Help in removing SAM virus!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

nawaf

Thread Starter
Joined
Feb 10, 2007
Messages
30
I have been infected with a virus which calls itself SAM. Everytime I try to do something a message pops up from SAM. For eg: When I open Task Manager a message pops up which says:

What's wrong with the processes?
-SAM-

Or when I open Firefox:

Try something else, IE and Opera are not bad!
-SAM-

I have posted a HijackThis! log. Please help me remove this. I think it came from a friend's pen drive which I was using. I had also removed AVG two days ago because it was causing problems.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:53:45 PM, on 9/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Config\system.exe
C:\Program Files\Sify Broadband\BBClient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Sify Broadband\BBImpSec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://back2mangalman.blogspot.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ads.sify.com/RealMedia/ads/c...22454548769872218734679?bb_useridlog=nadeem_d
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O1 - Hosts: 127.1 localhost
O1 - Hosts: 127.1 vt0r48p760.cn
O1 - Hosts: 127.1 www.1txx.com
O1 - Hosts: 127.1 www.myovec.cn
O1 - Hosts: 127.1 po.uc-us.cn
O1 - Hosts: 127.1 219.139.83.20
O1 - Hosts: 127.1 www.msj007.cn
O1 - Hosts: 127.1 www.wyf009.cn
O1 - Hosts: 127.1 219.153.71.185
O1 - Hosts: 127.1 59.34.148.68
O1 - Hosts: 127.1 208.43.165.86
O1 - Hosts: 127.1 208.43.166.171
O1 - Hosts: 127.1 219.153.71.185
O1 - Hosts: 127.1 61.164.140.39
O1 - Hosts: 127.1 www.dsabh.cnwww.dsabh.cn
O1 - Hosts: 127.1 cwk1237.3322.org
O1 - Hosts: 127.1 www.woaigan.com
O1 - Hosts: 127.1 munchkin.marketo.net
O1 - Hosts: 127.1 post.marketo.net
O1 - Hosts: 127.1 www.mv2z.cn
O1 - Hosts: 127.1 www.91vva.cn
O1 - Hosts: 127.1 www.wq9q.cn
O1 - Hosts: 127.1 facaizhifuok.cn
O1 - Hosts: 127.1 www.wo9188.cn
O1 - Hosts: 127.1 a.woaigan.com
O1 - Hosts: 127.1 b.woaigan.com
O1 - Hosts: 127.1 xxx.usxx.info
O1 - Hosts: 127.1 alenxya.1122mb.com
O1 - Hosts: 127.1 www.972se.com
O1 - Hosts: 127.1 972se.com
O1 - Hosts: 127.1 pic.03wyt.com
O1 - Hosts: 127.1 d.03wyt.com
O1 - Hosts: 127.1 xs.03wyt.com
O1 - Hosts: 127.1 www.8jse.net
O1 - Hosts: 127.1 8jse.net
O1 - Hosts: 127.1 www.bmwtvb.cn
O1 - Hosts: 127.1 www.kcuf-09.cn
O1 - Hosts: 127.1 www.dvgdfg4650.com
O1 - Hosts: 127.1 www.kcuf-08.cn
O1 - Hosts: 127.1 www.kcuf-11.cn
O1 - Hosts: 127.1 www.kcuf-12.cn
O1 - Hosts: 127.1 1aa1aa.com
O1 - Hosts: 127.1 xx.avno3.com
O1 - Hosts: 127.1 xxx.avno5.com
O1 - Hosts: 127.1 www.avno7.com
O1 - Hosts: 127.1 avno7.com
O1 - Hosts: 127.1 ok.avno4.com
O1 - Hosts: 127.1 ok.avno5.com
O1 - Hosts: 127.1 ok.avno6.com
O1 - Hosts: 127.1 ok.avno7.com
O1 - Hosts: 127.1 ok.avno9.com
O1 - Hosts: 127.1 avno1.com
O1 - Hosts: 127.1 avno3.com
O1 - Hosts: 127.1 avno4.com
O1 - Hosts: 127.1 aikanav.com
O1 - Hosts: 127.1 link.selink.org
O1 - Hosts: 127.1 www.avno6.com
O1 - Hosts: 127.1 avno6.com
O1 - Hosts: 127.1 4.chibbs.info
O1 - Hosts: 127.1 bbs.chibbs.info
O1 - Hosts: 127.1 aa.ss99.biz
O1 - Hosts: 127.1 se.ss99.biz
O1 - Hosts: 127.1 aa.sxlk.net
O1 - Hosts: 127.1 se.sxlk99.com
O1 - Hosts: 127.1 www.88xj.net
O1 - Hosts: 127.1 88xj.net
O1 - Hosts: 127.1 www.99xj.net
O1 - Hosts: 127.1 99xj.net
O1 - Hosts: 127.1 www.91semi.com
O1 - Hosts: 127.1 91semi.com
O1 - Hosts: 127.1 haobaidu.1122mb.com
O1 - Hosts: 127.1 xiao777.za.pl
O1 - Hosts: 127.1 ccavo6.avno6.com
O1 - Hosts: 127.1 a.sxlk99.com
O1 - Hosts: 127.1 www.91vva.cn
O1 - Hosts: 127.1 www.qq08w12.cn
O1 - Hosts: 127.1 www.21xx.info
O1 - Hosts: 127.1 php-1.cn
O1 - Hosts: 127.1 www.v232.com
O1 - Hosts: 127.1 php-2.cn
O1 - Hosts: 127.1 php-3.cn
O1 - Hosts: 127.1 php-4.cn
O1 - Hosts: 127.1 php-5.cn
O1 - Hosts: 127.1 php-6.cn
O1 - Hosts: 127.1 php-7.cn
O1 - Hosts: 127.1 php-8.cn
O1 - Hosts: 127.1 php-9.cn
O1 - Hosts: 127.1 php-10.cn
O1 - Hosts: 127.1 php-11.cn
O1 - Hosts: 127.1 k.5x2x.com
O1 - Hosts: 127.1 a.5x2x.com
O1 - Hosts: 127.1 202.108.23.205
O1 - Hosts: 127.1 60.190.218.21
O1 - Hosts: 127.1 121.14.154.195
O1 - Hosts: 127.1 218.30.82.201
O1 - Hosts: 127.1 59.34.198.48
O1 - Hosts: 127.1 121.14.154.216
O1 - Hosts: 127.1 219.152.120.237
O1 - Hosts: 127.1 121.14.154.184
O1 - Hosts: 127.1 125.67.67.201
O1 - Hosts: 127.1 222.168.102.12
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O4 - HKLM\..\Run: [3PMmUpdate] rundll32 "C:\WINDOWS\Update.dll",Main
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
O4 - HKCU\..\Policies\Explorer\Run: [winlogon] C:\Config\system.exe
O4 - HKUS\S-1-5-21-823518204-1454471165-725345543-500\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User '?')
O4 - HKUS\S-1-5-21-823518204-1454471165-725345543-500\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe (User '?')
O4 - HKUS\S-1-5-21-823518204-1454471165-725345543-500\..\Policies\Explorer\Run: [winlogon] C:\Config\system.exe (User '?')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wrm32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wrm32.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C68DBAE-C4EA-4926-96F9-D52AB013DB77}: NameServer = 202.144.115.4,202.144.66.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EE67727-44D2-4689-A9C7-35FD103115B1}: NameServer = 202.144.115.4,202.144.66.6
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - AppInit_DLLs: qxfel.dll eskisl.dll mcromv.dll micsus.dll mduaey.dll cupops.dll lensch.dll johandy.dll aotoppt.dll pewire.dll catower.dll wllame.dll
O21 - SSODL: sysocmgr - {DA1DE019-A6A8-ED40-4B87-248B2A93DE99} - C:\WINDOWS\sysocmgr.dll
O21 - SSODL: dpvvoxmh.dll - {2876D76C-CAAA-4313-AF97-8D1D9A2A1087} - C:\WINDOWS\system32\dpvvoxmh.dll
O21 - SSODL: lweurqhx.dll - {71A78CD4-E470-4a18-8457-E0E0283DD507} - C:\WINDOWS\system32\lweurqhx.dll
O21 - SSODL: slbiopfs2.dll - {EB9660D8-E1CD-4ff0-B4A9-00CD907F928A} - C:\WINDOWS\system32\slbiopfs2.dll
O21 - SSODL: tscfgwmijxsj.dll - {2CB77746-8ECC-40ca-8217-10CA8BE5EFC8} - C:\WINDOWS\system32\tscfgwmijxsj.dll
O21 - SSODL: cliconfgzx.dll - {7A6DF30E-D0F2-446f-B4F0-BF4232D60E07} - C:\WINDOWS\system32\cliconfgzx.dll
O21 - SSODL: mstimewd.dll - {65056902-6E7B-4bd7-95BA-688DB5FA5BEB} - C:\WINDOWS\system32\mstimewd.dll
O21 - SSODL: adsntzt.dll - {E0F3526A-4165-4589-80CD-50B6FBAC3BDA} - C:\WINDOWS\system32\adsntzt.dll
O21 - SSODL: dispexcb.dll - {76D44356-B494-443a-BEDC-AA68DE4255E6} - C:\WINDOWS\system32\dispexcb.dll
O21 - SSODL: jbpulqyz.dll - {21BE5FDF-D4CB-4850-AD99-21E68B50BF3F} - C:\WINDOWS\system32\pntryhml.dll
O21 - SSODL: xolehlpjh.dll - {F0930A2F-D971-4828-8209-B7DFD266ED44} - C:\WINDOWS\system32\xolehlpjh.dll
O21 - SSODL: twainyy.dll - {434FA69C-5F0A-42e1-82B8-10AF2C8E53C6} - C:\WINDOWS\system32\twainyy.dll
O21 - SSODL: avicapwm.dll - {6B9FEAD7-4319-4312-AB05-D8C9CD255BFE} - C:\WINDOWS\system32\avicapwm.dll
O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O21 - SSODL: nwapi32dj.dll - {A2C3BA54-DF75-4881-8EB3-E54B26BBBBC9} - C:\WINDOWS\system32\nwapi32dj.dll
O21 - SSODL: fumwxpus.dll - {21BE5FDF-D4CB-4850-AD99-21E68B50BF3F} - C:\WINDOWS\system32\pntryhml.dll
O21 - SSODL: pntryhml.dll - {21BE5FDF-D4CB-4850-AD99-21E68B50BF3F} - C:\WINDOWS\system32\pntryhml.dll
O21 - SSODL: DesktopWin - {DA191DE0-AA86-4ED0-4B87-292A3D48BE99} - C:\WINDOWS\AppPatch\DesktopWin.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

--
End of file - 9271 bytes
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top