.38 KB
Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI29E.tmp.exe 4/27/2007 10:23:26 PM UNI29E.tmp.exe 405.38 KB
Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI2A2.tmp.exe 4/27/2007 10:23:26 PM UNI2A2.tmp.exe 405.38 KB
Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI2A8.tmp.exe 4/27/2007 10:23:26 PM UNI2A8.tmp.exe 405.38 KB
Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI2AB.tmp.exe 4/27/2007 10:23:27 PM UNI2AB.tmp.exe 405.38 KB
Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI2AF.tmp.exe 4/27/2007 10:23:27 PM UNI2AF.tmp.exe 405.38 KB
Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI2C8.tmp.exe 4/27/2007 10:23:27 PM UNI2C8.tmp.exe 405.38 KB
Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI3B5.tmp.exe 4/27/2007 10:23:27 PM UNI3B5.tmp.exe 405.38 KB
Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI3BC.tmp.exe 4/27/2007 10:23:27 PM UNI3BC.tmp.exe 405.38 KB
Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI3CA.tmp.exe 4/27/2007 10:23:27 PM UNI3CA.tmp.exe 405.38 KB
Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI3E8.tmp.exe 4/27/2007 10:23:27 PM UNI3E8.tmp.exe 405.38 KB
Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI43A.tmp.exe 4/27/2007 10:23:27 PM UNI43A.tmp.exe 405.38 KB
Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI43E.tmp.exe 4/27/2007 10:23:27 PM UNI43E.tmp.exe 405.38 KB
Trojan horse Proxy.MZJ C:\Documents and Settings\Owner\Local Settings\Temp\v3x1.g22me 4/27/2007 10:23:27 PM v3x1.g22me 19 KB
Trojan horse Downloader.Generic2.QMT C:\Documents and Settings\Owner\Local Settings\Temp\v4x6.gam5e 4/27/2007 10:23:27 PM v4x6.gam5e 5 KB
Trojan horse Downloader.Generic4.EFR C:\Documents and Settings\Owner\Local Settings\Temp\v5x2.g3ame 4/27/2007 10:23:27 PM v5x2.g3ame 9 KB
Trojan horse Downloader.Generic2.YNY C:\Documents and Settings\Owner\Local Settings\Temp\v5x4.ga2me 4/27/2007 10:23:27 PM v5x4.ga2me 14 KB
Trojan horse Downloader.Tibs.3.I C:\Documents and Settings\Owner\Local Settings\Temp\v6xt4.game 4/27/2007 10:23:27 PM v6xt4.game 29 KB
Trojan horse Downloader.Tibs.4.W C:\Documents and Settings\Owner\Local Settings\Temp\vx1t1.game 4/27/2007 10:23:27 PM vx1t1.game 6.85 KB
Trojan horse Proxy.MVW C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2H0J2161\eenvfei[1].jpg 4/27/2007 10:23:27 PM eenvfei[1].jpg 52.86 KB
Virus identified Exploit C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\63JFERTI\exp4[1].htm 4/27/2007 10:23:28 PM exp4[1].htm 6 KB
Trojan horse Proxy.MVQ C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\6NEZY1EJ\dbcuejr1xdew[1].jpg 4/27/2007 10:23:28 PM dbcuejr1xdew[1].jpg 72.37 KB
Trojan horse Proxy.MXF C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\6NEZY1EJ\dvngernke4fwre[1].jpg 4/27/2007 10:23:28 PM dvngernke4fwre[1].jpg 70.64 KB
Trojan horse Proxy.MXD C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KDKV43WR\dvbrtunj5cew[1].jpg 4/27/2007 10:23:28 PM dvbrtunj5cew[1].jpg 74.56 KB
Trojan horse Dropper.Agent.AOI C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OLO1EVCD\krab11[1].exe 4/27/2007 10:23:28 PM krab11[1].exe 17.73 KB
Trojan horse Clicker.BWL C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OLO1EVCD\runfile[1].exe 4/27/2007 10:23:28 PM runfile[1].exe 10.5 KB
Virus identified Exploit.ANI C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\U23KXD4D\123[1].htm 4/27/2007 10:23:28 PM 123[1].htm 1024 bytes
Trojan horse Generic3.KTH C:\Program Files\BraveSentry\BraveSentry.exe 4/27/2007 10:23:32 PM BraveSentry.exe 460 KB
Trojan horse Generic3.QJE C:\Program Files\BraveSentry\BraveSentry1.dll 4/27/2007 10:23:32 PM BraveSentry1.dll 44 KB
Trojan horse Generic3.QIJ C:\Program Files\BraveSentry\BraveSentry3.dll 4/27/2007 10:23:32 PM BraveSentry3.dll 40 KB
Trojan horse Downloader.Agent.9.BL C:\Program Files\Enigma Software Group\SpyHunter\Backup\2ndsrch.dll.dat 4/27/2007 10:23:32 PM 2ndsrch.dll.dat 63.63 KB
Trojan horse Downloader.Generic.QUS C:\Program Files\Enigma Software Group\SpyHunter\Backup\dlh9jkd1q1.exe.dat 4/27/2007 10:23:32 PM dlh9jkd1q1.exe.dat 2.46 KB
Trojan horse Generic2.ZJT C:\Program Files\Enigma Software Group\SpyHunter\Backup\mpp2pl.exe.dat 4/27/2007 10:23:32 PM mpp2pl.exe.dat 49.95 KB
Trojan horse Downloader.Generic.QUS C:\Program Files\Enigma Software Group\SpyHunter\Backup\qvx5gamet2.exe.dat 4/27/2007 10:23:33 PM qvx5gamet2.exe.dat 1.62 KB
Trojan horse Small.BM C:\Program Files\Enigma Software Group\SpyHunter\Backup\rsysinit.exe.dat 4/27/2007 10:23:33 PM rsysinit.exe.dat 1.48 KB
Trojan horse BackDoor.Agent.AFJ C:\Program Files\MediaPipe\ItBill.exe 4/27/2007 10:23:33 PM ItBill.exe 405.38 KB
Trojan horse Generic3.NKQ C:\WINDOWS\cbxvur.dll 4/27/2007 10:23:33 PM cbxvur.dll 102.82 KB
Trojan horse Proxy.KYO C:\WINDOWS\comdlg64.dll 4/27/2007 10:23:33 PM comdlg64.dll 4 KB
Trojan horse Proxy.MVQ C:\WINDOWS\erthgwtgr.exe 4/27/2007 10:23:33 PM erthgwtgr.exe 72.37 KB
Trojan horse Proxy.MXD C:\WINDOWS\hgfegrthhtr.exe 4/27/2007 10:23:34 PM hgfegrthhtr.exe 74.56 KB
Trojan horse Proxy.MXF C:\WINDOWS\hrtscdfvfgfr.exe 4/27/2007 10:23:34 PM hrtscdfvfgfr.exe 70.64 KB
Trojan horse Generic3.NKQ C:\WINDOWS\pmlkhh.dll 4/27/2007 10:23:34 PM pmlkhh.dll 102.82 KB
Trojan horse Downloader.Generic3.XKX C:\WINDOWS\qopmki.dll 4/27/2007 10:23:34 PM qopmki.dll 102.67 KB
Trojan horse Proxy.MXD C:\WINDOWS\uyrgrefe.exe 4/27/2007 10:23:34 PM uyrgrefe.exe 74.56 KB
Trojan horse Proxy.MVW C:\WINDOWS\wvdbhthrge.exe 4/27/2007 10:23:34 PM wvdbhthrge.exe 52.86 KB
Trojan horse Dropper.Delf.4.AC C:\WINDOWS\bundles\HelperInstaller.exe 4/27/2007 10:23:34 PM HelperInstaller.exe 403.62 KB
Trojan horse Dropper.Surfside.A C:\WINDOWS\bundles\SSK_B5.EXE 4/27/2007 10:23:34 PM SSK_B5.EXE 18 KB
Trojan horse Downloader.Generic2.QJQ C:\WINDOWS\system32\awvtrsr.dll 4/27/2007 10:23:34 PM awvtrsr.dll 7.73 KB
Trojan horse Downloader.Tibs.4.Q C:\WINDOWS\system32\dlh9jkd1q5.exe 4/27/2007 10:23:34 PM dlh9jkd1q5.exe 7.63 KB
Trojan horse Generic3.HQU C:\WINDOWS\system32\tmp372.tmp.dll 4/27/2007 10:23:35 PM tmp372.tmp.dll 35.8 KB
Trojan horse Generic2.MRU C:\WINDOWS\system32\tmp390.tmp.dll 4/27/2007 10:23:35 PM tmp390.tmp.dll 34.84 KB
Trojan horse Generic2.JLG C:\WINDOWS\system32\tmp9D.tmp.dll 4/27/2007 10:23:35 PM tmp9D.tmp.dll 35.78 KB
Trojan horse Generic2.AAAY C:\WINDOWS\system32\tmpAF.tmp.dll 4/27/2007 10:23:35 PM tmpAF.tmp.dll 35.87 KB
Trojan horse Generic3.HFR C:\WINDOWS\system32\tmpB1.tmp.dll 4/27/2007 10:23:35 PM tmpB1.tmp.dll 36.4 KB
Trojan horse Downloader.Apropo.AG C:\WINDOWS\system32\vbacz1.exe 4/27/2007 10:23:35 PM vbacz1.exe 88 KB
Trojan horse Downloader.Generic2.YNY C:\WINDOWS\system32\vexg6ame4.exe 4/27/2007 10:23:35 PM vexg6ame4.exe 14 KB
Trojan horse Downloader.Tibs.4.W C:\WINDOWS\system32\vexga1me4t1.exe 4/27/2007 10:23:35 PM vexga1me4t1.exe 6.85 KB
Trojan horse Downloader.Generic4.EFR C:\WINDOWS\system32\vexga3me2.exe 4/27/2007 10:23:35 PM vexga3me2.exe 9 KB
Trojan horse Downloader.Tibs.3.I C:\WINDOWS\system32\vexga4m1et4.exe 4/27/2007 10:23:35 PM vexga4m1et4.exe 29 KB
Trojan horse Proxy.MZJ C:\WINDOWS\system32\vexga4me1.exe 4/27/2007 10:23:35 PM vexga4me1.exe 19 KB
Virus identified I-Worm/Generic.BBI C:\WINDOWS\system32\wincom32.sys 4/27/2007 10:23:36 PM wincom32.sys 54.75 KB
Trojan horse Generic3.NLG C:\WINDOWS\system32\ws2_32.dll:fork2 4/27/2007 10:23:36 PM ws2_32.dll:fork2 22 KB
Trojan horse BackDoor.Generic5.XJH C:\WINDOWS\system32\drivers\ip6fw.sys 4/27/2007 10:23:36 PM ip6fw.sys 7.13 KB
Virus found Exploit C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\U23KXD4D\exp1[1].htm 4/28/2007 12:21:29 AM exp1[1].htm 3.75 KB
Virus found Exploit C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\U23KXD4D\exp2[1].htm 4/28/2007 12:21:33 AM exp2[1].htm 6.41 KB
Trojan horse Generic3.VAX C:\WINDOWS\system32\tmp358.tmp.dll 4/27/2007 10:35:00 PM tmp358.tmp.dll 37 KB
Trojan horse Proxy.NCB C:\WINDOWS\system32\dschkmos.exe 4/27/2007 10:36:02 PM dschkmos.exe 73.64 KB
Trojan horse Proxy.MZK C:\WINDOWS\system32\iedledcs.exe 4/27/2007 10:36:02 PM iedledcs.exe 70.71 KB
Trojan horse IRC/BackDoor.SdBot2.YTY C:\WINDOWS\system32\qvxga7met4.exe 4/27/2007 10:36:03 PM qvxga7met4.exe 92.33 KB
Trojan horse Downloader.Tibs.4.BI C:\WINDOWS\system32\spoolsvv.exe 4/27/2007 10:36:03 PM spoolsvv.exe 29.33 KB
Trojan horse BackDoor.Agent.FFD C:\WINDOWS\system32\sysqwayz.exe 4/27/2007 10:36:03 PM sysqwayz.exe 50.87 KB
Trojan horse Downloader.Agent.KHR C:\WINDOWS\updater.exe 4/27/2007 10:36:04 PM updater.exe 43.5 KB
spog71's Avatar
spog71 spog71 is offline
Junior Member with 4 posts.
THREAD STARTER
 
Join Date: Apr 2007
Location: Detroit, MI
Experience: Advanced
28-Apr-2007, 10:26 PM #2
Infected WinXP Box
Part 2

Once these viruses were removed, I rebooted the system, ran the AVG again. No threats.

Now, the network adapters have been disabled. The original one is part of the motherboard (Broadcom 440x 10/100). I have tried removing it in the hardware config, and reinstalling. All I get is a Code 39 in Windows. I tried installing a second card (Hawking w/ Realtek chipset). I have the same problem. It appears that this machine is still infected with something, or one of the infections killed some of the network drivers or services.

Here is the most recent HJT scan:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:23:21 PM, on 4/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\UnHackMe\hackmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HiJackThis\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://explorer/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {10E0A43E-19D3-4E1E-A9AE-D25FE59A1079} - C:\WINDOWS\system32\dsoucmp.dll (file missing)
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\tmp358.tmp.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SpyHunter] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com...ll/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1139940057453
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://photoservices.van.fedex.com/s...eUploader4.cab
O20 - Winlogon Notify: A3dxq - C:\WINDOWS\system32\a3dxx.dll (file missing)
O20 - Winlogon Notify: dsoucmp - dsoucmp.dll (file missing)
O21 - SSODL: fAVGETLznYc - {CCF90A36-6653-A09C-7802-CC4CB01287ED} - C:\WINDOWS\system32\qux.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 5897 bytes

I thank you for any help or insight you can provide.

Thanks,
spog71's Avatar
spog71 spog71 is offline
Junior Member with 4 posts.
THREAD STARTER
 
Join Date: Apr 2007
Location: Detroit, MI
Experience: Advanced
01-May-2007, 09:11 AM #3
bump
spog71's Avatar
spog71 spog71 is offline
Junior Member with 4 posts.
THREAD STARTER
 
Join Date: Apr 2007
Location: Detroit, MI
Experience: Advanced
02-May-2007, 06:08 AM #4
Solved
I have solved this one myself by wiping the hard drive and re-installing the OS.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑