Jump to content

Viral Infection Trojan.zlob.i


marquess

Recommended Posts

I have picked up the above virus, and have spent the last three hours trying to get rid of it! Ran Norton's twice in the Safe Mode, with system monitors off. First time round, unable to Quaratine, then Unable to Delete! Ran it twice more, qurantined it, and then ran it again and it says that it is not there, but it still is.

The annoying thing is that, it keeps bringing up some Spyware Quake, software, that keeps reinstalling itself on my computer and in addition, the home page for the browser automatically sets itself to blank. Can anyone recommend any free software that will get rid of this virus, or recommend some other alternative. According to the net, the virus has only been around for about a week! Help greatly appreciated!

Link to comment
Share on other sites

I have picked up the above virus, and have spent the last three hours trying to get rid of it! Ran Norton's twice in the Safe Mode, with system monitors off. First time round, unable to Quaratine, then Unable to Delete! Ran it twice more, qurantined it, and then ran it again and it says that it is not there, but it still is.

The annoying thing is that, it keeps bringing up some Spyware Quake, software, that keeps reinstalling itself on my computer and in addition, the home page for the browser automatically sets itself to blank. Can anyone recommend any free software that will get rid of this virus, or recommend some other alternative. According to the net, the virus has only been around for about a week! Help greatly appreciated!

Have you try adaware or spybot search & destroy antispyware, it may show something that can remove it.

You may use online free virus scan by Panda activescan or Norton free virus scan http://www.pandasoftware.com/activescan/ac....asp?Language=2

http://security.symantec.com/sscv6/vc_abou...QAMUJBJI&bhcp=1

I'm no expert at pc but hope it may help a little bit.

Link to comment
Share on other sites

Try downloading Avast that has a boot scan facility, I have found this picks up most trojans as it runs before windows kicks in. You can download the free version from www.avast.com/.

Let me know if this works, they also have another programme for trojan worms only.

Link to comment
Share on other sites

I seem to have managed to get rid of the virus, by downloading Ewido Malware remover. Which seems to have done the trick. Though I have not been able to remove the SpyQuake software, it just seems to keep coming back. Despite me having used Norton's and the Add/Remove facility on the control panel, to remove it several times. Any suggestions as to how to remove that permanently? Also is it possible to back up the Windows Updates, just incase I need to do a complete scrub?

Link to comment
Share on other sites

hi marquess,try to use ewido antimalware here

www.ewido.net

a2squared free(search with google)

and change antivirus,nod32 is free trial 1 months and is fantastaic,after can decide if you buy or not,but is completely different from norton,efficient job,silent and so much light

if the problem persiste post your log of hijackthis

ciao :o

Link to comment
Share on other sites

Once you've got rid of this problem, you might spare a few thoughts on why you got the problem in the first place. You obviously don't have any decent, daily updated firewall, virus/spyware 'on-the-fly-detector' installed. There're several such things around. My recomandation goes for "Zonealarm Security Suite". I honestly don't know wether it is any better than what others might swear to, but it has kept my machinery safe and sound for years.

Link to comment
Share on other sites

Though I have not been able to remove the SpyQuake software, it just seems to keep coming back. Also is it possible to back up the Windows Updates, just incase I need to do a complete scrub?

Will you kindly skip the italics and color? It's annoying and might tempt me to give you bad advice that would result in an immediate, unconditional, uninterruptible reformat of your hard drive.

OK, first, turn off System Restore and then clean up your computer using something like Ccleaner:

http://www.ccleaner.com/downloadbin.asp?f=1

Also delete whatever's in c:\windows\prefetch\

Then try finding out what the SpyQuake process is using Process Explorer:

http://www.sysinternals.com/Utilities/ProcessExplorer.html

if you see what process it is, then kill it and try to delete its files.

See what all is starting up on your computer with Autoruns:

http://www.sysinternals.com/Utilities/Autoruns.html

Pay attention to the SharedTaskScheduler in the explorer section; you can find a list of baddies here:

http://castlecops.com/O22.html

I would just disable my Task Scheduler too, in services.msc.

Use autoruns to stop any questionable process etc. from starting up. You can check startup programs here:

http://castlecops.com/StartupList.html

As for your updates, you've already installed your them, so you can't save them. No matter; if you have to reinstall Windows, just reinstall all the updates at once with autopatcher:

http://www.autopatcher.com/ (careful to get the flavor appropriate for you)

But it's almost NEVER necessary to reinstall Windows. If all else fails, as a poster said, run HijackThis and post the log in one of the forums specializing in interpreting such logs.

Link to comment
Share on other sites

marquess - you have been around here long enough - turn off the blue and the pretty font - its <deleted> to read.

this site will give you the info on what the trojan has done to your system

http://www.symantec.com/avcenter/venc/data...jan.zlob.i.html

use your preferred anti virus when it says to use an anti virus

and stop using internet explorer - firefox does not expose you to so much of this <deleted> and is a much more efficient browser when you learn to use its tabs.

last week I had a machine brought to me with an insidious worm - bronstab - it took me a good 4-6 hours to remove as it would auto shutdown the machine if it detected certain conditions and it rewrote the etc/hosts file every 1 - 10 mins.

Link to comment
Share on other sites

marquess - you have been around here long enough - turn off the blue and the pretty font - its <deleted> to read.

Thanks to JSixpack and Stumonster with their comments about the font and colour that "Marquess" uses. It's not necessary and it is a bugger to read......'irritating' is the word.

Link to comment
Share on other sites

hi'

I noticed that some mention highjackthis, probably the only soft that can help you here, did you go to any antivirus site, and get a "cleaner' for this sh*t?

and if I were you, I would go for Bit Defender home edition version 9, the best!

francois

Link to comment
Share on other sites

Whilst I can delete it again and again and do all the virus scans that I like with various software. The problem is stopping it from coming back! I'm not an expert with it comes to messing around with the registery. I have downloaded JV16 Power tool, which can do all sorts of things to the registery, but have yet to locate the the Spyware Quake in the registry. Which seems to me to be the only way to permanently get rid of it! Everyone beware on this one, it is a damned nuisance.

My profound thanks to everyone for their help and comments so far. I will try the Hijack thing now, though to be honest I am growing wearying of this thing. So Francios, you don't think much of Panda then?

Link to comment
Share on other sites

http://www.merijn.org/files/hijackthis.zip

here you can download the last version of hijackthis

unzip the folder in some directory non temporany

document e settings it's ok

open the program and click in scan and save log

copy and paste thre log inside the forum here,so maybe somebody can help you

be careful what you fix,better search the process in the web before fix!!!

is not antispyware or antivirus

can recognize some process in background that giv to your pc problem and can fix it

after fix the malware process,better use regsseeker and ccleaner for clean registry and pc

goodluck and if you have some problem,post here before fix somethings!

ciao

Link to comment
Share on other sites

JSixpack basically has this nut.

try symantec and macaffe for specific removal tool may exist for trojans

delete all unecc programs and dump internet cahe and do sys clean up

download: spybot and adaware incl updates or do online - run them both

download: basic but decent registry cleaner (i dont know where the problem exists file or reg). do not edit the reg yourself.

reboot in safe and run spyware progs again

if you can access online internet go to trend-micro and run house call.

i would not recommend you do anything with your registry (!) except running a very basic program on it.

Link to comment
Share on other sites

I think that I might have goten rid of using Web Root Spy Sweeper, it took about 4 hours to do an indepth thorough scan. I have an annoying thing that occasionally flashes on the tool, bar saying that your computer might be affected. But the Spyware Quake seems to have gone! Once again thanks to everyone for their help help on this. One last question, has anyone purchased the Panda Titanium anti virus and anti spyware in Thailand? If so how and where for a genuine copy?

Link to comment
Share on other sites

I was able to get a legal copy of Panda A/V Titanium for 800baht at Future Park, Rangsit. It was at the IT store (top floor) above Central. I've also seen Panda at the book store in Rangsit Tesco-Lotus (across from Future Park). Hope this helps.

FR

Link to comment
Share on other sites

Thanks for the information Frodo! I am still having problems with that pest, so here is the log from my Hijack scan> Perhaps someone better versed in these matters, could tell me that needs to be removed?

Logfile of HijackThis v1.99.1

Scan saved at 8:52:06 AM, on 3/29/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\CTSvcCDA.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\apvxdwin.exe

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe

C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE

C:\WINDOWS\system32\S3tray2.exe

C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe

C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe

C:\Program Files\BIPAC-7000 ADSL USB Modem\CnxDslTb.exe

C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe

C:\PROGRA~1\NORTON~1\WINFAX\WFXSWTCH.exe

C:\WINDOWS\system32\wfxsnt40.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Spyware Doctor\swdoctor.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe

C:\Program Files\FinePixViewer\QuickDCF.exe

C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

C:\WINDOWS\system32\ntvdm.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Martyn\Local Settings\Temporary Internet Files\Content.IE5\Q9EZS7WP\hijackthis[1]\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/en-gb/srchasst/srchasst.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 200.142.97.102:80

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing)

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (file missing)

O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t

O4 - HKLM\..\Run: [s3TRAY2] S3tray2.exe

O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe

O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\BIPAC-7000 ADSL USB Modem\CnxDslTb.exe"

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~1\WINFAX\WFXSWTCH.exe

O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

O4 - HKLM\..\Run: [sysikg] c:\windows\system32\sysikg.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe

O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe

O4 - Global Startup: NaturalColorLoad.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {A5DC33CE-214B-4C26-8596-8A45456C9EB8} - http://activex.microsoft.com/objects/ocget.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{915689FD-CB08-4AD6-8F25-E75C71F22220}: NameServer = 203.144.207.49 203.144.207.29

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe

O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe

Link to comment
Share on other sites

Thanks for the information Frodo! I am still having problems with that pest, so here is the log from my Hijack scan> Perhaps someone better versed in these matters, could tell me that needs to be removed?

Logfile of HijackThis v1.99.1

Scan saved at 8:52:06 AM, on 3/29/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\CTSvcCDA.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe

C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe

C:\Program Files\Spyware Doctor\sdhelp.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\apvxdwin.exe

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe

C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE

C:\WINDOWS\system32\S3tray2.exe

C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe

C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe

C:\Program Files\BIPAC-7000 ADSL USB Modem\CnxDslTb.exe

C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe

C:\PROGRA~1\NORTON~1\WINFAX\WFXSWTCH.exe

C:\WINDOWS\system32\wfxsnt40.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Spyware Doctor\swdoctor.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe

C:\Program Files\FinePixViewer\QuickDCF.exe

C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

C:\WINDOWS\system32\ntvdm.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Martyn\Local Settings\Temporary Internet Files\Content.IE5\Q9EZS7WP\hijackthis[1]\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/en-gb/srchasst/srchasst.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 200.142.97.102:80

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing)

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (file missing)

O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t

O4 - HKLM\..\Run: [s3TRAY2] S3tray2.exe

O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe

O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\BIPAC-7000 ADSL USB Modem\CnxDslTb.exe"

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~1\WINFAX\WFXSWTCH.exe

O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

O4 - HKLM\..\Run: [sysikg] c:\windows\system32\sysikg.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe

O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe

O4 - Global Startup: NaturalColorLoad.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {A5DC33CE-214B-4C26-8596-8A45456C9EB8} - http://activex.microsoft.com/objects/ocget.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{915689FD-CB08-4AD6-8F25-E75C71F22220}: NameServer = 203.144.207.49 203.144.207.29

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe

O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe

hi'

first you don't need 2 antivirus, especialy wth norton!

you need to choose one or the other!

you can disable : java_jushed on sartup, go to control panel and in the java menu uncheck " check for update".

same for real player disable the update thing in the tolls menu/update.

this will be 2 less to load.

then uninstall spysweeper, it's useless and might be interfering in some other protection programs!

and from some source spysweeper could be a spyware by itself :D

then one line tells me that you must have an incorrect entry in the registry:

this one :

http://activex.microsoft.com/objects/ocget.dll

O17 -

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

you should not have : activex.microsoft, and this could some part of a malware ...

this seems supect to me, but I could be wrong ...

anyway, do as I said,and then reboot! and then get the tool for this pest

here : trojan zlob remover

take a look at the page download the tool and run it as indicated on the symantec site :o

francois

hoping that it will help a bit :D

Link to comment
Share on other sites

I dunno what this is:

O4 - HKLM\..\Run: [sysikg] c:\windows\system32\sysikg.exe

I suggest you at least remove it from your startup programs and see if that makes any difference.

As for the flashing tray icon, sounds like you have a variant of the smitfraud infection. The tool for removing that is this: http://www.bleepingcomputer.com/files/smitRem.php. In fact, even though your multiple virus proggies have eliminated most of the problem already, nevertheless it couldn't hurt to follow all the instructions for dealing specifically with SpywareQuake that you find here:

http://www.bleepingcomputer.com/forums/topic47826.html

which is a a site I just happened to run across today, otherwise of course I would have mentioned it earlier. It gives helpful instructions for using the smitRem tool.

Some forms of the "infected" tray icon start via the SharedTaskScheduler, this registry key:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler

and you can get at that key safely and conveniently in the explorer tab of the autoruns program I pointed you to earlier.

I suggest you stick to one good antivir and get rid of the others. In particular all that Norton stuff has just got to go. Ad-aware, Spybot S&D, and one antivir should be all you need in the way of scanners. For prevention, I suggest you use Spywareblaster and/or Hosts Secure. The latter you can find here: http://www.mvps.org/winhelp2002/hosts.htm. These help prevent the ads/popups that tempt you to install spyware in the first place.

Link to comment
Share on other sites

I dunno what this is:

O4 - HKLM\..\Run: [sysikg] c:\windows\system32\sysikg.exe

I suggest you at least remove it from your startup programs and see if that makes any difference.

As for the flashing tray icon, sounds like you have a variant of the smitfraud infection. The tool for removing that is this: http://www.bleepingcomputer.com/files/smitRem.php. In fact, even though your multiple virus proggies have eliminated most of the problem already, nevertheless it couldn't hurt to follow all the instructions for dealing specifically with SpywareQuake that you find here:

http://www.bleepingcomputer.com/forums/topic47826.html

which is a a site I just happened to run across today, otherwise of course I would have mentioned it earlier. It gives helpful instructions for using the smitRem tool.

Some forms of the "infected" tray icon start via the SharedTaskScheduler, this registry key:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler

and you can get at that key safely and conveniently in the explorer tab of the autoruns program I pointed you to earlier.

I suggest you stick to one good antivir and get rid of the others. In particular all that Norton stuff has just got to go. Ad-aware, Spybot S&D, and one antivir should be all you need in the way of scanners. For prevention, I suggest you use Spywareblaster and/or Hosts Secure. The latter you can find here: http://www.mvps.org/winhelp2002/hosts.htm. These help prevent the ads/popups that tempt you to install spyware in the first place.

Thanks! This seems to have worked, though rather strenuous to get rid of. Anyone see Spyquake Ware come up, AVOID IT LIKE THE PLAGUE!

Link to comment
Share on other sites

O4 - HKLM\..\Run: [sysikg] c:\windows\system32\sysikg.exe

unknown process in the web,and sospicious because stay in system32

so search in your pc yhis file show all hidden file,and upload this sysikg.exe here

http://virusscan.jotti.org/

and later here and control the results

http://www.virustotal.com/flash/index_en.html

i think proxywai is good for some reasons,but is not to safe and secure

and then,off course,francois say well about 2 antivirus very heavy like norton and panda cannot stay together,throw away norton and use panda because have also firewall

good luck

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...