Lowyat.NET -> Virus infection to almost all EXE files

Lowyat.NET Lowyat.NET Rules and Regulations

FAQ Help Search Members Calendar

Welcome Guest ( Log In | Register )

Kopitiam Ops in progress - Trolls be warned.

Lowyat.NET -> Computers -> Technical Support

2 Pages 1 2 >

Closed Topic

Start new topic

Start Poll

Outline · [ Standard ] · Linear+

Virus infection to almost all EXE files, Win32.Virut (Virus/Malware)

Track this topic | Email this topic | Print this topic

josephting	Jul 24 2008, 07:53 PM Show posts by this member only \| Post #1
Newbie Group: Junior Member Posts: 48 Joined: March 2006 From: Selayang	Some of the EXE files are unable to be run after pc restarts. This happens recently. I have MapleSea installed and also have o2mania. Suddenly, I can't run it. I don't know why. For o2mania, the file size changes. From original 2.5MB -> 2.54MB And when I run o2mania, it shows me a msg. (Refer to attachment, screenshot attached) While msea, it doesn't even run at all. Tried running with shortcut and also direct MapleStory.exe in Msea directory. Double click, and nothing happen. If you need any other information, please ask. Thank you and looking forward for help(s). This post has been edited by josephting: Jul 25 2008, 11:33 PM

eXPeri3nc3	Jul 24 2008, 08:13 PM Show posts by this member only \| Post #2
:: pɹɐzıɐʌ :: Group: Senior Member Posts: 7,677 Joined: August 2005 From: Lurking In The Forum Status: 1+3+3=7	Sounds to me that you're infected with PSW.Onlinegames. Alright, a quick checkup. Please do the following: Perform an online scan using Internet Explorer at this website - http://www.bitdefender.com/scan8/ie.html Once finished, click on the Details button to view the results. To the upper right of the results you will see an option saying "Click here to export the scan results", please do so and save them to your desktop. Post the log of the scan results in your next reply. Also, it would be helpful if you include a HijackThis log in your next reply. Please download HijackThis from TrendMicro After download the HJTInstall.exe from TrendMicro, please install the HijackThis, and run it after the installation. Press on the Do a system scan and save a logfile. Copy all the content of the log and paste in this thread. This post has been edited by eXPeri3nc3: Jul 24 2008, 08:13 PM

josephting	Jul 24 2008, 10:31 PM Show posts by this member only \| Post #3
Newbie Group: Junior Member Posts: 48 Joined: March 2006 From: Selayang	Report file is 1.52MB =.=" It seems like almost all of my files with EXE extension are infected. with Win32.Virtob Anyway, here is hijackthislog. CODE Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:31:47 PM, on 7/24/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\UPHClean\uphclean.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\Program Files\HijackThis\HijackThis.exe O2 - BHO: WebThunderBHO - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office 2007 Enterprise\Office12\GrooveShellExtensions.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: PicLens plug-in for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\DOCUME~1\TING\LOCALS~1\Temp\SSUPDATE.EXE Software\SUPERAntiSpyware.com\SUPERAntiSpyware O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google AdSense Preview Tool - [url=http://pagead2.googlesyndication.com/pagead/preview/en/preview.html]http://pagead2.googlesyndication.com/pagea...en/preview.html[/url] O8 - Extra context menu item: Set As Messenger Live Display Picture - C:\Program Files\MSNShell\Bin\SetMSNDP.htm O8 - Extra context menu item: 使用WEB迅雷下载 - C:\Program Files\Thunder Network\WebThunder\GetUrl.htm O8 - Extra context menu item: 使用WEB迅雷下载全部链接 - C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: ???ˉ??à×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe O9 - Extra 'Tools' menuitem: ???ˉ??à×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {85e1f530-48f4-11d9-9629-08ff2ffc9f67} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: ???ˉWEB??à× - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - [url=http://my.xunlei.com]http://my.xunlei.com[/url] (file missing) O9 - Extra 'Tools' menuitem: ???ˉWEB??à× - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - [url=http://my.xunlei.com]http://my.xunlei.com[/url] (file missing) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - ESC Trusted Zone: http://.update.microsoft.com O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - [url=http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab]http://www.worldwinner.com/games/v47/share...GamesLoader.cab[/url] O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - [url=http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab]http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab[/url] O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - [url=http://www.worldwinner.com/games/v50/pool/pool.cab]http://www.worldwinner.com/games/v50/pool/pool.cab[/url] O16 - DPF: {36A4B20A-2B75-4101-86CE-F9B03CA4B91C} (DownStarter Control) - [url=http://bgweb.clubbox.co.kr/bin/DownStarter.cab]http://bgweb.clubbox.co.kr/bin/DownStarter.cab[/url] O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - [url=https://www.e-games.com.my/com/EGamesPlugin.cab]https://www.e-games.com.my/com/EGamesPlugin.cab[/url] O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - [url=http://www.windowsvistatestdrive.com/ActiveX/VMRCActiveXClient1.cab]http://www.windowsvistatestdrive.com/Activ...iveXClient1.cab[/url] O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - [url=http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab]http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab[/url] O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - [url=http://messenger.zone.msn.com/EN-MY/a-UNO1/GAME_UNO1.cab]http://messenger.zone.msn.com/EN-MY/a-UNO1/GAME_UNO1.cab[/url] O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - [url=http://download.bitdefender.com/resources/scan8/oscan8.cab]http://download.bitdefender.com/resources/scan8/oscan8.cab[/url] O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - [url=http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab]http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab[/url] O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} (SpiderSolitaire Control) - [url=http://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab]http://www.worldwinner.com/games/v56/spide...ersolitaire.cab[/url] O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url=http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177931229421]http://update.microsoft.com/microsoftupdat...b?1177931229421[/url] O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - [url=http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab]http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab[/url] O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url=http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179923733843]http://www.update.microsoft.com/microsoftu...b?1179923733843[/url] O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - [url=http://www.worldwinner.com/games/shared/wwlaunch.cab]http://www.worldwinner.com/games/shared/wwlaunch.cab[/url] O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [url=http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab]http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab[/url] O16 - DPF: {EC824758-3CF5-4C32-BF22-D88413B45EFE} (O2runner Control) - [url=http://o2jam.o2jam.com/ActiveX/o2runner.cab]http://o2jam.o2jam.com/ActiveX/o2runner.cab[/url] O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - [url=http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab]http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab[/url] O17 - HKLM\System\CCS\Services\Tcpip\..\{41B549AB-078C-401B-AA8A-C37B97B0F2A8}: NameServer = 202.188.0.133 202.188.1.5 O17 - HKLM\System\CCS\Services\Tcpip\..\{9183162E-D52E-4983-8EE1-7DF29C20BB5E}: NameServer = 202.188.0.133,202.188.1.5 O17 - HKLM\System\CCS\Services\Tcpip\..\{CB357D33-D883-4213-B517-253F91F47D41}: NameServer = 202.188.0.133,202.188.1.5 O17 - HKLM\System\CS1\Services\Tcpip\..\{41B549AB-078C-401B-AA8A-C37B97B0F2A8}: NameServer = 202.188.0.133 202.188.1.5 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files\Microsoft Office 2007 Enterprise\Office12\GrooveSystemServices.dll O20 - AppInit_DLLs: ??P,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Group\Apache2\bin\Apache.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: FireDaemon Service: BprotectService (BprotectService) - Sublime Solutions Pty Ltd - C:\Program Files\FireDaemon\FireDaemon.exe O23 - Service: EasyHideIP - Unknown owner - C:\Program Files\Easy-Hide-IP\services\EasyHideIp.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MySQL41 - Unknown owner - C:\Program.exe (file missing) O23 - Service: MySQL5 - Unknown owner - C:\Program.exe (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe -- End of file - 16516 bytes This post has been edited by josephting*: Jul 24 2008, 10:32 PM

tan_pang	Jul 24 2008, 11:23 PM Show posts by this member only \| Post #4
Look at all my stars!! Group: Senior Member Posts: 2,911 Joined: June 2005	Win32.Virtob another name is Virut... Try use Kaspersky to scan your PC in safe mode first

josephting	Jul 24 2008, 11:32 PM Show posts by this member only \| Post #5
Newbie Group: Junior Member Posts: 48 Joined: March 2006 From: Selayang	I don't have any anti-virus installed in my pc... lolz But I will do it asap. This post has been edited by josephting: Jul 24 2008, 11:33 PM

TristanX	Jul 24 2008, 11:34 PM Show posts by this member only \| Post #6
Enthusiast Group: Senior Member Posts: 895 Joined: November 2004 From: Setapak, Kuala Lumpur	You gotta get one and install. There are trials for you to use. http://www.kaspersky.com/trials Don't forget to update before you restart for safe mode. This post has been edited by TristanX: Jul 24 2008, 11:36 PM

cry4freedom	Jul 24 2008, 11:51 PM Show posts by this member only \| Post #7
The Intimidation Personified Group: Senior Member Posts: 640 Joined: May 2005 From: Omicron Persei VIII	If u don't have antivirus, it's better to login the PC in guest mode and switch to Admin whenever installation is needed.

tan_pang	Jul 24 2008, 11:57 PM Show posts by this member only \| Post #8
Look at all my stars!! Group: Senior Member Posts: 2,911 Joined: June 2005	QUOTE(josephting @ Jul 24 2008, 11:32 PM) I don't have any anti-virus installed in my pc... lolz But I will do it asap. I thought you already have Kaspersky Internet Security 2009??? Use that to scan in safe mode, and FIX or DISINFECT every files that infected If it cannot be fixed or disinfect, then remove it.

AHBOON	Jul 25 2008, 12:02 AM Show posts by this member only \| Post #9
Freak Group: Senior Member Posts: 1,118 Joined: January 2003	i got this virus b4. try to clean but in the end.. all the exe file become unusable, so, better pray hard dude, i delete almost every application, left those zip files...:cry

TristanX	Jul 25 2008, 12:04 AM Show posts by this member only \| Post #10
Enthusiast Group: Senior Member Posts: 895 Joined: November 2004 From: Setapak, Kuala Lumpur	Same here. It was hell for me when I got this virus last year. Had to use a recovery CD just to make sure it is clean.

josephting	Jul 25 2008, 01:07 AM Show posts by this member only \| Post #11
Newbie Group: Junior Member Posts: 48 Joined: March 2006 From: Selayang	Oww.. this doesn't sound nice. Gonna say hi to reformat =.=" If possible I don't want to meet reformat... lolz This post has been edited by josephting: Jul 25 2008, 01:07 AM

TristanX	Jul 25 2008, 01:38 AM Show posts by this member only \| Post #12
Enthusiast Group: Senior Member Posts: 895 Joined: November 2004 From: Setapak, Kuala Lumpur	Backup your data. Try cleaning the virus on safe mode and restart. If your windows still works, scan again to make sure your system is clean. If your windows is screwed up, do a repair install from your windows installation CD. If nothing works, you have to reformat. If possible, make a recovery CD using kaspersky but only when your system is clean. It requires pebuilder installed and a copy of your windows xp installation cd in a folder of your hard disk(copy it to a folder from your cd using explorer). You can get pebuilder from http://www.nu2.nu/pebuilder/ .It's best to have a recovery CD because when you power off and power back on, the virus is not in the memory and you can clean all the known viruses in one go. This post has been edited by TristanX: Jul 25 2008, 02:25 AM

muhaiymin	Jul 25 2008, 01:41 AM Show posts by this member only \| Post #13
Newbie Group: Junior Member Posts: 26 Joined: April 2006	i think u just have to reformat seems like there's no way out of this just from my experience

tan_pang	Jul 25 2008, 02:10 AM Show posts by this member only \| Post #14
Look at all my stars!! Group: Senior Member Posts: 2,911 Joined: June 2005	QUOTE(josephting @ Jul 25 2008, 01:07 AM) Oww.. this doesn't sound nice. Gonna say hi to reformat =.=" If possible I don't want to meet reformat... lolz If your anti-virus and Windows files are also infected, then really have to reformat. When you backup data, do NOT backup any files with .exe or .scr extension... This is like an AIDS for computer when it have been discovered on last year... but google somewhere and they said they able to remove it by their anti-virus... Or before reformat, you still can try the AVG Virut removal tools...

eXPeri3nc3	Jul 25 2008, 02:54 AM Show posts by this member only \| Post #15
:: pɹɐzıɐʌ :: Group: Senior Member Posts: 7,677 Joined: August 2005 From: Lurking In The Forum Status: 1+3+3=7	Spot on, that pesky Virut. = =\|\|\| One of the lineage family laaa. >"< Anyway, I would suggest you to do a backup and CLEAN format, reinstall windows. Do not backup anything besides documents and pictures. Forget about zip files as they might have been altered / appended with virus too.

tan_pang	Jul 25 2008, 05:25 PM Show posts by this member only \| Post #16
Look at all my stars!! Group: Senior Member Posts: 2,911 Joined: June 2005	QUOTE(eXPeri3nc3 @ Jul 25 2008, 02:54 AM) Spot on, that pesky Virut. = =\|\|\| One of the lineage family laaa. >"< Anyway, I would suggest you to do a backup and CLEAN format, reinstall windows. Do not backup anything besides documents and pictures. Forget about zip files as they might have been altered / appended with virus too. Oh ya... you have remind me about the ZIPped file... Virut is one of the few virus infection that can infect compressed folder... Do not backup zipped folder with .exe or .scr extension inside.

cavern	Jul 25 2008, 06:17 PM Show posts by this member only \| Post #17
Newbie Group: New Member Posts: 2 Joined: July 2008 From: Kota Kinabalu, Sabah	just scan using kaspersky...wasting time to reformat...

AHBOON	Jul 25 2008, 06:26 PM Show posts by this member only \| Post #18
Freak Group: Senior Member Posts: 1,118 Joined: January 2003	QUOTE(tan_pang @ Jul 25 2008, 05:25 PM) Oh ya... you have remind me about the ZIPped file... Virut is one of the few virus infection that can infect compressed folder... Do not backup zipped folder with .exe or .scr extension inside. but mine's ok, some exe of mine i zip it using wnrar , mungking i rar it instead of zip it so mine not effected? however ,scanning using all those antivirus also useless, still need to reformat eventualy

josephting	Jul 25 2008, 09:24 PM Show posts by this member only \| Post #19
Newbie Group: Junior Member Posts: 48 Joined: March 2006 From: Selayang	Don't like to reformat though. It's just so troublesome to reinstall all of my software all over again. I have tons of software installed and some of the installer has gone and I'm using it frequently. So, I'm not decided to reformat.

mryellow19	Jul 25 2008, 11:08 PM Show posts by this member only \| Post #20
~lalala~ Group: Senior Member Posts: 1,130 Joined: January 2007 From: -kay elle-	QUOTE(josephting @ Jul 25 2008, 09:24 PM) Don't like to reformat though. It's just so troublesome to reinstall all of my software all over again. I have tons of software installed and some of the installer has gone and I'm using it frequently. So, I'm not decided to reformat. If you decide not to format then you can try what tan_pang has said, AVG Virut Removal Tool. But it would still be best to backup and format as you may not know to what extent the removal tool will be able to disinfect the infection.

« Next Oldest · Technical Support · Next Newest »

2 Pages 1 2 >

Bump Topic

Closed Topic

Topic Options

Start new topic