pagefile a virus

Lowyat.NET forums

Lowyat.NET Kopitiam Garage Sales

Lowyat.NET Rules and Regulations FAQ Help Search Members

Welcome Guest ( Log In | Register )

Lowyat.NET -> Software -> Security & Privacy

Bump Topic Add Reply RSS Feed

Outline · [ Standard ] · Linear+

pagefile a virus, autoplay on my drive

views

TSsmwah	Feb 4 2007, 01:27 PM, updated 19y ago Show posts by this member only \| Post #1
Glad to be Here Elite 1,701 posts Joined: Jan 2003 From: Setia Alam	I got this problem, when I double click and open my hdd drive in My Computer or whatever. My internet browser will auto created at desktop. When you click on the internet browser it will bring you to one certain website, which I never go across. I check my setting for HOME, it never change. It happens when you only click on that particular shortcut. When I right click my hdd it will appear AUTOPLAY and AUTO. My kapersky will alert me pagefile virus, once I double click to open my hdd drive. I got some picture here, hope you all can get a better image of what I saying. Attached thumbnail(s)
Card PM	Report Top Like Quote Reply

eXPeri3nc3	Feb 4 2007, 01:53 PM Show posts by this member only \| Post #2
It's coming! 3ɔu3ıɹǝdxǝ ♥ Senior Member 9,257 posts Joined: Aug 2005 From: Not so sure myself Status: 1+3+3=7	Get autorun remover here http://forum.lowyat.net/index.php?showtopi...3969&hl=autorun Please post a fresh HJT log in your next reply.
Card PM	Report Top Like Quote Reply

KoYuKii	Feb 8 2007, 02:55 AM Show posts by this member only \| Post #3
Regular Senior Member 1,979 posts Joined: Jan 2003 From: Coconut Tree. That's what my mum said	i almost format all my drive(i've 6 partition). but luckily i found this 1st. it really helps. thanks mate !!
Card PM	Report Top Like Quote Reply

TSsmwah	Feb 8 2007, 10:51 PM Show posts by this member only \| Post #4
Glad to be Here Elite 1,701 posts Joined: Jan 2003 From: Setia Alam	This is my scan result. Hope you can advice me. Thanks in advance. Logfile of HijackThis v1.99.1 Scan saved at 10:52:09 PM, on 2/8/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Motherboard Monitor 5\MBM5.EXE C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\cFosSpeed\spd.exe C:\Program Files\Tuotu\Tuotu.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\(^-^)\Desktop\HijackThis.exe O2 - BHO: (no name) - {0BECAB3A-E1F8-45E6-8332-38DD750EBA01} - (no file) O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE" O4 - HKLM\..\Run: [TuoTu] C:\Program Files\Tuotu\Tuotu.exe /m O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{A7FFD3D9-53FB-4976-9862-78914037EC17}: NameServer = 192.168.1.1 O18 - Protocol: ipp - (no CLSID) - (no file) O18 - Protocol: msdaipp - (no CLSID) - (no file) O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Program Files\cFosSpeed\spd.exe" -service (file missing)
Card PM	Report Top Like Quote Reply

eXPeri3nc3	Feb 9 2007, 02:26 PM Show posts by this member only \| Post #5
It's coming! 3ɔu3ıɹǝdxǝ ♥ Senior Member 9,257 posts Joined: Aug 2005 From: Not so sure myself Status: 1+3+3=7	Hi smwah, Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any) O18 - Protocol: ipp - (no CLSID) - (no file) O18 - Protocol: msdaipp - (no CLSID) - (no file) *Please remember to close all other windows, including browsers then click Fix checked.* Download AVG Anti-Spyware from HERE Install AVG Anti-Spyware Double-click the icon on Desktop to launch AVG Anti-Spyware You will need to update AVG Anti-Spyware to the latest definition files. On the top of the main screen click Shield Click the word active to change it to inactive On the top of the main screen click Update. Then click on Start Update. The update will start and a progress bar will show the updates being installed. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab. Once in the Settings screen click on "Recommended actions" and then select "Quarantine". Under "Reports" Select "Automatically generate report after every scan" Un-Select "Only if threats were found" When you have finished updating, EXIT AVG Anti-Spyware. Do Not run a scan just yet, we will shortly. Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed) Click Scanner Click on the Scan tab Click Complete System Scan to begin scanning. Once the scan is complete do the following: If you have any infections you will prompted, then select "Apply all actions" Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important). AVG Anti-Spyware is compatible with most AV and anti-spyware products, and the free version will continue to be useful as a second anti-malware scanner. Restart in normal mode. Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files. Once the files have been downloaded click on NEXT Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Bases Click OK & have it scan My Computer Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Click the Save as Text** button to save the file to your desktop so that you may post it in your next reply * Turn off the real time scanner of any existing antivirus program while performing the online scan Please post an AVG Anti-Spyware log and Kaspesky Extended Scan Log in your next reply.
Card PM	Report Top Like Quote Reply

TSsmwah	Feb 15 2007, 12:18 AM Show posts by this member only \| Post #6
Glad to be Here Elite 1,701 posts Joined: Jan 2003 From: Setia Alam	C:\WINDOWS\Debug\oakley.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\M72X8PIZ\x[1].exe Infected: Net-Worm.Win32.Padobot.p skipped C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\i Infected: Trojan-Downloader.BAT.Ftp.ab skipped C:\WINDOWS\system32\mysvcc.exe Infected: Backdoor.Win32.SdBot.awm skipped C:\WINDOWS\system32\o Infected: Trojan-Downloader.BAT.Ftp.ab skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\M72X8PIZ\x[1].exe Infected: Net-Worm.Win32.Padobot.p skipped C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\i Infected: Trojan-Downloader.BAT.Ftp.ab skipped C:\WINDOWS\system32\mysvcc.exe Infected: Backdoor.Win32.SdBot.awm skipped C:\WINDOWS\system32\o Infected: Trojan-Downloader.BAT.Ftp.ab skipped O18 - Protocol: ipp - (no CLSID) - (no file) O18 - Protocol: msdaipp - (no CLSID) - (no file) these two thing I had fixed it with HJT, but when rescan it still there. Hope you can provide some help and advice. Thank you.
Card PM	Report Top Like Quote Reply

« Next Oldest · Security & Privacy · Next Newest »

Add Reply Options

Change to:

0.0164sec

1.12

6 queries

GZIP Disabled
Time is now: 23rd December 2025 - 05:51 AM

All Rights Reserved © 2002- 2025 Vijandren Ramadass (~unite against racism~)

Removal Request

Powered by Invision Power Board © 2025 IPS, Inc.