persistent viruses/backdoor trojans. please help!!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

felicienne

Thread Starter
Joined
Oct 31, 2007
Messages
1
Hi, I really need help.

AVG has been detecting a LOT of viruses in my PC, like:
Trojan horse IRC/BackDoor.SdBot3.RDR
Trojan horse IRC/BackDoor.SdBot3.SCY
Trojan horse BackDoor.Ircbot.AG
Trojan horse BackDoor.Ircbot.BUC
Trojan horse Generic_c.BVW
Virus: Win32/Virut.O

Those were just some of them. I keep on deleting the files that AVG says are infected, BUT they ALWAYS keep on coming back. A VBScript file "1" and some files such as "dirhttp.exe" and "qhotsew.exe" also always appears in the C: folder. There's one type of file, "84785_redworld.exe", that keeps on coming back in the C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 directory. Also, there are infected files in the System32 folder, and no matter how I keep going into Safe Mode to delete those infected files, they just always keep coming back.

Is there something else I should do/delete to stop these viruses?


Here's my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:45:33 PM, on 10/31/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\wqmfgxo.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\cmd.exe
C:\WINDOWS\System32\cmd.exe
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\System32\cmd.exe
C:\WINDOWS\System32\cmd.exe
C:\WINDOWS\system32\cscript.exe
C:\WINDOWS\System32\cmd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Services] C:\WINDOWS\System32\yptull.exe
O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\System32\csrs.exe
O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINDOWS\System32\rmtsphu.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [pronto] jixz.exe
O4 - HKLM\..\Run: [WinServ 32] wqmfgxo.exe
O4 - HKLM\..\RunServices: [pronto] jixz.exe
O4 - HKLM\..\RunServices: [WinServ 32] wqmfgxo.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe


I also tried Panda ActiveScan online:

Virus:Generic Malware Disinfected Operating system
Adware:adware/purityscan Not disinfected c:\windows\system32\winserv.exe
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\angelo\Cookies\[email protected][2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\angelo\Cookies\[email protected][2].txt
Virus:W32/Sdbot.JUM.worm Disinfected C:\RECYCLER\S-1-5-21-1644491937-854245398-1957994488-1003\Dc63\84785_redworld[1].exe
Virus:W32/Gaobot.OXI.worm Disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GH2NOTIF\84785_redworld[2].exe
Virus:Generic Malware Disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\W52RCPUJ\84785_redworld[1].exe
Virus:W32/Sdbot.JUM.worm Disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\W52RCPUJ\84785_redworld[3].exe
Virus:W32/Sdbot.ftp.worm Disinfected C:\WINDOWS\system32\x
Virus:Trj/Killfiles.AK Disinfected C:\WINDOWS\Temp\C27D8FEF-D7AE-42c0-82E6-F30598265639.exe


BUT, although it says that the viruses have been disinfected, as I said, they just keep coming back. :mad: If someone could give me any help in solving this problem, it would be much appreciated. :) Thanks in advance.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top