Outline ·
[ Standard ] ·
Linear+
Virus/Malware Virus /Rootkits Thread, Work In Progress
matyrze
|
May 18 2009, 12:48 PM
|
|
Hi guys, please help me. There are some weird process in my task manager.
As you can see, there are some process named BN***.tmp. I've googled it, and maybe it is some sort of spyware. Story: My PC got BSOD. After some checking, I thought there may be some virus. So I uninstalled my blacklisted NOD32, and tried to install KIS and NIS. But the installer won't start. I've scanned my harddisk using my friend's PC, and it found virus in my HDD, and it deleted them. But I still can't intall any AV. When I reonline back, the BN***.tmp files will appear again. How can I delete them altogether? Thx in advance. Added on May 19, 2009, 12:58 amProblems solved This post has been edited by matyrze: May 19 2009, 12:58 AM
|
|
|
|
ronzai89
|
Jun 4 2009, 01:47 PM
|
Getting Started
|
QUOTE(matyrze @ May 18 2009, 12:48 PM) Hi guys, please help me. There are some weird process in my task manager.
As you can see, there are some process named BN***.tmp. I've googled it, and maybe it is some sort of spyware. Story: My PC got BSOD. After some checking, I thought there may be some virus. So I uninstalled my blacklisted NOD32, and tried to install KIS and NIS. But the installer won't start. I've scanned my harddisk using my friend's PC, and it found virus in my HDD, and it deleted them. But I still can't intall any AV. When I reonline back, the BN***.tmp files will appear again. How can I delete them altogether? Thx in advance. Added on May 19, 2009, 12:58 amProblems solved usually got BSOD shud be virus, spywares. clean up ur PC.
|
|
|
|
8u8u
|
Jun 10 2009, 01:53 PM
|
|
guys...i hav a problem too...hope u guys can help me solve it out... i hav a virus in my comp...the virus i think is win32/parite... anywayz...i cant jus del the virus...cuz my comp wil crash... so,all sifu at here...what shud i do??
|
|
|
|
raptor_cZn
|
Jun 13 2009, 04:55 PM
|
|
I am having problems in removing a trojan horse from my comp. AVG detects it as Generic Trojan Horse 10.ALLI but after I click heal for AVG, it still pops up from time to time while using my computer. Do I have to turn off system restore so that AVG can get rid of it properly? This is my HijackThis log » Click to show Spoiler - click again to hide... « CODE Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:50:19 PM, on 6/13/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal
Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\COMODO\Firewall\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\svchost.exe G:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe G:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\system32\crypserv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\MagicTune Premium\MagicTuneEngine.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE G:\PROGRA~1\ACCESS~1\ala.exe C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe G:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Razer\Krait\razerhid.exe C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\WINDOWS\system32\JMRaidSetup.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Razer\Krait\razerofa.exe G:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\COMODO\Firewall\cfp.exe G:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe G:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe J:\Nexon\Mabinogi\npkcmsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe G:\Program Files\CursorXP\CursorXP.exe C:\WINDOWS\system32\ctfmon.exe G:\Program Files\DisplayFusion\DisplayFusion.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe G:\Program Files\Rainmeter\Rainmeter.exe G:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\iPod\bin\iPodService.exe G:\Program Files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe G:\Program Files\Nokia\PC Connectivity Solution\Transports\NclIrSrv.exe G:\Program Files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Skype\Phone\Skype.exe G:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe G:\Program Files\No-IP\DUC20.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE G:\Program Files\OpenVPN\bin\openvpn.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Last.fm\LastFM.exe C:\Program Files\Winamp\winamp.exe G:\Program Files\CD Art Display\CAD.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe G:\Program Files\uTorrent\utorrent.exe C:\DOCUME~1\Shawn\LOCALS~1\Temp\dotNetFx35.exe f:\f3284e7daa119961bc4d188a\wcu\dotNetFramework\dotNetFx35setup.exe f:\aa0645aa2ced4825186c49\setup.exe C:\WINDOWS\system32\msiexec.exe G:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F3 - REG:win.ini: load=G:\PROGRA~1\ACCESS~1\ala.exe O1 - Hosts: 91.121.97.18 thepiratebay.org O1 - Hosts: 91.121.97.18 www.thepiratebay.org O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - G:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - G:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - G:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - G:\Program Files\Pilot Group LLC\Save Flash 2.4.20\SaveFlash.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - G:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [RemoteControl] "G:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [EPSON Stylus C65 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE /P23 "EPSON Stylus C65 Series" /O6 "USB001" /M "Stylus C65" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Krait] C:\Program Files\Razer\Krait\razerhid.exe O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [ala.exe] g:\progra~1\access~1\ala.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "G:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TrueImageMonitor.exe] G:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] G:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe O4 - HKLM\..\Run: [Nokia FastStart] "G:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [CursorXP] G:\Program Files\CursorXP\CursorXP.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [DisplayFusion] G:\Program Files\DisplayFusion\DisplayFusion.exe O4 - HKUS\S-1-5-18\..\Run: [iLike] C:\Program Files\iLike\1.1.41\ilikesidebar.exe /checkforupdate (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [iLike] C:\Program Files\iLike\1.1.41\ilikesidebar.exe /checkforupdate (User 'Default user') O4 - Startup: Rainmeter.lnk = G:\Program Files\Rainmeter\Rainmeter.exe O4 - Global Startup: NCProTray.lnk = C:\Program Files\SEC\Natural Color Pro\NCProTray.exe O4 - Global Startup: Register Mask Pro 3.0.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Download by Orbit - res://G:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://G:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://G:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://G:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-MY/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176563151859 O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://animax.jumboplay.com/my/class/DragonbackCtl.ocx O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://advancedconfig.dyndns.org/TSWeb/msrdp.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4B433C10-D1A0-43FD-A590-6FD5813B2548}: NameServer = 202.188.0.13,202.188.1.5 O17 - HKLM\System\CCS\Services\Tcpip\..\{565C4480-8EEA-4D1F-BA78-4A41FA233EC8}: NameServer = 202.188.0.13,202.188.1.5 O17 - HKLM\System\CCS\Services\Tcpip\..\{79291501-5F35-4ABC-B7F2-D7A689AD5BB1}: NameServer = 208.188.0.133,202.188.1.5 O17 - HKLM\System\CCS\Services\Tcpip\..\{C8F1A8B9-7DC8-4A12-A405-1401302914B3}: NameServer = 202.188.0.133,202.188.1.5 O17 - HKLM\System\CCS\Services\Tcpip\..\{DD17A77E-E202-4E30-A200-ABF2C1354FD4}: NameServer = 202.188.0.13,202.188.1.5 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O20 - Winlogon Notify: reset5e - reset5e.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - G:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - G:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AST Service (astcc) - Unknown owner - C:\WINDOWS\system32\astsrv.exe (file missing) O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - J:\Nexon\Mabinogi\npkcmsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - G:\Program Files\OpenVPN\bin\openvpnserv.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - G:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\Win32\RpcDataSrv.exe O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - G:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\RpcSandraSrv.exe O23 - Service: ServiceLayer - Nokia. - G:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
-- End of file - 18140 bytes
This post has been edited by raptor_cZn: Jun 13 2009, 04:56 PM
|
|
|
|
frequencysaver
|
Jun 14 2009, 04:26 PM
|
New Member
|
QUOTE(8u8u @ Jun 10 2009, 01:53 PM) guys...i hav a problem too...hope u guys can help me solve it out... i hav a virus in my comp...the virus i think is win32/parite... anywayz...i cant jus del the virus...cuz my comp wil crash... so,all sifu at here...what shud i do?? my advise is once you get infected with any spyware / malware / rootkit then the best and safest way is to format hard disk and do a clean fresh install this way you are definitely sure you won't leave any traces of the malicious codes behind. but a fresh reformat and reinstall takes a lot of time especially if you have other software installed too like Adobe or Office I always play safe meaning I have a Windows work computer which is very secure. I won't simply copy files to it from any USB drive or CD and I only surf 100% trusted websites. this computer i will use to access all my confidential data like paypal, liberty reserve, bank accounts & others But for play play, I have another computer which use Linux to surf those cheap and untrustable websites. because eventhough I am infected, the Linux platform will easily cope with it. some malwares like to infect windows platform but did not manage to infect Linux
|
|
|
|
iceman31
|
Jun 14 2009, 04:32 PM
|
|
hi guys...
i would like to ask... how to clean up virus from pen drive without deleting all the files inside it...
is it possible?? any software?? need to pay for the software also don't mind cuz i got like 10 pen drive need to be clean... without
deleting all the important files inside...
|
|
|
|
darrenwong
|
Jun 14 2009, 07:34 PM
|
New Member
|
QUOTE(iceman31 @ Jun 14 2009, 04:32 PM) hi guys... i would like to ask... how to clean up virus from pen drive without deleting all the files inside it... is it possible?? any software?? need to pay for the software also don't mind cuz i got like 10 pen drive need to be clean... without deleting all the important files inside... why don't you try to use effective antivirus software (avira, avast, kaspersky.....) to remove it? free or trial versions of it...just make sure you update their virus signatures/definitions.. This post has been edited by darrenwong: Jun 14 2009, 07:42 PM
|
|
|
|
iceman31
|
Jun 14 2009, 08:15 PM
|
|
QUOTE(darrenwong @ Jun 14 2009, 07:34 PM) why don't you try to use effective antivirus software (avira, avast, kaspersky.....) to remove it? free or trial versions of it...just make sure you update their virus signatures/definitions.. er wont is delet the files to??
|
|
|
|
darrenwong
|
Jun 14 2009, 08:42 PM
|
New Member
|
hmm....basically most of the viruses in flash drives wouldn't affect the current files in the drive. they copy another malicious file to the flash drive. i hope those are the viruses which are infected.
|
|
|
|
iceman31
|
Jun 14 2009, 09:10 PM
|
|
QUOTE(darrenwong @ Jun 14 2009, 08:42 PM) hmm....basically most of the viruses in flash drives wouldn't affect the current files in the drive. they copy another malicious file to the flash drive. i hope those are the viruses which are infected. sry... i think wat i ment is... how to clean virus of the pen drive without deleting the files in the pen drive wich is infected... sry if i have poor english.... This post has been edited by iceman31: Jun 14 2009, 09:11 PM
|
|
|
|
darrenwong
|
Jun 14 2009, 09:34 PM
|
New Member
|
QUOTE(iceman31 @ Jun 14 2009, 09:10 PM) sry... i think wat i ment is... how to clean virus of the pen drive without deleting the files in the pen drive wich is infected... sry if i have poor english.... oh...never mind...hmm....you mean actually in the drive there's a virus affecting one or several files for example? and you don't want to delete them? actually it's possible for antiviruses to clean the virus from the file(s), but with a low chance for the file to be recovered. cause most antiviruses put delete as the main or the only possible action in order to remove the virus from the flash drive.
|
|
|
|
iceman31
|
Jun 14 2009, 11:39 PM
|
|
QUOTE(darrenwong @ Jun 14 2009, 09:34 PM) oh...never mind...hmm....you mean actually in the drive there's a virus affecting one or several files for example? and you don't want to delete them? actually it's possible for antiviruses to clean the virus from the file(s), but with a low chance for the file to be recovered. cause most antiviruses put delete as the main or the only possible action in order to remove the virus from the flash drive. yup... that's the problem... i keep telling my mum... it will delete the files... she wont believe it because she send the pen drive to a shop... n the shop clean without deleting the files...
|
|
|
|
darrenwong
|
Jun 15 2009, 12:03 AM
|
New Member
|
QUOTE(iceman31 @ Jun 14 2009, 11:39 PM) yup... that's the problem... i keep telling my mum... it will delete the files... she wont believe it because she send the pen drive to a shop... n the shop clean without deleting the files... hmmm....actually it really depends on the virus lo...but nowadays almost all common viruses have to be deleted...sadly to say...the thing is...back up your documents if possible...maybe make an extra copy to the hard disk would be the fastest and easiest way which most people do lo...
|
|
|
|
zagary
|
Jun 19 2009, 11:12 AM
|
Getting Started
|
try superantispyware, update the definitions and scan your pc in safe mood. if possible, install clamav in a pendrive and scan from it.
|
|
|
|
pergilahsayang
|
Jun 27 2009, 01:32 PM
|
|
Guys,i have some concern with my pc.
3 days ago, my AVG detected trojan backdoor generic11.XY0 in several of my files ( huhu my assignment ) . But what makes me confuse + weird is, i've set AVG to scan my pc once everyday. It detected no virus at all from the day i format my pc ( which is 2 month ago ) until 3 days ago, it detected this virus, although before this it says it was clean. Where does this virus come from? That assignment of mine was not infected and was not use for 4 month. AVG dint tell me it was infected at all untill 3 days ago lol.
Not only that, today i scan one more time, got the same trojan backdoorgeneric11.XY0 infected several of my system volume information. THis is really weird, before this my AVG dint detect this infection before. Why only several days ago detected this trojan ya? Got the feeling that got a loophole in my protection and if this keep up, more of my file will b infected.......
( Anyway, i always downloading file 24 hours from the internet )
|
|
|
|
nxgame
|
Jun 29 2009, 09:49 AM
|
Getting Started
|
normally this problem is cuse by either is VIRUS or Torjan Worms ~
i would perfer , take your infected HDD to the other PC which is well safe and has a super anti-virus to do a "deep scan" and it will solve the problem .
|
|
|
|
mucha_wan
|
Jul 7 2009, 07:08 PM
|
Getting Started
|
hi everyone.. since yesterday, my nod32 keep on detecting this Kryptik.VO trojan:
nod32 keep on constantly giving the alert but with a different exe name.. example, in the picture is 911311.exe..later on i will get other name like 123456.exe from the same folder (system32).. ive done scanning the whole computer - but no virus detected! wtf it is actually??? dangg!! can anyone help me to solve this problem? nvm..problem solved after eset emailed me n asked to update the av databse n done full computer scan.. after restart, there is no logger kryptik.VO!! beware if one of this exe is running on ur computer: - ngppx.exe - aceipda.exe - NOD4CD3.tmp (im not quite sure abt this one!!) no wonder when i googling abt ngppx.exe b4, 0 result... This post has been edited by mucha_wan: Jul 9 2009, 08:58 AM
|
|
|
|
kingkingyyk
|
Jul 23 2009, 12:08 AM
|
10k Club
|
Easy to prevent pendrive's virus... If the pendrive is fresh, u can put a folder named autorun.inf in the root of it. When the virus is gonna to copy itself as autorun.inf, it can't because same name!!!! Yeah! (Do this on harddisks also)(It helps me prevent many time from infecting)
If the pendrive is suspicious, you can google Autorun Preventer and run it. It will removes autorun.inf file.
This post has been edited by kingkingyyk: Jul 23 2009, 12:09 AM
|
|
|
|
dopeycheese
|
Jul 23 2009, 07:46 PM
|
Getting Started
|
nid help her, anyone gt any idea how to remove:-
reader_s.exe 1.exe 44.tmp ms18_word.exe servises.exe
i tried spybot countless times, keep poppin back up, prevx 3.0 jz wont update
|
|
|
|