Win32 sality infection Help!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

ummabbaas

Thread Starter
Joined
Apr 12, 2006
Messages
11
I just downloaded Avast to help find some virus's on my comp now, that it's "detected" one it says it can not find the file. Can anyone one help. This is the info that I'm getting

File name: C:\Windows\system32\vcmgd32.dll file

malware name: Win32:sality-Al

malware type: virus\worm

Vps version: 0704-0, 01/18/2007



I've tried to move the file to "the chest" & repair the problem but, I keep getting a message saying:

Avast! the system cannot find file specified
cannot process: "C:\Windows\system32\vcmgd32.dll" file


I haven't tried deleting it because I don't know what/where it is and if it will effect other parts of my computer.

I'm also trying to put a Trojan horse in the chest but, it seems to pop up again.

File name: C:\Docume~1\Admin\Locals~1\Temp\Wintpqe.exe\[UPX]

Malware name: Win32Agent-SB[Trj]

Malware type: trojan Horse

VPS version: 0704 - 0, 01/18/2007


ergh can someone help me out?
 

ummabbaas

Thread Starter
Joined
Apr 12, 2006
Messages
11
Is anyone willing to help. Avast is finding viruses all through my computer programs that I use often (example real player) and asking me to put them in the chest. I did this with one of my other programs and it's gone now.

Are these viruses a real threat. I thought that antivirus protectors usually list the threat. Some of my programs are used so often I would rather have them (sounds stupid) but, I use real player weekly for lectures etc. what should I do?
 

ummabbaas

Thread Starter
Joined
Apr 12, 2006
Messages
11
I just downloaded Avast! and it found almost 1500 win32 sality infections in various records. I was putting them in "the chest" but, I don't know how this will effect my computer. Here is my hijackThis log. Can someone help me clean up my computer?

Logfile of HijackThis v1.99.1
Scan saved at 8:46:23 PM, on 1/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll (file missing)
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {38D6D77C-5EC1-4A4A-AFEB-85FE780CD61A} - http://qurancomplex.org/downloads/FontDown.cab
O16 - DPF: {6F0C8A85-8B0D-11D2-801B-00105AA78F4A} (CobAgent4 Class) - http://ecare1a.netopia.com/uhaul3/ecare4/components/CobAgent_4.2.1.316.cab
O16 - DPF: {7873B468-E762-4143-83E6-7258CB6B5D9D} (ECareAgent Class) - http://ecare1a.netopia.com/uhaul3/ecare4/components/ECareAgent.cab
O16 - DPF: {B0067CA5-2C37-4C6B-AAEC-5E2CE8635061} - http://qurancomplex.org/Downloads/FontSmooth.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bonniesbookstore/sis/popcaploader_v10.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by23fd.bay23.hotmail.msn.com/activex/HMAtchmt.ocx
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe


I'll be doing a pandascan soon and posting the results
 

ummabbaas

Thread Starter
Joined
Apr 12, 2006
Messages
11
Okay, I got rid of Avast so I could use pandascan.

Incident Status Location

Potentially unwanted tool:application/funweb Not disinfected c:\program files\FunWebProducts
Potentially unwanted tool:application/mywebsearch Not disinfected c:\program files\MyWebSearch
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
 

ummabbaas

Thread Starter
Joined
Apr 12, 2006
Messages
11
And here's my new HJT log

Logfile of HijackThis v1.99.1
Scan saved at 10:23:51 AM, on 1/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll (file missing)
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {38D6D77C-5EC1-4A4A-AFEB-85FE780CD61A} - http://qurancomplex.org/downloads/FontDown.cab
O16 - DPF: {6F0C8A85-8B0D-11D2-801B-00105AA78F4A} (CobAgent4 Class) - http://ecare1a.netopia.com/uhaul3/ecare4/components/CobAgent_4.2.1.316.cab
O16 - DPF: {7873B468-E762-4143-83E6-7258CB6B5D9D} (ECareAgent Class) - http://ecare1a.netopia.com/uhaul3/ecare4/components/ECareAgent.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B0067CA5-2C37-4C6B-AAEC-5E2CE8635061} - http://qurancomplex.org/Downloads/FontSmooth.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bonniesbookstore/sis/popcaploader_v10.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by23fd.bay23.hotmail.msn.com/activex/HMAtchmt.ocx
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe


I'm getting ready to run kaspersky for the files that pandascan could not get rid of. I'll post the log when I finish.
 

ummabbaas

Thread Starter
Joined
Apr 12, 2006
Messages
11
here's my kaspersky LOG

It keeps telling me it can't find the trojan files

Protection
----------
Total scanned: 220763
Detected: 85
Untreated: 3
Start time: 1/21/2007 10:53:13 AM
Duration: 02:21:54


Detected
--------
Status Object
------ ------
deleted: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winbewwa.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winbluba.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\wincgtqa.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\wincmty.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\wincsmsr.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\wincyxu.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\windfwn.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\windroxbj.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winetarpq.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winfotar.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\wingjkj.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\wingrtnd.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\wingvukor.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winhgea.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winhsntrl.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winirut.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winivoyrx.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winiwvhe.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winjgbhqs.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winjgock.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winjgpcbj.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winjncx.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winjyybj.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winkectqc.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winkntkoy.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winkowd.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winkqiiy.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winkqni.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winkylj.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winlqra.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winmajqp.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winmrxv.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winnbbl.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winnjqs.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winnkkcyw.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winnvetw.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winnxwai.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winpiula.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winpixup.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winpjjtvc.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winptmdw.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winqqnvv.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winrciwyh.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winruady.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winryweno.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winsjpfn.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winugsyx.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winunqeot.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winuthnr.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winwgac.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winwsfxh.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winwsyuxn.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winxhnbt.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winycpa.exe//UPX
not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winygqx.exe//UPX
detected: virus Virus.Win32.Sality.q File: C:\WINDOWS\system32\vcmgcd32.dl_//vcmgcd32.dl_
detected: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win10608.dll
deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win14449.dll
deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win16671.dll
deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win18717.dll
deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win21453.dll
deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win21799.dll
deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win2617.dll
deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win27312.dll
deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win27540.dll
deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win31777.dll
deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win32475.dll
deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win33890.dll
deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win34623.dll
deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win36233.dll
deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win3736.dll
detected: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win4717.dll
deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win47278.dll
deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win51043.dll
deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win52607.dll
deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win53222.dll
deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win53880.dll
deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win57358.dll
deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win57990.dll
deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win60223.dll
deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win65059.dll
deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win8813.dll
deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win9088.dll
deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win9884.dll
deleted: virus Virus.Win32.Sality.q File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP397\A0102824.exe
 

ummabbaas

Thread Starter
Joined
Apr 12, 2006
Messages
11
HJT LOG

Logfile of HijackThis v1.99.1
Scan saved at 1:21:20 PM, on 1/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll (file missing)
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {38D6D77C-5EC1-4A4A-AFEB-85FE780CD61A} - http://qurancomplex.org/downloads/FontDown.cab
O16 - DPF: {6F0C8A85-8B0D-11D2-801B-00105AA78F4A} (CobAgent4 Class) - http://ecare1a.netopia.com/uhaul3/ecare4/components/CobAgent_4.2.1.316.cab
O16 - DPF: {7873B468-E762-4143-83E6-7258CB6B5D9D} (ECareAgent Class) - http://ecare1a.netopia.com/uhaul3/ecare4/components/ECareAgent.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B0067CA5-2C37-4C6B-AAEC-5E2CE8635061} - http://qurancomplex.org/Downloads/FontSmooth.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bonniesbookstore/sis/popcaploader_v10.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by23fd.bay23.hotmail.msn.com/activex/HMAtchmt.ocx
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
 

ummabbaas

Thread Starter
Joined
Apr 12, 2006
Messages
11
Kaspersky has detected itself as a virus and I could no longer really trust it. Does anyone have any other suggestions. My next step is to have the whole computer wiped clean then reinstall everything from the beginning.
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Hi ummabbaas,

Sality is indeed a bad infection. Best solution is to save only your data, format and reload the machine.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top