1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Malware and other assorted Virus goodies!

Discussion in 'Virus & Other Malware Removal' started by Possumo, Oct 27, 2007.

Thread Status:
Not open for further replies.
  1. Possumo

    Possumo Thread Starter

    Joined:
    Oct 27, 2007
    Messages:
    3
    Hi guys, I have actually been looking through your forums myself trying to fix my current virus problem, but unfortunately so far no luck.

    I have tried several programs such as Ad-aware, spyware blaster, spybot, avg, Kaspersky, VundoFix,Smitfraudfix all to no avail.

    Three viruses simply refuse to be deleted, whether in safe mode or on reboot via the anti-viruses, but unfortunately i have been unable to find these viruses through google:

    C:\windows\system32\egjlm.ini
    C:\WINDOWS\system32\gebbyxv.dll
    C:\WINDOWS\system32\mljge.dll

    They appear to be connected to the winantiviruspro and assorted other popups that seem to love appearing, and reset my internet explorer cookies settings to accept all cookies (luckily i don't use ie much!). I'm currently using the latest version on firefox and Windows XP SP2. Although these viruses don't really seem to be affecting my computer much (possibly some slowdown?), they are obviously extremely annoying, moreso that they refuse to be removed!

    Anyways heres the Hijack this log:

    ogfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:51, on 2007-10-27
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    D:\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    D:\Kaspersky Anti-Virus 7.0\avp.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    D:\Itunes\iTunesHelper.exe
    D:\Kaspersky Anti-Virus 7.0\avp.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    D:\Curse\CurseClient.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Azureus\Azureus.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    D:\Itunes\iTunes.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\FrostWire\FrostWire.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Oscar Bryant (Ossie)\Desktop\VundoFix.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    D:\HijackThis\HijackThis.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Itunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVP] "D:\Kaspersky Anti-Virus 7.0\avp.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [5c4216d6] rundll32.exe "C:\WINDOWS\system32\liqbqskw.dll",b
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [CurseClient] D:\Curse\CurseClient.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1E62363C-53A1-4467-A60B-4F41296C05C8}: NameServer = 124.254.72.68 124.254.72.70
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1E62363C-53A1-4467-A60B-4F41296C05C8}: NameServer = 124.254.72.68 124.254.72.70
    O17 - HKLM\System\CS4\Services\Tcpip\..\{1E62363C-53A1-4467-A60B-4F41296C05C8}: NameServer = 124.254.72.68 124.254.72.70
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - D:\Kaspersky Anti-Virus 7.0\avp.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 5132 bytes

    Any help would be much appreciated!
     
  2. Possumo

    Possumo Thread Starter

    Joined:
    Oct 27, 2007
    Messages:
    3
    Does anyone have any suggestions? Are there any anti-virus programs i should use or any possible solutions to getting rid of the viruses?

    Again help would be much appreciated.

    Cheers
     
  3. Possumo

    Possumo Thread Starter

    Joined:
    Oct 27, 2007
    Messages:
    3
    Can anyone give me any advice or suggest what i am doing wrong or i should try?

    Is my Hijack log clean? Or should i try another way of posting my possible viruses?

    A response would be much appreciated.

    Cheers
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/644129

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice