1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Huge Virus / Can't Scandisk / Can't Remove Protected Viral Files

Discussion in 'Virus & Other Malware Removal' started by shipbreaker, Feb 14, 2005.

Thread Status:
Not open for further replies.
  1. shipbreaker

    shipbreaker Thread Starter

    Joined:
    Feb 14, 2005
    Messages:
    2
    Bit Defender says I have "backdoor.dumador.ai"
    Panda Titanium says I have "

    I have removed the offending registry keys
    windows me starts fine
    but I cannot run ScanDisk
    not in safe mode either.

    Below is my hijack this log
    please help if you know what might be causing this.. perhaps it is getting stuck on the 1.26 gigabytes of infected .cpy files

    Logfile of HijackThis v1.99.0
    Scan saved at 3:17:10 PM, on 2/14/2005
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Unable to get Internet Explorer version!

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\WINDOWS\SYSTEM\MDM.EXE
    C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE
    C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE
    C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2005\PAVFNSVR.EXE
    C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2005\PSIMSVC.EXE
    C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2005\PAVPROT9.EXE
    C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2005\PREVSRV.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
    C:\PROGRAM FILES\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
    C:\PROGRAM FILES\SONY\VAIO ACTION SETUP\VASERV.EXE
    C:\PROGRAM FILES\TRILLIAN\TRILLIAN.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\RSRCMTR.EXE
    C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2005\AVLTMAIN.EXE
    C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2005\APVXDWIN.EXE
    C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2005\WEBPROXY.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\DESKTOP\BDOWNELOADN\HIJACKTHIS\HIJACKTHIS.EXE
    C:\WINDOWS\SYSTEM\MSIEXEC.EXE
    C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\ENGINE\6\INTEL 32\KNLWRAP.EXE
    C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\ENGINE\6\INTEL 32\IKERNEL.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.10.1:6588
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [BDNewsAgent] C:\PROGRAM FILES\SOFTWIN\BITDEFENDER FREE EDITION\bdnagent.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
    O4 - HKLM\..\RunServices: [BitDefender Scan Server] C:\Program Files\Common Files\Softwin\BitDefender Scan Server\\bdss.exe
    O4 - HKLM\..\RunServices: [BitDefender Communicator] C:\Program Files\Common Files\Softwin\BitDefender Communicator\\xcommsvr.exe
    O4 - HKLM\..\RunServices: [BitDefender Live! Init] C:\Program Files\Softwin\BitDefender Free Edition\\bdinit.exe
    O4 - HKLM\..\RunServices: [PavProc] "C:\Program Files\Common Files\Panda Software\PavShld\PavPrS9x.exe"
    O4 - HKLM\..\RunServices: [PAVFNSVR] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe"
    O4 - HKLM\..\RunServices: [PSIMSVC] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PSIMSVC.exe"
    O4 - HKLM\..\RunServices: [Pavprot9] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavprot9.exe"
    O4 - HKLM\..\RunServices: [Panda Preventium+ Service] "C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2005\PREVSRV.EXE"
    O4 - HKLM\..\RunServices: [DkService] C:\Program Files\Executive Software\DiskeeperLite\DkService.exe
    O4 - HKLM\..\RunOnce: [hhctrl.ocx] C:\WINDOWS\SYSTEM\regsvr32 /s C:\WINDOWS\SYSTEM\hhctrl.ocx
    O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE" -turbo
    O4 - Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
    O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
    O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/330523

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice