1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

HELP: DCOM Exploit on my computer!!

Discussion in 'Virus & Other Malware Removal' started by ksml, Jun 26, 2007.

Thread Status:
Not open for further replies.
  1. ksml

    ksml Thread Starter

    Joined:
    Apr 2, 2007
    Messages:
    1
    I have Avast installed on my computer. Everytime I connect to the internet, Avast starts reporting a "DCOM Exploit" blocked from some IP address. Also I get frequent Windows dialog box messages telling me that my registry is corrupted and asks me to download some program from a link, though I know that its a foax.

    Here's my HijackThis Log. Please Help.

    Logfile of HijackThis v1.99.1
    Scan saved at 10:37:34 PM, on 6/26/2007
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

    Running processes:
    G:\WINNT\System32\smss.exe
    G:\WINNT\system32\winlogon.exe
    G:\WINNT\system32\services.exe
    G:\WINNT\system32\lsass.exe
    G:\WINNT\system32\svchost.exe
    G:\WINNT\system32\spoolsv.exe
    G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    G:\Program Files\Alwil Software\Avast4\ashServ.exe
    G:\WINNT\system32\svchost.exe
    G:\WINNT\system32\regsvc.exe
    G:\WINNT\system32\MSTask.exe
    G:\WINNT\Explorer.EXE
    G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    G:\WINNT\system32\config.exe
    G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    G:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    G:\Program Files\Internet Explorer\IEXPLORE.EXE
    G:\Program Files\Alwil Software\Avast4\setup\avast.setup
    G:\Documents and Settings\Administrator\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [WMI Standard Event Consumer - Scripting] G:\WINNT\system32\scrcons32.exe
    O4 - HKLM\..\Run: [Windows Config System] config.exe
    O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\RunServices: [WMI Standard Event Consumer - Scripting] G:\WINNT\system32\scrcons32.exe
    O4 - HKLM\..\RunServices: [Windows Config System] config.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "G:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - G:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - G:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - G:\Program Files\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - G:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - G:\WINNT\web\related.htm
    O17 - HKLM\System\CCS\Services\Tcpip\..\{06B9761F-63B1-4250-BF46-4BD254A9DCA0}: NameServer = 218.248.240.79 218.248.240.135
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DACE89E5-8BA9-4C5B-9C62-9CBC24A639E9}: NameServer = 61.1.96.69,61.1.96.71
    O17 - HKLM\System\CS1\Services\Tcpip\..\{06B9761F-63B1-4250-BF46-4BD254A9DCA0}: NameServer = 218.248.240.79 218.248.240.135
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - G:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Web Scanner - Unknown owner - G:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - G:\WINNT\System32\dmadmin.exe

    THANKS!!
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Download http://downloads.andymanchesta.com/RemovalTools/SDFix.exe and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    · Restart your computer
    · After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    · Instead of Windows loading as normal, the Advanced Options Menu should appear;
    · Select the first option, to run Windows in Safe Mode, then press Enter.
    · Choose your usual account.
    · Open the extracted SDFix folder and double click RunThis.bat to start the script.
    · Type Y to begin the cleanup process.
    · It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    · Press any Key and it will restart the PC.
    · When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    · Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    · Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
    =============

    Download Superantispyware (SAS) free home version

    http://www.superantispyware.com/superantispywarefreevspro.html

    Install it and double-click the icon on your desktop to run it.
    · It will ask if you want to update the program definitions, click Yes.
    · Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others unchecked.
    o Click the Close button to leave the control center screen.
    · On the main screen, under Scan for Harmful Software click Scan your computer.
    · On the left check C:\Fixed Drive.
    · On the right, under Complete Scan, choose Perform Complete Scan.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · After the scan is complete a summary box will appear. Click OK.
    · Make sure everything in the white box has a check next to it, then click Next.
    · It will quarantine what it found and if it asks if you want to reboot, click Yes.
    · To retrieve the removal information for me please do the following:
    o After reboot, double-click the SUPERAntispyware icon on your desktop.
    o Click Preferences. Click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o It will open in your default text editor (such as Notepad/Wordpad).
    o Please highlight everything in the notepad, then right-click and choose copy.
    · Click close and close again to exit the program.
    · Please paste that information here for me with a new HijackThis log.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/588741

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice