1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Infected WinXP Box

Discussion in 'Windows XP' started by spog71, Apr 28, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. spog71

    spog71 Thread Starter

    Joined:
    Apr 28, 2007
    Messages:
    4
    Part 1

    I have been working on this computer for a friend of mine. He claimed it would boot into safe mode.

    Here are the specs:
    Dell Dimension 2400
    Intel Pentium 4 2.53 GHz
    512 MB Ram
    MS Windows XP Home
    Version 2002
    SP2

    I loaded AVG Anti-Virus 7.5 into it as soon as I got it.

    Here is a list of the viruses that were removed.

    Trojan horse PSW.Agent.GYF C:\WINDOWS\system32\dsbshell32.dll 4/27/2007 10:51:08 PM dsbshell32.dll 15 KB
    Trojan horse BackDoor.Generic5.XJH C:\WINDOWS\system32\drivers\ip6fw.sys 4/27/2007 10:51:17 PM ip6fw.sys 7.13 KB
    Trojan horse Generic3.VKZ C:\WINDOWS\Temp\83734.exe 4/27/2007 10:51:23 PM 83734.exe 34.5 KB
    Trojan horse BackDoor.Generic6.ENC C:\WINDOWS\system32\ksys.sys 4/27/2007 10:51:26 PM ksys.sys 3.63 KB
    Trojan horse Proxy.AMP C:\WINDOWS\system32\qux.dll 4/27/2007 10:51:32 PM qux.dll 14.5 KB
    Trojan horse Proxy.MYP C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll 4/28/2007 9:28:05 AM winsys2f.dll 14.49 KB
    Trojan horse Proxy.NAL C:\WINDOWS\system32\a3dxx.dll 4/28/2007 10:50:04 AM a3dxx.dll 9.81 KB
    Trojan horse Clicker.FGI C:\WINDOWS\system32\lzx32.sys 4/28/2007 10:51:12 AM lzx32.sys 69.93 KB
    Virus found Klone C:\WINDOWS\system32\dsoucmp.dll 4/27/2007 9:55:39 PM dsoucmp.dll 16.54 KB
    Trojan horse Downloader.Tibs.4.BB C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89IRK56J\cent[1].exe 4/28/2007 12:16:07 AM cent[1].exe 89.33 KB
    Trojan horse Downloader.Tibs.4.BI C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89IRK56J\cent[2].exe 4/28/2007 12:16:07 AM cent[2].exe 89.33 KB
    Trojan horse Downloader.Tibs.4.BA C:\Documents and Settings\Owner\Local Settings\Temp\2.dllb 4/28/2007 12:16:07 AM 2.dllb 19.16 KB
    Trojan horse SpamTool.UX C:\Documents and Settings\Owner\Local Settings\Temp\2E1.tmp 4/28/2007 12:16:07 AM 2E1.tmp 104.5 KB
    Trojan horse Generic3.VAS C:\Documents and Settings\Owner\Local Settings\Temp\2E2.tmp 4/28/2007 12:16:08 AM 2E2.tmp 75 KB
    Trojan horse SpamTool.UX C:\Documents and Settings\Owner\Local Settings\Temp\32D.tmp 4/28/2007 12:16:08 AM 32D.tmp 104.5 KB
    Trojan horse Generic3.VAS C:\Documents and Settings\Owner\Local Settings\Temp\32E.tmp 4/28/2007 12:16:08 AM 32E.tmp 75 KB
    Trojan horse SpamTool.UX C:\Documents and Settings\Owner\Local Settings\Temp\332.tmp 4/28/2007 12:16:08 AM 332.tmp 104.5 KB
    Trojan horse Downloader.Tibs.4.BA C:\Documents and Settings\Owner\Local Settings\Temp\6.dllb 4/28/2007 12:16:08 AM 6.dllb 7.66 KB
    Trojan horse Downloader.Tibs.4.BA C:\Documents and Settings\Owner\Local Settings\Temp\7.dllb 4/28/2007 12:16:08 AM 7.dllb 7.66 KB
    Trojan horse Downloader.Agent.KJE C:\Documents and Settings\Owner\Local Settings\Temp\qv3xt3.game 4/28/2007 12:16:08 AM qv3xt3.game 18 KB
    Trojan horse Downloader.Agent.KGR C:\Documents and Settings\Owner\Local Settings\Temp\tmp1A4.tmp.exe 4/28/2007 12:16:08 AM tmp1A4.tmp.exe 40 KB
    Trojan horse Generic3.UVC C:\Documents and Settings\Owner\Local Settings\Temp\tmp2DE.tmp.exe 4/28/2007 12:16:08 AM tmp2DE.tmp.exe 48.81 KB
    Trojan horse Downloader.Agent.KGR C:\Documents and Settings\Owner\Local Settings\Temp\tmp327.tmp.exe 4/28/2007 12:16:08 AM tmp327.tmp.exe 40 KB
    Trojan horse Generic3.UUL C:\Documents and Settings\Owner\Local Settings\Temp\tmp328.tmp.exe 4/28/2007 12:16:08 AM tmp328.tmp.exe 120 KB
    Trojan horse Generic3.UZD C:\Documents and Settings\Owner\Local Settings\Temp\tmp358.tmp.exe 4/28/2007 12:16:08 AM tmp358.tmp.exe 48.81 KB
    Trojan horse Downloader.Agent.KGR C:\Documents and Settings\Owner\Local Settings\Temp\tmp412.tmp.exe 4/28/2007 12:16:08 AM tmp412.tmp.exe 40 KB
    Trojan horse Downloader.Agent.KGR C:\Documents and Settings\Owner\Local Settings\Temp\tmpCD.tmp.exe 4/28/2007 12:16:08 AM tmpCD.tmp.exe 40 KB
    Trojan horse Downloader.Agent.KHO C:\Documents and Settings\Owner\Local Settings\Temp\v4x3.ga2me 4/28/2007 12:16:08 AM v4x3.ga2me 12 KB
    Trojan horse Proxy.NAL C:\Documents and Settings\Owner\Local Settings\Temp\vx1t3.game 4/28/2007 12:16:09 AM vx1t3.game 9.81 KB
    Trojan horse Downloader.Tibs.4.BA C:\Documents and Settings\Owner\Local Settings\Temp\vx3t2.game 4/28/2007 12:16:09 AM vx3t2.game 6.8 KB
    Trojan horse Downloader.Tibs.4.BA C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2H0J2161\cent[1].exe 4/28/2007 12:16:09 AM cent[1].exe 89.8 KB
    Trojan horse Downloader.Agent.KGR C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2H0J2161\lientnstaller15_02[1] 4/28/2007 12:16:09 AM lientnstaller15_02[1] 40 KB
    Trojan horse Generic3.VAS C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2H0J2161\winsp4[1].exe 4/28/2007 12:16:09 AM winsp4[1].exe 75 KB
    Trojan horse Proxy.NDA C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\6NEZY1EJ\ecfndijn3fre[1].jpg 4/28/2007 12:16:09 AM ecfndijn3fre[1].jpg 69.34 KB
    Trojan horse Generic3.UZD C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\6NEZY1EJ\fish20070418[1] 4/28/2007 12:16:09 AM fish20070418[1] 48.81 KB
    Trojan horse BackDoor.Agent.FFD C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\6NEZY1EJ\pcfbruytte[1].jpg 4/28/2007 12:16:09 AM pcfbruytte[1].jpg 50.87 KB
    Trojan horse Downloader.Tibs.4.AZ C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KDKV43WR\adv_4[1].exe 4/28/2007 12:16:09 AM adv_4[1].exe 9.3 KB
    Trojan horse Proxy.NCB C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KDKV43WR\dbvuernk3cfre[1].jpg 4/28/2007 12:16:09 AM dbvuernk3cfre[1].jpg 73.64 KB
    Trojan horse Proxy.MZK C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KDKV43WR\dvefni2crew[1].jpg 4/28/2007 12:16:09 AM dvefni2crew[1].jpg 70.71 KB
    Trojan horse Proxy.MZK C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KDKV43WR\dvefni2crew[2].jpg 4/28/2007 12:16:10 AM dvefni2crew[2].jpg 70.71 KB
    Trojan horse Downloader.Tibs.4.BA C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KDKV43WR\pdp[1].exe 4/28/2007 12:16:10 AM pdp[1].exe 39.8 KB
    Trojan horse BackDoor.Agent.FFD C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KDKV43WR\pxbujvfj[1].jpg 4/28/2007 12:16:10 AM pxbujvfj[1].jpg 50.87 KB
    Trojan horse Generic3.UUL C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KDKV43WR\smysmymr20070406[1] 4/28/2007 12:16:10 AM smysmymr20070406[1] 120 KB
    Trojan horse Generic3.UVC C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KPUB8HMF\vodka[1] 4/28/2007 12:16:10 AM vodka[1] 48.81 KB
    Trojan horse SpamTool.UX C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OLO1EVCD\winig[1].exe 4/28/2007 12:16:10 AM winig[1].exe 104.5 KB
    Trojan horse Generic3.VBL C:\WINDOWS\ddddcc.dll 4/28/2007 12:16:18 AM ddddcc.dll 104.26 KB
    Trojan horse BackDoor.Agent.FFD C:\WINDOWS\dfhtgregre.exe 4/28/2007 12:16:18 AM dfhtgregre.exe 50.87 KB
    Trojan horse Proxy.NDA C:\WINDOWS\dqwcesfr.exe 4/28/2007 12:16:18 AM dqwcesfr.exe 69.34 KB
    Trojan horse Proxy.NCB C:\WINDOWS\erthgfwfregre.exe 4/28/2007 12:16:18 AM erthgfwfregre.exe 73.64 KB
    Trojan horse Proxy.MZK C:\WINDOWS\njhbgvbvdc.exe 4/28/2007 12:16:18 AM njhbgvbvdc.exe 70.71 KB
    Trojan horse BackDoor.Agent.FFD C:\WINDOWS\ujyhvfbgfvd.exe 4/28/2007 12:16:19 AM ujyhvfbgfvd.exe 50.87 KB
    Trojan horse Downloader.Tibs.4.BA C:\WINDOWS\xpupdate.exe 4/28/2007 12:16:19 AM xpupdate.exe 19.16 KB
    Trojan horse Clicker.FGI C:\WINDOWS\system32:lzx32.sys 4/28/2007 12:16:19 AM system32:lzx32.sys 69.93 KB
    Trojan horse Downloader.Tibs.4.BA C:\WINDOWS\system32\cent.exe.exe 4/28/2007 12:16:19 AM cent.exe.exe 89.8 KB
    Trojan horse Downloader.Tibs.4.BA C:\WINDOWS\system32\dlh9jkd1q2.exe 4/28/2007 12:16:19 AM dlh9jkd1q2.exe 19.16 KB
    Trojan horse Downloader.Tibs.4.BA C:\WINDOWS\system32\dlh9jkd1q6.exe 4/28/2007 12:16:19 AM dlh9jkd1q6.exe 7.66 KB
    Trojan horse Downloader.Tibs.4.BA C:\WINDOWS\system32\dlh9jkd1q7.exe 4/28/2007 12:16:19 AM dlh9jkd1q7.exe 7.66 KB
    Trojan horse Downloader.Tibs.4.AZ C:\WINDOWS\system32\kernels32.exe 4/28/2007 12:16:19 AM kernels32.exe 9.3 KB
    Trojan horse Downloader.Tibs.4.BA C:\WINDOWS\system32\pdp.exe.exe 4/28/2007 12:16:20 AM pdp.exe.exe 39.8 KB
    Trojan horse Generic3.VBJ C:\WINDOWS\system32\tmp2DE.tmp.dll 4/28/2007 12:16:20 AM tmp2DE.tmp.dll 36.78 KB
    Trojan horse Downloader.Tibs.4.BA C:\WINDOWS\system32\vexg4am1et2.exe 4/28/2007 12:16:20 AM vexg4am1et2.exe 6.8 KB
    Trojan horse Downloader.Agent.KHO C:\WINDOWS\system32\vexga5me3.exe 4/28/2007 12:16:20 AM vexga5me3.exe 12 KB
    Trojan horse Generic3.NLG C:\WINDOWS\system32\ws2_32.dll:fork2 4/28/2007 12:16:20 AM ws2_32.dll:fork2 22 KB
    Trojan horse Downloader.Tibs.4.AZ C:\WINDOWS\system32\~.exe 4/28/2007 12:16:21 AM ~.exe 9.3 KB
    Trojan horse BackDoor.Generic5.XJH C:\WINDOWS\system32\drivers\ip6fw.sys 4/28/2007 12:16:21 AM ip6fw.sys 7.13 KB
    Trojan horse SpamTool.UN C:\WINDOWS\system32\drivers\ndis.sys 4/28/2007 12:16:21 AM ndis.sys 274.75 KB
    Trojan horse Downloader.Tibs.4.BI C:\WINDOWS\Temp\win5F74.tmp 4/28/2007 12:16:21 AM win5F74.tmp 29.33 KB
    Trojan horse Downloader.Tibs.4.BI C:\WINDOWS\Temp\winB987.tmp 4/28/2007 12:16:21 AM winB987.tmp 29.33 KB
    Trojan horse Proxy.MVQ C:\WINDOWS\system32\adllsmmp.exe 4/27/2007 10:23:23 PM adllsmmp.exe 72.37 KB
    Trojan horse Proxy.MXF C:\WINDOWS\system32\iocndtl.exe 4/27/2007 10:23:24 PM iocndtl.exe 70.64 KB
    Trojan horse Proxy.MXD C:\WINDOWS\system32\mseacx.exe 4/27/2007 10:23:24 PM mseacx.exe 74.56 KB
    Trojan horse Proxy.MSA C:\WINDOWS\twain_32.exe 4/27/2007 10:23:25 PM twain_32.exe 14.5 KB
    Trojan horse Downloader.Generic.QUS C:\Documents and Settings\Owner\Local Settings\Temp\1.dllb 4/27/2007 10:23:25 PM 1.dllb 2.46 KB
    Trojan horse Downloader.Tibs.4.Q C:\Documents and Settings\Owner\Local Settings\Temp\5.dllb 4/27/2007 10:23:25 PM 5.dllb 7.63 KB
    Trojan horse Proxy.MSA C:\Documents and Settings\Owner\Local Settings\Temp\lghruxkb.exe 4/27/2007 10:23:25 PM lghruxkb.exe 14.5 KB
    Trojan horse Downloader.Generic.QUS C:\Documents and Settings\Owner\Local Settings\Temp\qvxt34.game 4/27/2007 10:23:25 PM qvxt34.game 1.59 KB
    Trojan horse Downloader.Generic.QUS C:\Documents and Settings\Owner\Local Settings\Temp\qvxt42.game 4/27/2007 10:23:25 PM qvxt42.game 1.59 KB
    Trojan horse Downloader.Tibs.4.V C:\Documents and Settings\Owner\Local Settings\Temp\spoolsvv.exe 4/27/2007 10:23:25 PM spoolsvv.exe 29.15 KB
    Trojan horse Generic2.QIK C:\Documents and Settings\Owner\Local Settings\Temp\tmp9D.tmp.exe 4/27/2007 10:23:25 PM tmp9D.tmp.exe 41.55 KB
    Trojan horse Dropper.Agent.CZC C:\Documents and Settings\Owner\Local Settings\Temp\tmpB1.tmp.exe 4/27/2007 10:23:25 PM tmpB1.tmp.exe 41.68 KB
    Trojan horse Generic3.HHN C:\Documents and Settings\Owner\Local Settings\Temp\tmpBF.tmp.exe 4/27/2007 10:23:25 PM tmpBF.tmp.exe 104.52 KB
    Trojan horse Agent.AHW C:\Documents and Settings\Owner\Local Settings\Temp\tmpC1.tmp.exe 4/27/2007 10:23:26 PM tmpC1.tmp.exe 105 KB
    Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI27B.tmp.exe 4/27/2007 10:23:26 PM UNI27B.tmp.exe 405.38 KB
    Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI27C.tmp.exe 4/27/2007 10:23:26 PM UNI27C.tmp.exe 405.38 KB
    Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI27F.tmp.exe 4/27/2007 10:23:26 PM UNI27F.tmp.exe 405.38 KB
    Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI280.tmp.exe 4/27/2007 10:23:26 PM UNI280.tmp.exe 405.38 KB
    Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI281.tmp.exe 4/27/2007 10:23:26 PM UNI281.tmp.exe 405.38 KB
    Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI282.tmp.exe 4/27/2007 10:23:26 PM UNI282.tmp.exe 405.38 KB
    Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI283.tmp.exe 4/27/2007 10:23:26 PM UNI283.tmp.exe 405.38 KB
    Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI286.tmp.exe 4/27/2007 10:23:26 PM UNI286.tmp.exe 405.38 KB
    Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI289.tmp.exe 4/27/2007 10:23:26 PM UNI289.tmp.exe 405.38 KB
    Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI28A.tmp.exe 4/27/2007 10:23:26 PM UNI28A.tmp.exe 405.38 KB
    Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI28D.tmp.exe 4/27/2007 10:23:26 PM UNI28D.tmp.exe 405.38 KB
    Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI28F.tmp.exe 4/27/2007 10:23:26 PM UNI28F.tmp.exe 405.38 KB
    Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI293.tmp.exe 4/27/2007 10:23:26 PM UNI293.tmp.exe 405.38 KB
    Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI29E.tmp.exe 4/27/2007 10:23:26 PM UNI29E.tmp.exe 405.38 KB
    Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI2A2.tmp.exe 4/27/2007 10:23:26 PM UNI2A2.tmp.exe 405.38 KB
    Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI2A8.tmp.exe 4/27/2007 10:23:26 PM UNI2A8.tmp.exe 405.38 KB
    Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI2AB.tmp.exe 4/27/2007 10:23:27 PM UNI2AB.tmp.exe 405.38 KB
    Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI2AF.tmp.exe 4/27/2007 10:23:27 PM UNI2AF.tmp.exe 405.38 KB
    Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI2C8.tmp.exe 4/27/2007 10:23:27 PM UNI2C8.tmp.exe 405.38 KB
    Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI3B5.tmp.exe 4/27/2007 10:23:27 PM UNI3B5.tmp.exe 405.38 KB
    Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI3BC.tmp.exe 4/27/2007 10:23:27 PM UNI3BC.tmp.exe 405.38 KB
    Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI3CA.tmp.exe 4/27/2007 10:23:27 PM UNI3CA.tmp.exe 405.38 KB
    Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI3E8.tmp.exe 4/27/2007 10:23:27 PM UNI3E8.tmp.exe 405.38 KB
    Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI43A.tmp.exe 4/27/2007 10:23:27 PM UNI43A.tmp.exe 405.38 KB
    Trojan horse BackDoor.Agent.AFJ C:\Documents and Settings\Owner\Local Settings\Temp\UNI43E.tmp.exe 4/27/2007 10:23:27 PM UNI43E.tmp.exe 405.38 KB
    Trojan horse Proxy.MZJ C:\Documents and Settings\Owner\Local Settings\Temp\v3x1.g22me 4/27/2007 10:23:27 PM v3x1.g22me 19 KB
    Trojan horse Downloader.Generic2.QMT C:\Documents and Settings\Owner\Local Settings\Temp\v4x6.gam5e 4/27/2007 10:23:27 PM v4x6.gam5e 5 KB
    Trojan horse Downloader.Generic4.EFR C:\Documents and Settings\Owner\Local Settings\Temp\v5x2.g3ame 4/27/2007 10:23:27 PM v5x2.g3ame 9 KB
    Trojan horse Downloader.Generic2.YNY C:\Documents and Settings\Owner\Local Settings\Temp\v5x4.ga2me 4/27/2007 10:23:27 PM v5x4.ga2me 14 KB
    Trojan horse Downloader.Tibs.3.I C:\Documents and Settings\Owner\Local Settings\Temp\v6xt4.game 4/27/2007 10:23:27 PM v6xt4.game 29 KB
    Trojan horse Downloader.Tibs.4.W C:\Documents and Settings\Owner\Local Settings\Temp\vx1t1.game 4/27/2007 10:23:27 PM vx1t1.game 6.85 KB
    Trojan horse Proxy.MVW C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2H0J2161\eenvfei[1].jpg 4/27/2007 10:23:27 PM eenvfei[1].jpg 52.86 KB
    Virus identified Exploit C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\63JFERTI\exp4[1].htm 4/27/2007 10:23:28 PM exp4[1].htm 6 KB
    Trojan horse Proxy.MVQ C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\6NEZY1EJ\dbcuejr1xdew[1].jpg 4/27/2007 10:23:28 PM dbcuejr1xdew[1].jpg 72.37 KB
    Trojan horse Proxy.MXF C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\6NEZY1EJ\dvngernke4fwre[1].jpg 4/27/2007 10:23:28 PM dvngernke4fwre[1].jpg 70.64 KB
    Trojan horse Proxy.MXD C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KDKV43WR\dvbrtunj5cew[1].jpg 4/27/2007 10:23:28 PM dvbrtunj5cew[1].jpg 74.56 KB
    Trojan horse Dropper.Agent.AOI C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OLO1EVCD\krab11[1].exe 4/27/2007 10:23:28 PM krab11[1].exe 17.73 KB
    Trojan horse Clicker.BWL C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OLO1EVCD\runfile[1].exe 4/27/2007 10:23:28 PM runfile[1].exe 10.5 KB
    Virus identified Exploit.ANI C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\U23KXD4D\123[1].htm 4/27/2007 10:23:28 PM 123[1].htm 1024 bytes
    Trojan horse Generic3.KTH C:\Program Files\BraveSentry\BraveSentry.exe 4/27/2007 10:23:32 PM BraveSentry.exe 460 KB
    Trojan horse Generic3.QJE C:\Program Files\BraveSentry\BraveSentry1.dll 4/27/2007 10:23:32 PM BraveSentry1.dll 44 KB
    Trojan horse Generic3.QIJ C:\Program Files\BraveSentry\BraveSentry3.dll 4/27/2007 10:23:32 PM BraveSentry3.dll 40 KB
    Trojan horse Downloader.Agent.9.BL C:\Program Files\Enigma Software Group\SpyHunter\Backup\2ndsrch.dll.dat 4/27/2007 10:23:32 PM 2ndsrch.dll.dat 63.63 KB
    Trojan horse Downloader.Generic.QUS C:\Program Files\Enigma Software Group\SpyHunter\Backup\dlh9jkd1q1.exe.dat 4/27/2007 10:23:32 PM dlh9jkd1q1.exe.dat 2.46 KB
    Trojan horse Generic2.ZJT C:\Program Files\Enigma Software Group\SpyHunter\Backup\mpp2pl.exe.dat 4/27/2007 10:23:32 PM mpp2pl.exe.dat 49.95 KB
    Trojan horse Downloader.Generic.QUS C:\Program Files\Enigma Software Group\SpyHunter\Backup\qvx5gamet2.exe.dat 4/27/2007 10:23:33 PM qvx5gamet2.exe.dat 1.62 KB
    Trojan horse Small.BM C:\Program Files\Enigma Software Group\SpyHunter\Backup\rsysinit.exe.dat 4/27/2007 10:23:33 PM rsysinit.exe.dat 1.48 KB
    Trojan horse BackDoor.Agent.AFJ C:\Program Files\MediaPipe\ItBill.exe 4/27/2007 10:23:33 PM ItBill.exe 405.38 KB
    Trojan horse Generic3.NKQ C:\WINDOWS\cbxvur.dll 4/27/2007 10:23:33 PM cbxvur.dll 102.82 KB
    Trojan horse Proxy.KYO C:\WINDOWS\comdlg64.dll 4/27/2007 10:23:33 PM comdlg64.dll 4 KB
    Trojan horse Proxy.MVQ C:\WINDOWS\erthgwtgr.exe 4/27/2007 10:23:33 PM erthgwtgr.exe 72.37 KB
    Trojan horse Proxy.MXD C:\WINDOWS\hgfegrthhtr.exe 4/27/2007 10:23:34 PM hgfegrthhtr.exe 74.56 KB
    Trojan horse Proxy.MXF C:\WINDOWS\hrtscdfvfgfr.exe 4/27/2007 10:23:34 PM hrtscdfvfgfr.exe 70.64 KB
    Trojan horse Generic3.NKQ C:\WINDOWS\pmlkhh.dll 4/27/2007 10:23:34 PM pmlkhh.dll 102.82 KB
    Trojan horse Downloader.Generic3.XKX C:\WINDOWS\qopmki.dll 4/27/2007 10:23:34 PM qopmki.dll 102.67 KB
    Trojan horse Proxy.MXD C:\WINDOWS\uyrgrefe.exe 4/27/2007 10:23:34 PM uyrgrefe.exe 74.56 KB
    Trojan horse Proxy.MVW C:\WINDOWS\wvdbhthrge.exe 4/27/2007 10:23:34 PM wvdbhthrge.exe 52.86 KB
    Trojan horse Dropper.Delf.4.AC C:\WINDOWS\bundles\HelperInstaller.exe 4/27/2007 10:23:34 PM HelperInstaller.exe 403.62 KB
    Trojan horse Dropper.Surfside.A C:\WINDOWS\bundles\SSK_B5.EXE 4/27/2007 10:23:34 PM SSK_B5.EXE 18 KB
    Trojan horse Downloader.Generic2.QJQ C:\WINDOWS\system32\awvtrsr.dll 4/27/2007 10:23:34 PM awvtrsr.dll 7.73 KB
    Trojan horse Downloader.Tibs.4.Q C:\WINDOWS\system32\dlh9jkd1q5.exe 4/27/2007 10:23:34 PM dlh9jkd1q5.exe 7.63 KB
    Trojan horse Generic3.HQU C:\WINDOWS\system32\tmp372.tmp.dll 4/27/2007 10:23:35 PM tmp372.tmp.dll 35.8 KB
    Trojan horse Generic2.MRU C:\WINDOWS\system32\tmp390.tmp.dll 4/27/2007 10:23:35 PM tmp390.tmp.dll 34.84 KB
    Trojan horse Generic2.JLG C:\WINDOWS\system32\tmp9D.tmp.dll 4/27/2007 10:23:35 PM tmp9D.tmp.dll 35.78 KB
    Trojan horse Generic2.AAAY C:\WINDOWS\system32\tmpAF.tmp.dll 4/27/2007 10:23:35 PM tmpAF.tmp.dll 35.87 KB
    Trojan horse Generic3.HFR C:\WINDOWS\system32\tmpB1.tmp.dll 4/27/2007 10:23:35 PM tmpB1.tmp.dll 36.4 KB
    Trojan horse Downloader.Apropo.AG C:\WINDOWS\system32\vbacz1.exe 4/27/2007 10:23:35 PM vbacz1.exe 88 KB
    Trojan horse Downloader.Generic2.YNY C:\WINDOWS\system32\vexg6ame4.exe 4/27/2007 10:23:35 PM vexg6ame4.exe 14 KB
    Trojan horse Downloader.Tibs.4.W C:\WINDOWS\system32\vexga1me4t1.exe 4/27/2007 10:23:35 PM vexga1me4t1.exe 6.85 KB
    Trojan horse Downloader.Generic4.EFR C:\WINDOWS\system32\vexga3me2.exe 4/27/2007 10:23:35 PM vexga3me2.exe 9 KB
    Trojan horse Downloader.Tibs.3.I C:\WINDOWS\system32\vexga4m1et4.exe 4/27/2007 10:23:35 PM vexga4m1et4.exe 29 KB
    Trojan horse Proxy.MZJ C:\WINDOWS\system32\vexga4me1.exe 4/27/2007 10:23:35 PM vexga4me1.exe 19 KB
    Virus identified I-Worm/Generic.BBI C:\WINDOWS\system32\wincom32.sys 4/27/2007 10:23:36 PM wincom32.sys 54.75 KB
    Trojan horse Generic3.NLG C:\WINDOWS\system32\ws2_32.dll:fork2 4/27/2007 10:23:36 PM ws2_32.dll:fork2 22 KB
    Trojan horse BackDoor.Generic5.XJH C:\WINDOWS\system32\drivers\ip6fw.sys 4/27/2007 10:23:36 PM ip6fw.sys 7.13 KB
    Virus found Exploit C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\U23KXD4D\exp1[1].htm 4/28/2007 12:21:29 AM exp1[1].htm 3.75 KB
    Virus found Exploit C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\U23KXD4D\exp2[1].htm 4/28/2007 12:21:33 AM exp2[1].htm 6.41 KB
    Trojan horse Generic3.VAX C:\WINDOWS\system32\tmp358.tmp.dll 4/27/2007 10:35:00 PM tmp358.tmp.dll 37 KB
    Trojan horse Proxy.NCB C:\WINDOWS\system32\dschkmos.exe 4/27/2007 10:36:02 PM dschkmos.exe 73.64 KB
    Trojan horse Proxy.MZK C:\WINDOWS\system32\iedledcs.exe 4/27/2007 10:36:02 PM iedledcs.exe 70.71 KB
    Trojan horse IRC/BackDoor.SdBot2.YTY C:\WINDOWS\system32\qvxga7met4.exe 4/27/2007 10:36:03 PM qvxga7met4.exe 92.33 KB
    Trojan horse Downloader.Tibs.4.BI C:\WINDOWS\system32\spoolsvv.exe 4/27/2007 10:36:03 PM spoolsvv.exe 29.33 KB
    Trojan horse BackDoor.Agent.FFD C:\WINDOWS\system32\sysqwayz.exe 4/27/2007 10:36:03 PM sysqwayz.exe 50.87 KB
    Trojan horse Downloader.Agent.KHR C:\WINDOWS\updater.exe 4/27/2007 10:36:04 PM updater.exe 43.5 KB
     
  2. spog71

    spog71 Thread Starter

    Joined:
    Apr 28, 2007
    Messages:
    4
    Part 2

    Once these viruses were removed, I rebooted the system, ran the AVG again. No threats.

    Now, the network adapters have been disabled. The original one is part of the motherboard (Broadcom 440x 10/100). I have tried removing it in the hardware config, and reinstalling. All I get is a Code 39 in Windows. I tried installing a second card (Hawking w/ Realtek chipset). I have the same problem. It appears that this machine is still infected with something, or one of the infections killed some of the network drivers or services.

    Here is the most recent HJT scan:

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 10:23:21 PM, on 4/28/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\netdde.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\UnHackMe\hackmon.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\HiJackThis\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://explorer/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O2 - BHO: (no name) - {10E0A43E-19D3-4E1E-A9AE-D25FE59A1079} - C:\WINDOWS\system32\dsoucmp.dll (file missing)
    O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\tmp358.tmp.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SpyHunter] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139940057453
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://photoservices.van.fedex.com/software/ImageUploader4.cab
    O20 - Winlogon Notify: A3dxq - C:\WINDOWS\system32\a3dxx.dll (file missing)
    O20 - Winlogon Notify: dsoucmp - dsoucmp.dll (file missing)
    O21 - SSODL: fAVGETLznYc - {CCF90A36-6653-A09C-7802-CC4CB01287ED} - C:\WINDOWS\system32\qux.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    --
    End of file - 5897 bytes

    I thank you for any help or insight you can provide.

    Thanks,
     
  3. spog71

    spog71 Thread Starter

    Joined:
    Apr 28, 2007
    Messages:
    4
    bump
     
  4. spog71

    spog71 Thread Starter

    Joined:
    Apr 28, 2007
    Messages:
    4
    I have solved this one myself by wiping the hard drive and re-installing the OS.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/567826