1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

wini10801.exe dreaded "Your Computer is Infected" Help!!!

Discussion in 'Virus & Other Malware Removal' started by shadowzreloaded, Oct 25, 2008.

Thread Status:
Not open for further replies.
  1. shadowzreloaded

    shadowzreloaded Thread Starter

    Joined:
    Oct 25, 2008
    Messages:
    1
    Yesterday, I was browsing causually, I cant remember which site I was on. Anyway, A window Came up, a genuine firewall window, "Firewall is Blocking Certain Aspects of Svchost.exe. Keep Blocking?" As i thought scvhost must have been corrupted or something, i clicked on Keep Blocking.

    Immediately, my computer just restarted, and when i turned my computer on, I got a dodgy message about "Your Computer is Infected! You Spyware!" or something along those lines. There was a red X Which was somewhat different than my Usually Icon As i have a vista iconpack mod ( im sure this is not the cause). The Red X would be shiny usual, but this time it wasnt. I read the message and there were many grammar and spelling mistakes such as "pervent" instead of "prevent" etc. Also, my Internet Explorer, not my Firefox hompage, had been changed to Google from something else.

    I was offline and I was sure nothing could happen, so i clicked it and the download window came up, but the fake antispyware couldnt download. I traced the process using Task Manager and came up with the result "wini10801.exe" I then did a search for it, after ending its process tree, and found it in the system32 dir, where i scanned it and moved it to AVG Virus Vault. I have worked out some of the anatomy of the virus. "brastk.exe" is loaded at startup causing the message to appear and "wini10801.exe" is the downloader and installer. The rest of the corrupted files are for the internet browser corruption.

    A side affect of this is that some websites like windowsupdate and avgupdate are denied, i've checkd my firewall and all its exceptions and i've checked Internet Explorer, and firefoxs blocked lists, but i cannot find a way to unblock these. Also, i get directed to random sites advertising fake antispware, and other dodgey sites, ( i am accessing this via safemode with networking).

    Through safemode, i did an online scan, which found many threats such as "brastk.exe" "av.bat" "wini10801.exe". All of these threats i cleaned and moved them to the VIrus Vault, where i have managed to get rid of the messages and all process (i got rid of the X, by going into msconfig startup and removing "brastk" from the list. All the visuall aspects of my problem are removed by me, including the registry keys, but i am still experiencing problems with my internet connection, and redirected to sites, which work perfectly in safe mode.

    Due to this, I believe that the Virus/ Fake antispyware trojan, is still lingering somewhere in my computer, or the affter affects of it. I have racked my brains, and i cannot thing of anything to do so i await your help, I have downloaded HiJackThis, but i am unsure how to post a log, as i am new to help forums (usually i fix the malware myself, but this remnant is very stubborn and resistant).

    Awaiting your Help,


    ~SHADOWZ

    |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
    ||||||||||||||| || || || || ||| || | ||||||||||||||||||||||||
    ||||||||||||||| || ||| ||| ^ || ||||| |||||||||||||||||||||||||
    ||||||||||||||| || || || ||| || ||| || | ||||||||||||||||||||||||
    ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

    --------------HIJACK-LOG-BELOW --------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 10:38:15, on 25/10/2008
    Platform: Windows XP SP3 (WinNT

    5.01.2600)
    MSIE: Internet Explorer v7.00

    (7.00.6000.16735)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Mozilla

    Firefox\firefox.exe
    C:\Documents and

    Settings\Luizinha\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet

    Explorer\Main,Default_Page_URL =

    http://go.microsoft.com/fwlink/?LinkId=6915

    7
    R1 - HKCU\Software\Microsoft\Internet

    Connection Wizard,ShellNext =

    http://www.yahoo.co.uk/
    R3 - URLSearchHook: Yahoo! ¤u¨ã¦C -

    {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

    C:\PROGRA~1\Yahoo!\Companion\Installs\c

    pn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper -

    {02478D38-C3F9-4efb-9B51-7695ECA05670} -

    C:\PROGRA~1\Yahoo!\Companion\Installs\c

    pn\yt.dll
    O3 - Toolbar: Yahoo! ¤u¨ã¦C -

    {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

    C:\PROGRA~1\Yahoo!\Companion\Installs\c

    pn\yt.dll
    O4 - HKLM\..\Run: [SpeedTouch USB

    Diagnostics] "C:\Program

    Files\Thomson\SpeedTouch

    USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [WorksFUD]

    C:\Program Files\Microsoft

    Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works

    Portfolio] C:\Program Files\Microsoft

    Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works

    Update Detection] C:\Program

    Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed

    Launcher] "C:\Program Files\Adobe\Reader

    8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NvCplDaemon]

    RUNDLL32.EXE

    C:\WINDOWS\system32\NvCpl.dll,NvStartu

    p
    O4 - HKLM\..\Run: [NvMediaCenter]

    RUNDLL32.EXE

    C:\WINDOWS\system32\NvMcTray.dll,NvT

    askbarInit
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program

    Files\Common

    Files\Real\Update_OB\realsched.exe"

    -osboot
    O4 - HKLM\..\Run: [AVG8_TRAY]

    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched]

    "C:\Program

    Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task]

    "C:\Program Files\QuickTime\QTTask.exe"

    -atboottime
    O4 - HKLM\..\Run: [LVCOMSX]

    C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair]

    C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray]

    C:\Program

    Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [SiSUSBRG]

    C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [LTSMMSG]

    LTSMMSG.exe
    O4 - HKLM\..\Run: [ezShieldProtector for

    Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [AGRSMMSG]

    AGRSMMSG.exe
    O4 - HKCU\..\Run: [ctfmon.exe]

    C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager]

    "C:\Program

    Files\Yahoo!\Messenger\YahooMessenger.exe

    " -quiet
    O4 - HKCU\..\Run: [Google Update]

    "C:\Documents and Settings\Luizinha\Local

    Settings\Application

    Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [AdobeUpdater]

    C:\Program Files\Common

    Files\Adobe\Updater5\AdobeUpdater.exe
    O4 - HKCU\..\Run: [LDM] C:\Program

    Files\Logitech\Desktop

    Messenger\8876480\Program\BackWeb-8876

    480.exe
    O4 - HKCU\..\Run:

    [LogitechSoftwareUpdate] "C:\Program

    Files\Logitech\Video\ManifestEngine.exe"

    boot
    O4 - HKCU\..\Run: [SVCHOST.EXE]

    C:\WINDOWS\system32\drivers\svchost.exe
    O4 - Global Startup: Adobe Gamma

    Loader.exe.lnk = C:\Program Files\Common

    Files\Adobe\Calibration\Adobe Gamma

    Loader.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Logitech Desktop

    Messenger.lnk = C:\Program

    Files\Logitech\Desktop

    Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Works

    Calendar Reminders.lnk = ?
    O4 - Global Startup: VAIO Action Setup

    (Server).lnk = ?
    O8 - Extra context menu item: &Download

    All with FlashGet - C:\Program

    Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Download

    with FlashGet - C:\Program

    Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xport to

    Microsoft Excel -

    res://C:\PROGRA~1\MICROS~2\OFFICE11\EX

    CEL.EXE/3000
    O8 - Extra context menu item: Sothink SWF

    Catcher - C:\Program Files\Common

    Files\SourceTec\SWF

    Catcher\InternetExplorer.htm
    O9 - Extra button: Run WinHTTrack -

    {36ECAF82-3300-8F84-092E-AFF36D6C7040}

    - C:\Program

    Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch

    WinHTTrack -

    {36ECAF82-3300-8F84-092E-AFF36D6C7040}

    - C:\Program

    Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Yahoo! Services -

    {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A789

    7} - C:\Program

    Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research -

    {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

    C:\PROGRA~1\MICROS~2\OFFICE11\REFIEB

    AR.DLL
    O9 - Extra button: FlashGet -

    {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -

    C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet -

    {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -

    C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: Sothink SWF Catcher -

    {E19ADC6E-3909-43E4-9A89-B7B676377EE3} -

    C:\Program Files\Common

    Files\SourceTec\SWF

    Catcher\InternetExplorer.htm
    O9 - Extra 'Tools' menuitem: Sothink SWF

    Catcher -

    {E19ADC6E-3909-43E4-9A89-B7B676377EE3} -

    C:\Program Files\Common

    Files\SourceTec\SWF

    Catcher\InternetExplorer.htm
    O9 - Extra button: (no name) -

    {e2e2dd38-d088-4134-82b7-f2ba38496583} -

    %windir%\Network

    Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem:

    @xpsp3res.dll,-20001 -

    {e2e2dd38-d088-4134-82b7-f2ba38496583} -

    %windir%\Network

    Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows

    Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL]

    International*
    O12 - Plugin for .spop: C:\Program

    Files\Internet

    Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF:

    START_PAGE_URL=http://www.club-vaio.s

    ony-europe.com
    O15 - Trusted Zone: *.sony-europe.com
    O15 - Trusted Zone: *.sonystyle-europe.com
    O15 - Trusted Zone: *.vaio-link.com
    O16 - DPF:

    {1239CC52-59EF-4DFA-8C61-90FFA846DF7E}

    (Musicnotes Viewer) -

    http://www.musicnotes.com/download/mnv

    iewer.cab
    O16 - DPF:

    {215B8138-A3CF-44C5-803F-8226143CFC0A}

    (Trend Micro ActiveX Scan Agent 6.6) -

    http://housecall65.trendmicro.com/housecall

    /applet/html/native/x86/win32/activex/hcI

    mpl.cab
    O16 - DPF:

    {238F6F83-B8B4-11CF-8771-00A024541EE3}

    (Citrix ICA Client) -

    http://a516.g.akamai.net/f/516/25175/7d/run

    aware.download.akamai.com/25175/citrix/w

    ficat-no-eula.cab
    O16 - DPF:

    {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8

    } (ActiveScan 2.0 Installer Class) -

    http://acs.pandasoftware.com/activescan/ca

    bs/as2stubie.cab
    O16 - DPF:

    {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}

    (Installation Support) - C:\Program

    Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF:

    {4EFA317A-8569-4788-B175-5BAF9731A549}

    (Microsoft Virtual Server VMRC Advanced

    Control) -

    http://www.windowsvistatestdrive.com/Act

    iveX/VMRCActiveXClient1.cab
    O16 - DPF:

    {6414512B-B978-451D-A0D8-FCFDF33E833C}

    (WUWebControl Class) -

    http://update.microsoft.com/windowsupdate

    /v6/V5Controls/en/x86/client/wuweb_site.ca

    b?1196111463330
    O16 - DPF:

    {67DABFBF-D0AB-41FA-9C46-CC0F21721616}

    (DivXBrowserPlugin Object) -

    http://download.divx.com/player/DivXBro

    wserPlugin.cab
    O16 - DPF:

    {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

    (MUWebControl Class) -

    http://www.update.microsoft.com/microsoft

    update/v6/V5Controls/en/x86/client/muweb

    _site.cab?1202660852000
    O16 - DPF:

    {A8F2B9BD-A6A0-486A-9744-18920D898429

    } (ScorchPlugin Class) -

    http://www.sibelius.com/download/software

    /win/ActiveXPlugin.cab
    O16 - DPF:

    {D4323BF2-006A-4440-A2F5-27E3E7AB25F8}

    (Virtools WebPlayer Class) -

    http://a532.g.akamai.net/f/532/6712/5m/virt

    ools.download.akamai.com/6712/player/insta

    ll/installer.exe
    O18 - Protocol: linkscanner -

    {F274614C-63F8-47D5-A4D1-FBDDE494F8D1

    } - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: ms-help -

    {314111C7-A502-11D2-BBCA-00C04F8EC294} -

    C:\Program Files\Common Files\Microsoft

    Shared\Help\hxds.dll
    O20 - AppInit_DLLs: karna.dat
    O20 - Winlogon Notify: dimsntfy -

    %SystemRoot%\System32\dimsntfy.dll (file

    missing)
    O21 - SSODL: WPDShServiceObj -

    {AAA288BA-9A4C-45B0-95D7-94D524869DB

    5} -

    C:\WINDOWS\system32\WPDShServiceObj.d

    ll
    O23 - Service: AVG Free8 WatchDog

    (avg8wd) - AVG Technologies CZ, s.r.o. -

    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Belkin Wireless USB Network

    Adapter (Belkin Wireless USB Network

    Adapter Service) - Unknown owner -

    C:\Program Files\Belkin\Belkin Wireless

    Network Utility\WLService.exe
    O23 - Service: Google Updater Service (gusvc)

    - Google - C:\Program

    Files\Google\Common\Google

    Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter

    (JavaQuickStarterService) - Unknown owner

    - C:\Program Files\Java\jre6\bin\jqs.exe"

    -service -config "C:\Program

    Files\Java\jre6\lib\deploy\jqs\jqs.conf (file

    missing)
    O23 - Service: NVIDIA Display Driver

    Service (NVSvc) - NVIDIA Corporation -

    C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP -

    C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner -

    C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner -

    C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: Sony SPTI Service (SPTISRV) -

    Sony Corporation -

    C:\PROGRA~1\COMMON~1\SONYSH~1\AVL

    ib\Sptisrv.exe
    O23 - Service: Windows Defender

    (WinDefend) - Unknown owner - C:\Program

    Files\Windows Defender\MsMpEng.exe (file

    missing)
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/762554

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice