1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Win32 sality infection Help!

Discussion in 'Virus & Other Malware Removal' started by ummabbaas, Jan 20, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. ummabbaas

    ummabbaas Thread Starter

    Joined:
    Apr 12, 2006
    Messages:
    11
    I just downloaded Avast to help find some virus's on my comp now, that it's "detected" one it says it can not find the file. Can anyone one help. This is the info that I'm getting

    File name: C:\Windows\system32\vcmgd32.dll file

    malware name: Win32:sality-Al

    malware type: virus\worm

    Vps version: 0704-0, 01/18/2007



    I've tried to move the file to "the chest" & repair the problem but, I keep getting a message saying:

    Avast! the system cannot find file specified
    cannot process: "C:\Windows\system32\vcmgd32.dll" file


    I haven't tried deleting it because I don't know what/where it is and if it will effect other parts of my computer.

    I'm also trying to put a Trojan horse in the chest but, it seems to pop up again.

    File name: C:\Docume~1\Admin\Locals~1\Temp\Wintpqe.exe\[UPX]

    Malware name: Win32Agent-SB[Trj]

    Malware type: trojan Horse

    VPS version: 0704 - 0, 01/18/2007


    ergh can someone help me out?
     
  2. ummabbaas

    ummabbaas Thread Starter

    Joined:
    Apr 12, 2006
    Messages:
    11
    Is anyone willing to help. Avast is finding viruses all through my computer programs that I use often (example real player) and asking me to put them in the chest. I did this with one of my other programs and it's gone now.

    Are these viruses a real threat. I thought that antivirus protectors usually list the threat. Some of my programs are used so often I would rather have them (sounds stupid) but, I use real player weekly for lectures etc. what should I do?
     
  3. ummabbaas

    ummabbaas Thread Starter

    Joined:
    Apr 12, 2006
    Messages:
    11
    I just downloaded Avast! and it found almost 1500 win32 sality infections in various records. I was putting them in "the chest" but, I don't know how this will effect my computer. Here is my hijackThis log. Can someone help me clean up my computer?

    Logfile of HijackThis v1.99.1
    Scan saved at 8:46:23 PM, on 1/20/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\NetWaiting\netWaiting.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
    C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll (file missing)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll (file missing)
    O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {38D6D77C-5EC1-4A4A-AFEB-85FE780CD61A} - http://qurancomplex.org/downloads/FontDown.cab
    O16 - DPF: {6F0C8A85-8B0D-11D2-801B-00105AA78F4A} (CobAgent4 Class) - http://ecare1a.netopia.com/uhaul3/ecare4/components/CobAgent_4.2.1.316.cab
    O16 - DPF: {7873B468-E762-4143-83E6-7258CB6B5D9D} (ECareAgent Class) - http://ecare1a.netopia.com/uhaul3/ecare4/components/ECareAgent.cab
    O16 - DPF: {B0067CA5-2C37-4C6B-AAEC-5E2CE8635061} - http://qurancomplex.org/Downloads/FontSmooth.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bonniesbookstore/sis/popcaploader_v10.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by23fd.bay23.hotmail.msn.com/activex/HMAtchmt.ocx
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe


    I'll be doing a pandascan soon and posting the results
     
  4. ummabbaas

    ummabbaas Thread Starter

    Joined:
    Apr 12, 2006
    Messages:
    11
    Avast has detected pandascan as a virus "Win32CTX" what should I do ?
     
  5. ummabbaas

    ummabbaas Thread Starter

    Joined:
    Apr 12, 2006
    Messages:
    11
    Okay, I got rid of Avast so I could use pandascan.

    Incident Status Location

    Potentially unwanted tool:application/funweb Not disinfected c:\program files\FunWebProducts
    Potentially unwanted tool:application/mywebsearch Not disinfected c:\program files\MyWebSearch
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
    Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
    Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
    Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
    Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
    Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
    Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
     
  6. ummabbaas

    ummabbaas Thread Starter

    Joined:
    Apr 12, 2006
    Messages:
    11
    And here's my new HJT log

    Logfile of HijackThis v1.99.1
    Scan saved at 10:23:51 AM, on 1/21/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\NetWaiting\netWaiting.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
    O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll (file missing)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll (file missing)
    O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {38D6D77C-5EC1-4A4A-AFEB-85FE780CD61A} - http://qurancomplex.org/downloads/FontDown.cab
    O16 - DPF: {6F0C8A85-8B0D-11D2-801B-00105AA78F4A} (CobAgent4 Class) - http://ecare1a.netopia.com/uhaul3/ecare4/components/CobAgent_4.2.1.316.cab
    O16 - DPF: {7873B468-E762-4143-83E6-7258CB6B5D9D} (ECareAgent Class) - http://ecare1a.netopia.com/uhaul3/ecare4/components/ECareAgent.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B0067CA5-2C37-4C6B-AAEC-5E2CE8635061} - http://qurancomplex.org/Downloads/FontSmooth.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bonniesbookstore/sis/popcaploader_v10.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by23fd.bay23.hotmail.msn.com/activex/HMAtchmt.ocx
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe


    I'm getting ready to run kaspersky for the files that pandascan could not get rid of. I'll post the log when I finish.
     
  7. ummabbaas

    ummabbaas Thread Starter

    Joined:
    Apr 12, 2006
    Messages:
    11
    here's my kaspersky LOG

    It keeps telling me it can't find the trojan files

    Protection
    ----------
    Total scanned: 220763
    Detected: 85
    Untreated: 3
    Start time: 1/21/2007 10:53:13 AM
    Duration: 02:21:54


    Detected
    --------
    Status Object
    ------ ------
    deleted: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winbewwa.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winbluba.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\wincgtqa.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\wincmty.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\wincsmsr.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\wincyxu.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\windfwn.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\windroxbj.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winetarpq.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winfotar.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\wingjkj.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\wingrtnd.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\wingvukor.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winhgea.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winhsntrl.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winirut.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winivoyrx.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winiwvhe.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winjgbhqs.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winjgock.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winjgpcbj.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winjncx.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winjyybj.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winkectqc.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winkntkoy.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winkowd.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winkqiiy.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winkqni.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winkylj.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winlqra.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winmajqp.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winmrxv.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winnbbl.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winnjqs.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winnkkcyw.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winnvetw.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winnxwai.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winpiula.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winpixup.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winpjjtvc.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winptmdw.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winqqnvv.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winrciwyh.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winruady.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winryweno.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winsjpfn.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winugsyx.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winunqeot.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winuthnr.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winwgac.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winwsfxh.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winwsyuxn.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winxhnbt.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winycpa.exe//UPX
    not found: Trojan program Trojan-Spy.Win32.Goldun.lm File: C:\Documents and Settings\Admin\Local Settings\Temp\winygqx.exe//UPX
    detected: virus Virus.Win32.Sality.q File: C:\WINDOWS\system32\vcmgcd32.dl_//vcmgcd32.dl_
    detected: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win10608.dll
    deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win14449.dll
    deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win16671.dll
    deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win18717.dll
    deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win21453.dll
    deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win21799.dll
    deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win2617.dll
    deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win27312.dll
    deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win27540.dll
    deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win31777.dll
    deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win32475.dll
    deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win33890.dll
    deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win34623.dll
    deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win36233.dll
    deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win3736.dll
    detected: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win4717.dll
    deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win47278.dll
    deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win51043.dll
    deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win52607.dll
    deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win53222.dll
    deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win53880.dll
    deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win57358.dll
    deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win57990.dll
    deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win60223.dll
    deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win65059.dll
    deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win8813.dll
    deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win9088.dll
    deleted: Trojan program Trojan-Proxy.Win32.Agent.ll File: C:\WINDOWS\system32\win9884.dll
    deleted: virus Virus.Win32.Sality.q File: C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP397\A0102824.exe
     
  8. ummabbaas

    ummabbaas Thread Starter

    Joined:
    Apr 12, 2006
    Messages:
    11
    HJT LOG

    Logfile of HijackThis v1.99.1
    Scan saved at 1:21:20 PM, on 1/21/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Program Files\NetWaiting\netWaiting.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
    O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll (file missing)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll (file missing)
    O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {38D6D77C-5EC1-4A4A-AFEB-85FE780CD61A} - http://qurancomplex.org/downloads/FontDown.cab
    O16 - DPF: {6F0C8A85-8B0D-11D2-801B-00105AA78F4A} (CobAgent4 Class) - http://ecare1a.netopia.com/uhaul3/ecare4/components/CobAgent_4.2.1.316.cab
    O16 - DPF: {7873B468-E762-4143-83E6-7258CB6B5D9D} (ECareAgent Class) - http://ecare1a.netopia.com/uhaul3/ecare4/components/ECareAgent.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B0067CA5-2C37-4C6B-AAEC-5E2CE8635061} - http://qurancomplex.org/Downloads/FontSmooth.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bonniesbookstore/sis/popcaploader_v10.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by23fd.bay23.hotmail.msn.com/activex/HMAtchmt.ocx
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
     
  9. ummabbaas

    ummabbaas Thread Starter

    Joined:
    Apr 12, 2006
    Messages:
    11
    Kaspersky has detected itself as a virus and I could no longer really trust it. Does anyone have any other suggestions. My next step is to have the whole computer wiped clean then reinstall everything from the beginning.
     
  10. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi ummabbaas,

    Sality is indeed a bad infection. Best solution is to save only your data, format and reload the machine.
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/536986

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice