1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Ramdom internet disconect due to cydoor infection

Discussion in 'Virus & Other Malware Removal' started by RoXe, Mar 16, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. RoXe

    RoXe Thread Starter

    Joined:
    Mar 16, 2010
    Messages:
    11
    Hello.

    I would like some help regarding a recent problem I discovered. My internet connection used to drop after a few minutes of online browsing. Fearing some infection I installed Malwarebytes' Antimalware and made a Quick Scan. It detected an infection called Cydoor and the following log (I apologize for the logs language): (16-35-48)

    Code:
    Malwarebytes' Anti-Malware 1.44
    Versão do banco de dados: 3860
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702
    12-03-2010 16:35:48
    mbam-log-2010-03-12 (16-35-48).txt
    Tipo de Verificação: Rápida
    Objetos verificados: 109305
    Tempo decorrido: 19 minute(s), 8 second(s)
    Processos da Memória infectados: 0
    Módulos de Memória Infectados: 0
    Chaves do Registo infectadas: 1
    Valores do Registo infectados: 0
    Ítens do Registo infectados: 2
    Pastas infectadas: 0
    Ficheiros infectados: 0
    Processos da Memória infectados:
    (Nenhum item malicioso foi detectado)
    Módulos de Memória Infectados:
    (Nenhum item malicioso foi detectado)
    Chaves do Registo infectadas:
    HKEY_CURRENT_USER\Software\Cydoor (AdWare.Cydoor) -> Quarantined and deleted successfully.
    Valores do Registo infectados:
    (Nenhum item malicioso foi detectado)
    Ítens do Registo infectados:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    Pastas infectadas:
    (Nenhum item malicioso foi detectado)
    Ficheiros infectados:
    (Nenhum item malicioso foi detectado)
    After following the Clean instructions I reboted to let Malwarebytes' Antimalware finish the clean up job. The following log was generated after another scan: (19-30-53)

    Code:
    Malwarebytes' Anti-Malware 1.44
    Versão do banco de dados: 3860
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702
    12-03-2010 19:30:53
    mbam-log-2010-03-12 (19-30-53).txt
    Tipo de Verificação: Completa (C:\|)
    Objetos verificados: 175080
    Tempo decorrido: 2 hour(s), 10 minute(s), 52 second(s)
    Processos da Memória infectados: 0
    Módulos de Memória Infectados: 0
    Chaves do Registo infectadas: 0
    Valores do Registo infectados: 0
    Ítens do Registo infectados: 0
    Pastas infectadas: 0
    Ficheiros infectados: 0
    Processos da Memória infectados:
    (Nenhum item malicioso foi detectado)
    Módulos de Memória Infectados:
    (Nenhum item malicioso foi detectado)
    Chaves do Registo infectadas:
    (Nenhum item malicioso foi detectado)
    Valores do Registo infectados:
    (Nenhum item malicioso foi detectado)
    Ítens do Registo infectados:
    (Nenhum item malicioso foi detectado)
    Pastas infectadas:
    (Nenhum item malicioso foi detectado)
    Ficheiros infectados:
    (Nenhum item malicioso foi detectado)
    Altough the infection seemed deleted I ocasionally still get the disconection errors. I used HijackThis to perform a scan and I attached the log file:

    Code:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:42:10, on 16-03-2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programas\Ahead\InCD\InCDsrv.exe
    C:\Programas\Lavasoft\Ad-Aware\AAWService.exe
    C:\Programas\AVG\AVG9\avgchsvx.exe
    C:\Programas\AVG\AVG9\avgrsx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programas\AVG\AVG9\avgcsrvx.exe
    C:\Programas\AVG\AVG9\avgwdsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programas\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programas\AVG\AVG9\avgemc.exe
    C:\Programas\AVG\AVG9\avgnsx.exe
    C:\Programas\Ahead\InCD\InCD.exe
    C:\Programas\FSC\Wireless Wheel Mouse\MOUSE32A.EXE
    C:\Programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\Programas\HP\HP Software Update\HPWuSchd2.exe
    C:\Programas\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programas\AVG\AVG9\avgcsrvx.exe
    C:\Programas\Messenger\msmsgs.exe
    C:\Programas\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Programas\Microsoft Office\Office10\msoffice.exe
    C:\Programas\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Programas\ATI Technologies\ATI.ACE\cli.exe
    C:\Programas\ATI Technologies\ATI.ACE\cli.exe
    C:\Programas\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Programas\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Programas\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Programas\Lavasoft\Ad-Aware\AAWTray.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Programas\Trend Micro\HijackThis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [URL]http://www.bpinet.pt/[/URL]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [URL]http://go.microsoft.com/fwlink/?LinkId=54896[/URL]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [URL]http://go.microsoft.com/fwlink/?LinkId=69157[/URL]
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programas\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG9\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programas\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programas\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programas\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programas\AVG\AVG9\Toolbar\IEToolbar.dll
    O4 - HKLM\..\Run: [InCD] C:\Programas\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Programas\FSC\Wireless Wheel Mouse\MOUSE32A.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Programas\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Programas\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\WINDOWS\system32\rundll32.exe" "C:\Programas\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programas\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [swg] "C:\Programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Programas\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programas\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programas\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programas\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - [URL]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/URL]
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG9\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Programas\AVG\AVG9\avgemc.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programas\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Serviço Google Update (gupdate) (gupdate) - Google Inc. - C:\Programas\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programas\Ahead\InCD\InCDsrv.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programas\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe
    O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
    O24 - Desktop Component 0: (no name) - [URL]http://www.rtp.pt/wportal/entretenimento/jogos/img/img_labirinto.jpg[/URL]
    --
    End of file - 9801 bytes
    Any help regarding this matter would be apreciated.
     

    Attached Files:

  2. RoXe

    RoXe Thread Starter

    Joined:
    Mar 16, 2010
    Messages:
    11
    I must also mention that I use AVG Free 9.0 + Ad-Aware Free 8.2 + Spybot Search & Destroy 1.6.2 (without real time Tea Timer activated).
     
  3. RoXe

    RoXe Thread Starter

    Joined:
    Mar 16, 2010
    Messages:
    11
    If any further information about my system is necessary could someone please specify?
     
  4. RoXe

    RoXe Thread Starter

    Joined:
    Mar 16, 2010
    Messages:
    11
    Could please someone comment on this?
     
  5. RoXe

    RoXe Thread Starter

    Joined:
    Mar 16, 2010
    Messages:
    11
    Bump...
     
  6. RoXe

    RoXe Thread Starter

    Joined:
    Mar 16, 2010
    Messages:
    11
    Bump...
     
  7. RoXe

    RoXe Thread Starter

    Joined:
    Mar 16, 2010
    Messages:
    11
    Can anybody comment?
     
  8. RoXe

    RoXe Thread Starter

    Joined:
    Mar 16, 2010
    Messages:
    11
    Seems I need to bump this every hour or so...
     
  9. RoXe

    RoXe Thread Starter

    Joined:
    Mar 16, 2010
    Messages:
    11
    Bump...
     
  10. RoXe

    RoXe Thread Starter

    Joined:
    Mar 16, 2010
    Messages:
    11
    Bump...
     
  11. RoXe

    RoXe Thread Starter

    Joined:
    Mar 16, 2010
    Messages:
    11
    Bump...
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/910546

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice