1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Cyberlog-X removal (safe mode doesn't work)!

Discussion in 'Virus & Other Malware Removal' started by TKoester39, Oct 26, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. TKoester39

    TKoester39 Thread Starter

    Joined:
    Oct 26, 2007
    Messages:
    7
    Somehow I have encountered the virus Cyberlog-X and have no idea how to get rid of it.

    After searching the net for tools to use, I have still come up empty.

    I have downloaded SmitfraudFix, I already have McAfee and Spy Sweeper and nothing detects the virus. Oh yeah, when I try to run safe mode, nothing will work. When I click on anything, the computer just freezes up and I get the hourglass....for ever. *Update* I finally got safe mode to work, but it keeps freezing when I double click on my Smitfraudfix icon. Do I have to use Safe Mode???

    I have no idea how to get rid of this silly thing.

    Any suggestions???? :confused:

    Thanks
    Todd


    *Update*

    I ran Smitfraudfix in normal mode and here is my list.

    Thanks



    SmitFraudFix v2.242

    Scan done at 22:13:46.39, Fri 10/26/2007
    Run from C:\Documents and Settings\Todd K\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe
    C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\MySpace\IM\MySpaceIM.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\WINDOWS\System32\ADSLDPCt.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\SiteAdvisor\6172\SAService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\CSCRIPT.EXE

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Todd K


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Todd K\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\TODDK~1\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"="cspnv.exe"


    »»»»»»»»»»»»»»»»»»»»»»»» Rustock



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

    Description: Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
    DNS Server Search Order: 85.255.113.125
    DNS Server Search Order: 85.255.112.26

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{3CC5DFC4-145A-48CA-B300-D47292FE2063}: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{3CC5DFC4-145A-48CA-B300-D47292FE2063}: NameServer=85.255.113.125,85.255.112.26
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{3CC5DFC4-145A-48CA-B300-D47292FE2063}: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{3CC5DFC4-145A-48CA-B300-D47292FE2063}: NameServer=85.255.113.125,85.255.112.26
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{3CC5DFC4-145A-48CA-B300-D47292FE2063}: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{3CC5DFC4-145A-48CA-B300-D47292FE2063}: NameServer=85.255.113.125,85.255.112.26
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  2. TKoester39

    TKoester39 Thread Starter

    Joined:
    Oct 26, 2007
    Messages:
    7
    New Question:

    I am tempted to run SmitfraudFix, but NOT in Safe Mode. It is recommended to run it in Safe Mode, but my Safe Mode isn't running properly at this time.

    Should I run SmitfraudFix while in regular mode?

    Thanks
    Todd
     
  3. TKoester39

    TKoester39 Thread Starter

    Joined:
    Oct 26, 2007
    Messages:
    7
    Please Help :(
     
  4. TKoester39

    TKoester39 Thread Starter

    Joined:
    Oct 26, 2007
    Messages:
    7
    If someone is available to help, I'd surely appreciate it.

    Thanks:)


    I just downloaded SUPERAntiSpyware and did a scan.

    Found 109 traces of spyware and they were Quarantined.

    Wonder if this will do the trick?

    *Update*

    Nope, didn't work! Same Cyberlog-X pop up.

    HELP!
     
  5. TKoester39

    TKoester39 Thread Starter

    Joined:
    Oct 26, 2007
    Messages:
    7
    Still out of ideas.

    I do understand that everyone may be busy, but I just need a little guidence on what to do?

    Thanks(y)
     
  6. TKoester39

    TKoester39 Thread Starter

    Joined:
    Oct 26, 2007
    Messages:
    7
    Hi Cybertech, can you help me?

    Here is an updated log:

    SmitFraudFix v2.242

    Scan done at 12:33:45.23, Sat 10/27/2007
    Run from C:\Documents and Settings\Todd K\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe
    C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
    C:\Program Files\MySpace\IM\MySpaceIM.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\WINDOWS\System32\ADSLDPCt.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\SiteAdvisor\6172\SAService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\system32\cidaemon.exe
    c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\CSCRIPT.EXE

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Todd K


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Todd K\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\TODDK~1\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"="cspnv.exe"


    »»»»»»»»»»»»»»»»»»»»»»»» Rustock



    »»»»»»»»»»»»»»»»»»»»»»»» DNS



    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End



    Thanks
    Todd
     
  7. TKoester39

    TKoester39 Thread Starter

    Joined:
    Oct 26, 2007
    Messages:
    7
    No longer need help.
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/643864

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice