1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Face AntiVirus allert

Discussion in 'Virus & Other Malware Removal' started by Alexnorge, May 6, 2010.

Thread Status:
Not open for further replies.
  1. Alexnorge

    Alexnorge Thread Starter

    Joined:
    May 6, 2010
    Messages:
    5
    Hi

    Two days ago I think I was infected by a virus from a site on the net. Some of my programs constantly crash (different ones at different times) and my internet connection now is failing. I have a different computer that I can use to get online. There is a pop up that allerts me when I restart my computer which states that different .exe files are infected. The last one stated:

    Sercurity Warning

    Application cannot be executed. The file werfault.exe is infected. Do you want to activate you antivirus now?

    Yes No

    I have not pressed anything yet as I guess each one will launch the fake AntiVirus. Please see attached Hijack this file.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:08:41, on 06.05.2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18904)
    Boot mode: Normal
    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVG\AVG9\avgtray.exe
    C:\Program Files\NETGEAR\Stora Desktop Applications\HipServAgent\HipServAgent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
    C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
    C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
    C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wermgr.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer levert av Komplett
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [HipServ Agent] C:\Program Files\NETGEAR\Stora Desktop Applications\HipServAgent\HipServAgent.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [kxstxlbn] C:\Users\Alexander\AppData\Local\flwhpfnmb\itaqjastssd.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')
    O4 - HKUS\S-1-5-21-419767025-3130640969-390124308-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'postgres')
    O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
    O13 - Gopher Prefix:
    O17 - HKLM\System\CCS\Services\Tcpip\..\{297B6E0E-96BE-4C88-B553-768C7B91B24C}: NameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E13EFCC1-60CF-4404-B354-D479E59278D1}: NameServer = 84.208.20.110,84.208.20.111
    O17 - HKLM\System\CS1\Services\Tcpip\..\{297B6E0E-96BE-4C88-B553-768C7B91B24C}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS2\Services\Tcpip\..\{297B6E0E-96BE-4C88-B553-768C7B91B24C}: NameServer = 192.168.1.1
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
    O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
    --
    End of file - 8140 bytes
     
  2. Alexnorge

    Alexnorge Thread Starter

    Joined:
    May 6, 2010
    Messages:
    5
    Had to do a reboot as all froze when I was trying to make a back up on stick of some of my most important files. My AVG Free edition version 9.0.819 then popped up with a virus alert which I moved to the vault. In the history files these files was recently found as malicious:

    "Infection";"Trojan horse Generic17.BQON";"C:\Users\Alexander\AppData\Local\flwhpfnmb\itaqjastssd.exe";"";"06.05.2010, 21:30:10"
    "Infection";"Trojan horse Dropper.Generic2.FHB";"C:\Users\Alexander\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XM22J5T8\oriqbjdp[1].htm";"";"05.05.2010, 01:37:35"
    "Infection";"Trojan horse Dropper.Generic2.FHB";"C:\Users\Alexander\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6WBV5G0O\oriqbjdp[1].htm";"";"05.05.2010, 01:37:33"
    "Infection";"Trojan horse Dropper.Generic2.FHB";"C:\Users\Alexander\AppData\Local\Temp\syih.exe";"";"05.05.2010, 00:38:56"
    "Infection";"Trojan horse Dropper.Generic2.DLJ";"C:\Users\Alexander\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6WBV5G0O\fwelcx[1].htm";"";"05.05.2010, 01:37:33"
    "Infection";"Trojan horse Dropper.Generic2.DLJ";"C:\Users\Alexander\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\68L81MJ6\fwelcx[1].htm";"";"05.05.2010, 01:37:29"
    "Infection";"Trojan horse Dropper.Generic2.DLJ";"C:\Users\Alexander\AppData\Local\Temp\istux.exe";"";"05.05.2010, 00:38:55"
    "Infection";"Trojan horse Cryptic.IG";"C:\Users\Alexander\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZII5O6BN\hypwhc[1].htm";"";"05.05.2010, 01:37:37"
    "Infection";"Trojan horse Cryptic.IG";"C:\Users\Alexander\AppData\Local\Temp\hdwpql.exe";"";"05.05.2010, 00:38:54"
    "Infection";"Trojan horse Cryptic.IG";"C:\Users\Alexander\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XM22J5T8\rvqxfn[1].htm";"";"05.05.2010, 01:37:35"
    "Infection";"Trojan horse Cryptic.IG";"C:\Users\Alexander\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZII5O6BN\rvqxfn[1].htm";"";"05.05.2010, 01:37:37"
    "Infection";"Trojan horse Cryptic.IG";"C:\Users\Alexander\AppData\Local\Temp\mppw.exe";"";"05.05.2010, 00:38:55"
    "Infection";"Trojan horse Cryptic.IG";"C:\Users\Alexander\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6WBV5G0O\hypwhc[1].htm";"";"05.05.2010, 01:37:33"
    "Warning";"Found Tracking cookie.Webtrendslive";"C:\Users\Alexander\logitech\browser - logitech\cookies.txt";"";"05.05.2010, 01:52:23"
    "Warning";"Found Tracking cookie.Serving-sys";"C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt";"";"05.05.2010, 01:44:44"
    "Warning";"Found Tracking cookie.Serving-sys";"C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt";"";"05.05.2010, 01:44:44"
    "Warning";"Found Tracking cookie.Adtech";"C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\c702cz90.default\cookies.sqlite";"";"05.05.2010, 01:44:51"
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Face AntiVirus allert
  1. guyshahar
    Replies:
    1
    Views:
    439
  2. aslan777
    Replies:
    8
    Views:
    1,044
  3. Pinkesh
    Replies:
    1
    Views:
    625
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/921403

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice