Lowyat.NET > Virus infection to almost all EXE files

Full Version: Virus infection to almost all EXE files

Lowyat.NET > Computers > Technical Support

josephting

Jul 24 2008, 07:53 PM

Some of the EXE files are unable to be run after pc restarts.
This happens recently.

I have MapleSea installed and also have o2mania.
Suddenly, I can't run it. I don't know why.

For o2mania, the file size changes. From original 2.5MB -> 2.54MB
And when I run o2mania, it shows me a msg. (Refer to attachment, screenshot attached)
[attachmentid=538547]

While msea, it doesn't even run at all.
Tried running with shortcut and also direct MapleStory.exe in Msea directory.
Double click, and nothing happen.

If you need any other information, please ask.
Thank you and looking forward for help(s).

eXPeri3nc3

Jul 24 2008, 08:13 PM

Sounds to me that you're infected with PSW.Onlinegames.

Alright, a quick checkup. Please do the following:

Perform an online scan using Internet Explorer at this website - http://www.bitdefender.com/scan8/ie.html
Once finished, click on the Details button to view the results. To the upper right of the results you will see an option saying "Click here to export the scan results", please do so and save them to your desktop. Post the log of the scan results in your next reply.

Also, it would be helpful if you include a HijackThis log in your next reply.

Please download HijackThis from TrendMicro

After download the HJTInstall.exe from TrendMicro, please install the HijackThis, and run it after the installation.
Press on the Do a system scan and save a logfile.
Copy all the content of the log and paste in this thread.

josephting

Jul 24 2008, 10:31 PM

Report file is 1.52MB =.="
It seems like almost all of my files with EXE extension are infected. with Win32.Virtob

Anyway, here is hijackthislog.

CODE

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:47 PM, on 7/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: WebThunderBHO - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office 2007 Enterprise\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PicLens plug-in for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\DOCUME~1\TING\LOCALS~1\Temp\SSUPDATE.EXE Software\SUPERAntiSpyware.com\SUPERAntiSpyware
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google AdSense Preview Tool - [url=http://pagead2.googlesyndication.com/pagead/preview/en/preview.html]http://pagead2.googlesyndication.com/pagea...en/preview.html[/url]
O8 - Extra context menu item: Set As Messenger Live Display Picture - C:\Program Files\MSNShell\Bin\SetMSNDP.htm
O8 - Extra context menu item: 使用WEB迅雷下载 - C:\Program Files\Thunder Network\WebThunder\GetUrl.htm
O8 - Extra context menu item: 使用WEB迅雷下载全部链接 - C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ???ˉ??à×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: ???ˉ??à×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: ???ˉWEB??à× - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - [url=http://my.xunlei.com]http://my.xunlei.com[/url] (file missing)
O9 - Extra 'Tools' menuitem: ???ˉWEB??à× - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - [url=http://my.xunlei.com]http://my.xunlei.com[/url] (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - [url=http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab]http://www.worldwinner.com/games/v47/share...GamesLoader.cab[/url]
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - [url=http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab]http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab[/url]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - [url=http://www.worldwinner.com/games/v50/pool/pool.cab]http://www.worldwinner.com/games/v50/pool/pool.cab[/url]
O16 - DPF: {36A4B20A-2B75-4101-86CE-F9B03CA4B91C} (DownStarter Control) - [url=http://bgweb.clubbox.co.kr/bin/DownStarter.cab]http://bgweb.clubbox.co.kr/bin/DownStarter.cab[/url]
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - [url=https://www.e-games.com.my/com/EGamesPlugin.cab]https://www.e-games.com.my/com/EGamesPlugin.cab[/url]
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - [url=http://www.windowsvistatestdrive.com/ActiveX/VMRCActiveXClient1.cab]http://www.windowsvistatestdrive.com/Activ...iveXClient1.cab[/url]
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - [url=http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab]http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab[/url]
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - [url=http://messenger.zone.msn.com/EN-MY/a-UNO1/GAME_UNO1.cab]http://messenger.zone.msn.com/EN-MY/a-UNO1/GAME_UNO1.cab[/url]
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - [url=http://download.bitdefender.com/resources/scan8/oscan8.cab]http://download.bitdefender.com/resources/scan8/oscan8.cab[/url]
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - [url=http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab]http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab[/url]
O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} (SpiderSolitaire Control) - [url=http://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab]http://www.worldwinner.com/games/v56/spide...ersolitaire.cab[/url]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url=http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177931229421]http://update.microsoft.com/microsoftupdat...b?1177931229421[/url]
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - [url=http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab]http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab[/url]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url=http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179923733843]http://www.update.microsoft.com/microsoftu...b?1179923733843[/url]
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - [url=http://www.worldwinner.com/games/shared/wwlaunch.cab]http://www.worldwinner.com/games/shared/wwlaunch.cab[/url]
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [url=http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab]http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab[/url]
O16 - DPF: {EC824758-3CF5-4C32-BF22-D88413B45EFE} (O2runner Control) - [url=http://o2jam.o2jam.com/ActiveX/o2runner.cab]http://o2jam.o2jam.com/ActiveX/o2runner.cab[/url]
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - [url=http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab]http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{41B549AB-078C-401B-AA8A-C37B97B0F2A8}: NameServer = 202.188.0.133 202.188.1.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{9183162E-D52E-4983-8EE1-7DF29C20BB5E}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB357D33-D883-4213-B517-253F91F47D41}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{41B549AB-078C-401B-AA8A-C37B97B0F2A8}: NameServer = 202.188.0.133 202.188.1.5
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files\Microsoft Office 2007 Enterprise\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: ??P,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Group\Apache2\bin\Apache.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: FireDaemon Service: BprotectService (BprotectService) - Sublime Solutions Pty Ltd - C:\Program Files\FireDaemon\FireDaemon.exe
O23 - Service: EasyHideIP - Unknown owner - C:\Program Files\Easy-Hide-IP\services\EasyHideIp.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySQL41 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: MySQL5 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

--
End of file - 16516 bytes

tan_pang

Jul 24 2008, 11:23 PM

Win32.Virtob
another name is Virut...

Try use Kaspersky to scan your PC in safe mode first

josephting

Jul 24 2008, 11:32 PM

I don't have any anti-virus installed in my pc... lolz

But I will do it asap.

TristanX

Jul 24 2008, 11:34 PM

You gotta get one and install. There are trials for you to use.

http://www.kaspersky.com/trials

Don't forget to update before you restart for safe mode.

cry4freedom

Jul 24 2008, 11:51 PM

If u don't have antivirus, it's better to login the PC in guest mode and switch to Admin whenever installation is needed.

tan_pang

Jul 24 2008, 11:57 PM

QUOTE(josephting @ Jul 24 2008, 11:32 PM)

I don't have any anti-virus installed in my pc... lolz

But I will do it asap.

I thought you already have Kaspersky Internet Security 2009???
Use that to scan in safe mode, and FIX or DISINFECT every files that infected

If it cannot be fixed or disinfect, then remove it.

AHBOON

Jul 25 2008, 12:02 AM

i got this virus b4. try to clean but in the end.. all the exe file become unusable, so, better pray hard dude, i delete almost every application, left those zip files...:cry

TristanX

Jul 25 2008, 12:04 AM

Same here. It was hell for me when I got this virus last year. Had to use a recovery CD just to make sure it is clean.

josephting

Jul 25 2008, 01:07 AM

Oww.. this doesn't sound nice. Gonna say hi to reformat =.="

If possible I don't want to meet reformat... lolz

TristanX

Jul 25 2008, 01:38 AM

Backup your data. Try cleaning the virus on safe mode and restart. If your windows still works, scan again to make sure your system is clean. If your windows is screwed up, do a repair install from your windows installation CD. If nothing works, you have to reformat.

If possible, make a recovery CD using kaspersky but only when your system is clean. It requires pebuilder installed and a copy of your windows xp installation cd in a folder of your hard disk(copy it to a folder from your cd using explorer). You can get pebuilder from http://www.nu2.nu/pebuilder/ .It's best to have a recovery CD because when you power off and power back on, the virus is not in the memory and you can clean all the known viruses in one go.

muhaiymin

Jul 25 2008, 01:41 AM

i think u just have to reformat
seems like there's no way out of this

just from my experience

tan_pang

Jul 25 2008, 02:10 AM

QUOTE(josephting @ Jul 25 2008, 01:07 AM)

Oww.. this doesn't sound nice. Gonna say hi to reformat =.="

If possible I don't want to meet reformat... lolz

If your anti-virus and Windows files are also infected, then really have to reformat.
When you backup data, do NOT backup any files with .exe or .scr extension...

This is like an AIDS for computer when it have been discovered on last year...
but google somewhere and they said they able to remove it by their anti-virus...

Or before reformat, you still can try the AVG Virut removal tools...

eXPeri3nc3

Jul 25 2008, 02:54 AM

Spot on, that pesky Virut. = =|||

One of the lineage family laaa. >"<

Anyway, I would suggest you to do a backup and CLEAN format, reinstall windows.

Do not backup anything besides documents and pictures. Forget about zip files as they might have been altered / appended with virus too.

tan_pang

Jul 25 2008, 05:25 PM

QUOTE(eXPeri3nc3 @ Jul 25 2008, 02:54 AM)

Spot on, that pesky Virut. = =|||

One of the lineage family laaa. >"<

Anyway, I would suggest you to do a backup and CLEAN format, reinstall windows.

Do not backup anything besides documents and pictures. Forget about zip files as they might have been altered / appended with virus too.

Oh ya... you have remind me about the ZIPped file...

Virut is one of the few virus infection that can infect compressed folder...
Do not backup zipped folder with .exe or .scr extension inside.

cavern

Jul 25 2008, 06:17 PM

just scan using kaspersky...wasting time to reformat...

AHBOON

Jul 25 2008, 06:26 PM

QUOTE(tan_pang @ Jul 25 2008, 05:25 PM)

Oh ya... you have remind me about the ZIPped file...

Virut is one of the few virus infection that can infect compressed folder...
Do not backup zipped folder with .exe or .scr extension inside.

but mine's ok, some exe of mine i zip it using wnrar , mungking i rar it instead of zip it so mine not effected?
however ,scanning using all those antivirus also useless, still need to reformat eventualy

josephting

Jul 25 2008, 09:24 PM

Don't like to reformat though.
It's just so troublesome to reinstall all of my software all over again.
I have tons of software installed and some of the installer has gone and I'm using it frequently. So, I'm not decided to reformat.

mryellow19

Jul 25 2008, 11:08 PM

QUOTE(josephting @ Jul 25 2008, 09:24 PM)

If you decide not to format then you can try what tan_pang has said, AVG Virut Removal Tool. But it would still be best to backup and format as you may not know to what extent the removal tool will be able to disinfect the infection.

josephting

Jul 25 2008, 11:30 PM

Thanks for your suggestion.
I guess I'm going to format but not now.

Use the virus removal tool to tahan for a while first

Let me backup slowly and have a format >_<

Hope removal tool can skip the formatting.

eXPeri3nc3

Jul 26 2008, 12:19 AM

Seriously, with your scanlog at 1.5MB, I prefer to reformat even though it might be troublesome.

josephting

Jul 26 2008, 09:08 AM

It's like no problem for me already.
Can start mania and msea properly even after restart.

Virut no longer infecting those files.

It should be okay if I have Kaspersky Internet Security 8 monitoring my pc right?

riku2replica

Jul 26 2008, 10:07 AM

extra advice, for precaution better try some free antivirus and do a deep scan. And spyware too.

josephting

Jul 26 2008, 10:08 AM

I have those software and I did already.
There's no spyware, just some tracking cookies. lolz

As well as superantispyware, scanned and no problem.

riku2replica

Jul 26 2008, 10:09 AM

well glad that those virus didn't mess up ur windows folder....

josephting

Jul 26 2008, 10:10 AM

Ya. Thank god. lolz
I think everything is okay right now.
Maybe the stupid virut is just hiding some where? @@

eXPeri3nc3

Jul 26 2008, 11:34 AM

QUOTE(josephting @ Jul 26 2008, 09:08 AM)

It's like no problem for me already.
Can start mania and msea properly even after restart.

Virut no longer infecting those files.

It should be okay if I have Kaspersky Internet Security 8 monitoring my pc right?

I see. You better do various online scans to ensure that it's no longer in your system.

josephting

Aug 7 2008, 08:48 PM

So far I have no problem anymore.
And I have Kaspersky protecting my pc.
Thanks Kaspersky and your suggestion.

- Topic Closed -

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.