1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Bkdr Coreflood.a

Discussion in 'Virus & Other Malware Removal' started by joetech, Apr 22, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. joetech

    joetech Thread Starter

    Joined:
    Nov 4, 2001
    Messages:
    259
    Ran Housecall and found the following;
    BKDR COREFLOOD.A
    VBS STARTPAGE.EE
    JAVA BYTEVER.A
    TROJ MENDWAR.A
    WORM KLEZ.H
    Found the FixKlez.com and removed Klez. How do I remove the others?
     
  2. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Do this:
    go to http://www.lurkhere.com/~nicefiles/ , and download 'Hijack This!'.....
    Unzip it to its own folder, doubleclick HijackThis.exe, and hit "Scan".

    When the scan is finished, the "Scan" button will change into a "Save Log" button.
    Press that, save the log somewhere, and please copy & paste its contents to the forum.

    It will possibly show other issues deserving our attention, but most of what it lists will be harmless or even required, so do NOT fix anything yet.
    Someone here will be happy to help you analyze the results.

    If you have anything disabled by MSConfig or any other startup manager, please re-enable it before scanning to post.

    ;)
     
  3. joetech

    joetech Thread Starter

    Joined:
    Nov 4, 2001
    Messages:
    259
    Went to Houscall webpage then overlay problem appeared on next page. Went to this Forum and was unreadable due to page overlay. Had to reboot.
    clicked on ZoneAlarm update but can not access,due to blank window.


    Logfile of HijackThis v1.97.7
    Scan saved at 6:48:32 PM, on 4/26/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v5.50 (5.50.4134.0100)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\HAMPANEL.EXE
    C:\WINDOWS\SYSTEM\ATITASK.EXE
    C:\WINDOWS\SYSTEM\ATICWD32.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
    C:\VSTASCAN\VSACCESS.EXE
    C:\ATI\ATIDESK\ATISCHED.EXE
    C:\PROGRAM FILES\COMPUSERVE 7.0\CSTRAY.EXE
    C:\PROGRAM FILES\SUPREME OFFICE SUITE3.0\PROGRAM\SOFFICE.EXE
    C:\PROGRAM FILES\RINGCENTRAL\BUZME\RCUI.EXE
    C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTOIMPACT 5\ABMTSR.EXE
    D:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\PROGRAM FILES\COMPUSERVE 7.0\WCS2000.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [HaMFrontPanel] C:\WINDOWS\hampanel /B:Software\Intel\HaM
    O4 - HKLM\..\Run: [Atikey] Atitask.exe
    O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - Startup: PrintMaster Event Reminder.lnk = C:\Program Files\Canon Creative\PrintMaster\Pmremind.exe
    O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
    O4 - Startup: Supreme Office Suite 3.0.lnk = C:\Program Files\Supreme Office Suite3.0\program\quickstart.exe
    O4 - Startup: ATI Scheduler.lnk = C:\ati\atidesk\atisched.exe
    O4 - Startup: CompuServe 7.0 Tray Icon.lnk = C:\Program Files\CompuServe 7.0\cstray.exe
    O4 - Startup: Check for TWS Updates.lnk = C:\jts\WiseUpdt.exe
    O4 - Startup: BuzMe.lnk = C:\Program Files\RingCentral\BuzMe\RCUI.exe
    O4 - Startup: Album Fast Start.lnk = C:\Program Files\Ulead Systems\Ulead PhotoImpact 5\ABMTSR.EXE
    O4 - Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
    O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
     
  4. joetech

    joetech Thread Starter

    Joined:
    Nov 4, 2001
    Messages:
    259
    Looked through several websites today then suddenly the webpage was unreadable due to another page overlay. Reboot eliminated the problem temporarily. Can someone tell me how to remove the pests?
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/222829

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice