1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help needed removing Download.MisleadApp

Discussion in 'Virus & Other Malware Removal' started by netzfuxx, Apr 18, 2008.

Thread Status:
Not open for further replies.
  1. netzfuxx

    netzfuxx Thread Starter

    Joined:
    Apr 18, 2008
    Messages:
    3
    Hi there,
    I`d appreciate some help removing that nasty virus called Download.MisleadApp from my Notebook (Win XP Home, Centrino 1,7, 512 MB, 3 1/2 years old).
    My Symantec virus scanner found it, but can not remove it. I found another thread where it was apparently successfully removed so I thought you might be able to help me as well.
    The problem is that at the moment, though I can boot the PC, I can´t do anything when the desktop has been loaded. I can´t event open Win Explorer. Nothing happens when I click the Start-Button. The only thing I can do is press Ctrl-Alt-Del to see the Task Manager and then shut down the PC again.
    What I did is download all the Tools that were mentioned in the other thread, but as I can´t do anything on the infected PC I can´t start them. Maybe it´s possible to use them from a USB-Stick or copy them to the hd when I start Win in safe mode?
    Thanks, Björn

    Update:
    I managed to start Win Explorer via the command line in Task Manager. Tried to run Hijackthis setup, which I downloaded here http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
    but I got this error message:
    [​IMG]
     
  2. netzfuxx

    netzfuxx Thread Starter

    Joined:
    Apr 18, 2008
    Messages:
    3
    OK I´ve finally managed to install Hijackthis (downloaded a different setup.exe from another site). Hope somebody is able to help me now! Here´s the log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:24:16, on 22.04.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programme\Intel\Wireless\Bin\EvtEng.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programme\Apache Group\Apache2\bin\Apache.exe
    C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Programme\Apache Group\Apache2\bin\Apache.exe
    C:\Programme\FRITZ!DSL\IGDCTRL.EXE
    C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\MySQL\bin\mysqld.exe
    C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Programme\Synaptics\SynTP\SynTPLpr.exe
    C:\Programme\Synaptics\SynTP\SynTPEnh.exe
    C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Programme\Home Cinema\PowerCinema\PCMService.exe
    C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Programme\Portrait Displays\forteManager\DTHtml.exe
    C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\HookManager.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Programme\Windows Media Player\WMPNSCFG.exe
    C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Programme\Apache Group\Apache2\bin\ApacheMonitor.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\explorer.exe
    C:\Programme\Mozilla Firefox\firefox.exe
    C:\Programme\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.medion.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://localhost:8080/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
    O3 - Toolbar: Norton-Symbolleiste anzeigen - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Gemeinsame Dateien\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Programme\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [DT LGE] C:\Programme\Portrait Displays\forteManager\DTHtml.exe -startup_folder
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\SonyEricssonMobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
    O4 - HKLM\..\Run: [a0edf4ad] rundll32.exe "C:\WINDOWS\system32\oagtyvuo.dll",b
    O4 - HKLM\..\Run: [BMa3dec731] Rundll32.exe "C:\WINDOWS\system32\ftlwbvru.dll",s
    O4 - HKCU\..\Run: [AOLMIcon] C:\Programme\Gemeinsame Dateien\AOLSHARE\AOLMIcon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Monitor Apache Servers.lnk = C:\Programme\Apache Group\Apache2\bin\ApacheMonitor.exe
    O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Verweisseiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Ähnliche Seiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O9 - Extra button: MedionShop - {7288F092-0E1C-48D7-852C-D5718D4EC435} - http://www.medionshop.de/ (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
    O15 - Trusted Zone: *.amaena.com
    O15 - Trusted Zone: *.avsystemcare.com
    O15 - Trusted Zone: *.gomyhit.com
    O15 - Trusted Zone: *.imageservr.com
    O15 - Trusted Zone: *.imagesrvr.com
    O15 - Trusted Zone: *.onerateld.com
    O15 - Trusted Zone: *.safetydownload.com
    O15 - Trusted Zone: *.storageguardsoft.com
    O15 - Trusted Zone: *.trustedantivirus.com
    O15 - Trusted Zone: *.virusschlacht.com
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EBCAED89-41EF-4C21-93C3-9F592FDED105}: NameServer = 192.168.122.252,192.168.122.253
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apache2 - Apache Software Foundation - C:\Programme\Apache Group\Apache2\bin\Apache.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
    O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
    O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
    O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Symantec IS Kennwortprüfung (ISPwdSvc) - Symantec Corporation - C:\Programme\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
    O23 - Service: MySQL - Unknown owner - C:\MySQL\bin\mysqld.exe
    O23 - Service: OracleOraHome81Agent - Oracle Corporation - C:\Oracle\ora81\bin\dbsnmp.exe
    O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\Oracle\ora81\BIN\ONRSD.EXE
    O23 - Service: OracleOraHome81DataGatherer - Oracle Corporation - C:\Oracle\ora81\bin\vppdc.exe
    O23 - Service: OracleOraHome81HTTPServer - Unknown owner - C:\Oracle\ora81\Apache\Apache\Apache.exe
    O23 - Service: OracleOraHome81PagingServer - Unknown owner - C:\Oracle\ora81/bin/pagntsrv.exe
    O23 - Service: OracleOraHome81TNSListener - Unknown owner - C:\Oracle\ora81\BIN\TNSLSNR.exe
    O23 - Service: OracleServiceBG - Oracle Corporation - c:\oracle\ora81\bin\ORACLE.EXE
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    --
    End of file - 11295 bytes
     
  3. netzfuxx

    netzfuxx Thread Starter

    Joined:
    Apr 18, 2008
    Messages:
    3
    Bump!
    As suggested in the report-post-form I´d like to bring my post to attention after more than three days without reply. I just added a HJT Log so maybe someone is able to help me now. In case you need a Kaspersky online scan log let me know, I created one too. Thanks!
    Björn
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/704862

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice