You are here:
Computer Security & Viruses/about virus
Advertisement
Question
QUESTION: hi
as you told me, i am sending you result of dr. web scaning and log file.
scan result:
amvo0.dll;c:\windows\system32;Trojan.PWS.Wsgame.2387;Deleted.;
xn1i9x.com;c:\;Trojan.MulDrop.6474;Deleted.;
xn1i9x.com;d:\;Trojan.MulDrop.6474;Deleted.;
xn1i9x.com;e:\;Trojan.MulDrop.6474;Deleted.;
xn1i9x.com;f:\;Trojan.MulDrop.6474;Deleted.;
xn1i9x.com;h:\;Trojan.MulDrop.6474;Deleted.;
xn1i9x.com;C:\;Trojan.MulDrop.6474;Deleted.;
amvo.exe;C:\WINDOWS\system32;Trojan.MulDrop.6474;Deleted.;
wsga2r2.dll;C:\Documents and Settings\Administrator\Local Settings\Temp;Trojan.Nsanti.Packed;Deleted.;
A0001665.com;C:\System Volume Information\_restore{96773862-1721-48C0-A05E-0ED86B9ED574}\RP16;Trojan.MulDrop.6474;Deleted.;
A0001666.inf;C:\System Volume Information\_restore{96773862-1721-48C0-A05E-0ED86B9ED574}\RP16;Win32.HLLW.Autoruner.1215;Deleted.;
A0001673.exe;C:\System Volume Information\_restore{96773862-1721-48C0-A05E-0ED86B9ED574}\RP16;Trojan.MulDrop.6474;Deleted.;
autorun.inf;D:\;Win32.HLLW.Autoruner.1215;Deleted.;
yqfprhqr.d1l;D:\WINDOWS\system32;BackDoor.PSClient;Deleted.;
kas.exe;D:\WINDOWS\system32;BackDoor.PSClient;Deleted.;
autorun3.exe;D:\WINDOWS\system32;BackDoor.PcClient;Deleted.;
OfcpfwSvcs.exe;D:\WINDOWS\system32;BackDoor.PcClient;Deleted.;
yqfprhqr.sys;D:\WINDOWS\system32\drivers;BackDoor.PSClient;Deleted.;
A0001667.com;D:\System Volume Information\_restore{96773862-1721-48C0-A05E-0ED86B9ED574}\RP16;Trojan.MulDrop.6474;Deleted.;
A0001668.inf;D:\System Volume Information\_restore{96773862-1721-48C0-A05E-0ED86B9ED574}\RP16;Win32.HLLW.Autoruner.1215;Deleted.;
A0001675.exe;D:\System Volume Information\_restore{96773862-1721-48C0-A05E-0ED86B9ED574}\RP16;BackDoor.PSClient;Deleted.;
A0001676.exe;D:\System Volume Information\_restore{96773862-1721-48C0-A05E-0ED86B9ED574}\RP16;BackDoor.PcClient;Deleted.;
A0001677.exe;D:\System Volume Information\_restore{96773862-1721-48C0-A05E-0ED86B9ED574}\RP16;BackDoor.PcClient;Deleted.;
A0001678.sys;D:\System Volume Information\_restore{96773862-1721-48C0-A05E-0ED86B9ED574}\RP16;BackDoor.PSClient;Deleted.;
autorun.inf;E:\;Win32.HLLW.Autoruner.1215;Deleted.;
A0014152.inf;E:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP50;Win32.HLLW.Autoruner.1215;Deleted.;
A0014162.inf;E:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP51;Win32.HLLW.Autoruner.1215;Deleted.;
A0016004.inf;E:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP51;Win32.HLLW.Autoruner.1215;Deleted.;
A0016038.inf;E:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP51;Win32.HLLW.Autoruner.1215;Deleted.;
A0017038.inf;E:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP51;Win32.HLLW.Autoruner.1215;Deleted.;
A0017214.inf;E:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP52;Win32.HLLW.Autoruner.1215;Deleted.;
A0017321.inf;E:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP53;Win32.HLLW.Autoruner.1215;Deleted.;
A0017337.inf;E:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP54;Win32.HLLW.Autoruner.1215;Deleted.;
A0017395.inf;E:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP55;Win32.HLLW.Autoruner.1215;Deleted.;
A0017443.inf;E:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP56;Win32.HLLW.Autoruner.1215;Deleted.;
A0017469.inf;E:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP56;Win32.HLLW.Autoruner.1215;Deleted.;
A0017518.inf;E:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP57;Win32.HLLW.Autoruner.1215;Deleted.;
A0017537.inf;E:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP57;Win32.HLLW.Autoruner.1215;Deleted.;
A0017557.inf;E:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP57;Win32.HLLW.Autoruner.1215;Deleted.;
A0017580.inf;E:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP57;Win32.HLLW.Autoruner.1215;Deleted.;
A0017653.inf;E:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP57;Win32.HLLW.Autoruner.1215;Deleted.;
A0018641.inf;E:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP57;Win32.HLLW.Autoruner.1215;Deleted.;
A0018661.inf;E:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP57;Win32.HLLW.Autoruner.1215;Deleted.;
A0018683.inf;E:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP57;Win32.HLLW.Autoruner.1215;Deleted.;
A0018705.inf;E:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP57;Win32.HLLW.Autoruner.1215;Deleted.;
A0018727.inf;E:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP57;Win32.HLLW.Autoruner.1215;Deleted.;
A0018739.inf;E:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP58;Win32.HLLW.Autoruner.1215;Deleted.;
A0018757.inf;E:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP58;Win32.HLLW.Autoruner.1215;Deleted.;
A0018788.inf;E:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP58;Win32.HLLW.Autoruner.1215;Deleted.;
A0018808.inf;E:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP58;Win32.HLLW.Autoruner.1215;Deleted.;
A0018841.inf;E:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP58;Win32.HLLW.Autoruner.1215;Deleted.;
A0018862.inf;E:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP58;Win32.HLLW.Autoruner.1215;Deleted.;
A0018888.inf;E:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP58;Win32.HLLW.Autoruner.1215;Deleted.;
A0018899.inf;E:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP59;Win32.HLLW.Autoruner.1215;Deleted.;
A0018918.inf;E:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP59;Win32.HLLW.Autoruner.1215;Deleted.;
A0018938.inf;E:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP59;Win32.HLLW.Autoruner.1215;Deleted.;
A0018961.inf;E:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP59;Win32.HLLW.Autoruner.1215;Deleted.;
A0019001.inf;E:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP59;Win32.HLLW.Autoruner.1215;Deleted.;
A0019022.inf;E:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP59;Win32.HLLW.Autoruner.1215;Deleted.;
A0019046.inf;E:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP59;Win32.HLLW.Autoruner.1215;Deleted.;
A0019063.inf;E:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP60;Win32.HLLW.Autoruner.1215;Deleted.;
A0020047.inf;E:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP60;Win32.HLLW.Autoruner.1215;Deleted.;
A0020088.inf;E:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP60;Win32.HLLW.Autoruner.1215;Deleted.;
A0020109.inf;E:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP60;Win32.HLLW.Autoruner.1215;Deleted.;
A0020137.inf;E:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP60;Win32.HLLW.Autoruner.1215;Deleted.;
A0020159.inf;E:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP60;Win32.HLLW.Autoruner.1215;Deleted.;
A0020426.inf;E:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP61;Win32.HLLW.Autoruner.1215;Deleted.;
A0000824.inf;E:\System Volume Information\_restore{48A764B5-2473-4287-B39E-68C242C53368}\RP2;Win32.HLLW.Autoruner.1215;Deleted.;
A0000841.inf;E:\System Volume Information\_restore{48A764B5-2473-4287-B39E-68C242C53368}\RP3;Win32.HLLW.Autoruner.1215;Deleted.;
A0000859.inf;E:\System Volume Information\_restore{48A764B5-2473-4287-B39E-68C242C53368}\RP4;Win32.HLLW.Autoruner.1215;Deleted.;
A0000882.inf;E:\System Volume Information\_restore{48A764B5-2473-4287-B39E-68C242C53368}\RP4;Win32.HLLW.Autoruner.1215;Deleted.;
A0000901.inf;E:\System Volume Information\_restore{48A764B5-2473-4287-B39E-68C242C53368}\RP4;Win32.HLLW.Autoruner.1215;Deleted.;
A0000909.INF;E:\System Volume Information\_restore{48A764B5-2473-4287-B39E-68C242C53368}\RP5;Win32.HLLW.Autoruner.1215;Deleted.;
A0000928.inf;E:\System Volume Information\_restore{48A764B5-2473-4287-B39E-68C242C53368}\RP5;Win32.HLLW.Autoruner.1215;Deleted.;
A0000955.inf;E:\System Volume Information\_restore{48A764B5-2473-4287-B39E-68C242C53368}\RP5;Win32.HLLW.Autoruner.1215;Deleted.;
A0001954.inf;E:\System Volume Information\_restore{48A764B5-2473-4287-B39E-68C242C53368}\RP5;Win32.HLLW.Autoruner.1215;Deleted.;
A0003441.inf;E:\System Volume Information\_restore{48A764B5-2473-4287-B39E-68C242C53368}\RP9;Win32.HLLW.Autoruner.1215;Deleted.;
A0001669.com;E:\System Volume Information\_restore{96773862-1721-48C0-A05E-0ED86B9ED574}\RP16;Trojan.MulDrop.6474;Deleted.;
A0001670.inf;E:\System Volume Information\_restore{96773862-1721-48C0-A05E-0ED86B9ED574}\RP16;Win32.HLLW.Autoruner.1215;Deleted.;
autorun.inf;F:\;Win32.HLLW.Autoruner.1215;Deleted.;
A0014154.inf;F:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP50;Win32.HLLW.Autoruner.1215;Deleted.;
A0014164.inf;F:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP51;Win32.HLLW.Autoruner.1215;Deleted.;
A0016006.inf;F:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP51;Win32.HLLW.Autoruner.1215;Deleted.;
A0016040.inf;F:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP51;Win32.HLLW.Autoruner.1215;Deleted.;
A0017040.inf;F:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP51;Win32.HLLW.Autoruner.1215;Deleted.;
A0017216.inf;F:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP52;Win32.HLLW.Autoruner.1215;Deleted.;
A0017323.inf;F:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP53;Win32.HLLW.Autoruner.1215;Deleted.;
A0017339.inf;F:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP54;Win32.HLLW.Autoruner.1215;Deleted.;
A0017397.inf;F:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP55;Win32.HLLW.Autoruner.1215;Deleted.;
A0017445.inf;F:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP56;Win32.HLLW.Autoruner.1215;Deleted.;
A0017471.inf;F:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP56;Win32.HLLW.Autoruner.1215;Deleted.;
A0017520.inf;F:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP57;Win32.HLLW.Autoruner.1215;Deleted.;
A0017539.inf;F:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP57;Win32.HLLW.Autoruner.1215;Deleted.;
A0017559.inf;F:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP57;Win32.HLLW.Autoruner.1215;Deleted.;
A0017583.inf;F:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP57;Win32.HLLW.Autoruner.1215;Deleted.;
A0017655.inf;F:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP57;Win32.HLLW.Autoruner.1215;Deleted.;
A0018643.inf;F:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP57;Win32.HLLW.Autoruner.1215;Deleted.;
A0018663.inf;F:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP57;Win32.HLLW.Autoruner.1215;Deleted.;
A0018685.inf;F:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP57;Win32.HLLW.Autoruner.1215;Deleted.;
A0018707.inf;F:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP57;Win32.HLLW.Autoruner.1215;Deleted.;
A0018729.inf;F:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP57;Win32.HLLW.Autoruner.1215;Deleted.;
A0018741.inf;F:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP58;Win32.HLLW.Autoruner.1215;Deleted.;
A0018759.inf;F:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP58;Win32.HLLW.Autoruner.1215;Deleted.;
A0018790.inf;F:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP58;Win32.HLLW.Autoruner.1215;Deleted.;
A0018810.inf;F:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP58;Win32.HLLW.Autoruner.1215;Deleted.;
A0018843.inf;F:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP58;Win32.HLLW.Autoruner.1215;Deleted.;
A0018865.inf;F:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP58;Win32.HLLW.Autoruner.1215;Deleted.;
A0018890.inf;F:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP58;Win32.HLLW.Autoruner.1215;Deleted.;
A0018901.inf;F:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP59;Win32.HLLW.Autoruner.1215;Deleted.;
A0018920.inf;F:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP59;Win32.HLLW.Autoruner.1215;Deleted.;
A0018940.inf;F:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP59;Win32.HLLW.Autoruner.1215;Deleted.;
A0018963.inf;F:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP59;Win32.HLLW.Autoruner.1215;Deleted.;
A0019003.inf;F:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP59;Win32.HLLW.Autoruner.1215;Deleted.;
A0019024.inf;F:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP59;Win32.HLLW.Autoruner.1215;Deleted.;
A0019048.inf;F:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP59;Win32.HLLW.Autoruner.1215;Deleted.;
A0019065.inf;F:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP60;Win32.HLLW.Autoruner.1215;Deleted.;
A0020049.inf;F:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP60;Win32.HLLW.Autoruner.1215;Deleted.;
A0020090.inf;F:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP60;Win32.HLLW.Autoruner.1215;Deleted.;
A0020111.inf;F:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP60;Win32.HLLW.Autoruner.1215;Deleted.;
A0020139.inf;F:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP60;Win32.HLLW.Autoruner.1215;Deleted.;
A0020162.inf;F:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP60;Win32.HLLW.Autoruner.1215;Deleted.;
A0020428.inf;F:\System Volume Information\_restore{DBFDEBAE-38D8-4F66-BEB3-C651F7C79E33}\RP61;Win32.HLLW.Autoruner.1215;Deleted.;
A0000826.inf;F:\System Volume Information\_restore{48A764B5-2473-4287-B39E-68C242C53368}\RP2;Win32.HLLW.Autoruner.1215;Deleted.;
A0000843.inf;F:\System Volume Information\_restore{48A764B5-2473-4287-B39E-68C242C53368}\RP3;Win32.HLLW.Autoruner.1215;Deleted.;
A0000861.inf;F:\System Volume Information\_restore{48A764B5-2473-4287-B39E-68C242C53368}\RP4;Win32.HLLW.Autoruner.1215;Deleted.;
A0000884.inf;F:\System Volume Information\_restore{48A764B5-2473-4287-B39E-68C242C53368}\RP4;Win32.HLLW.Autoruner.1215;Deleted.;
A0000903.inf;F:\System Volume Information\_restore{48A764B5-2473-4287-B39E-68C242C53368}\RP4;Win32.HLLW.Autoruner.1215;Deleted.;
A0000911.INF;F:\System Volume Information\_restore{48A764B5-2473-4287-B39E-68C242C53368}\RP5;Win32.HLLW.Autoruner.1215;Deleted.;
A0000930.inf;F:\System Volume Information\_restore{48A764B5-2473-4287-B39E-68C242C53368}\RP5;Win32.HLLW.Autoruner.1215;Deleted.;
A0000957.inf;F:\System Volume Information\_restore{48A764B5-2473-4287-B39E-68C242C53368}\RP5;Win32.HLLW.Autoruner.1215;Deleted.;
A0001956.inf;F:\System Volume Information\_restore{48A764B5-2473-4287-B39E-68C242C53368}\RP5;Win32.HLLW.Autoruner.1215;Deleted.;
A0003442.inf;F:\System Volume Information\_restore{48A764B5-2473-4287-B39E-68C242C53368}\RP9;Win32.HLLW.Autoruner.1215;Deleted.;
A0001671.com;F:\System Volume Information\_restore{96773862-1721-48C0-A05E-0ED86B9ED574}\RP16;Trojan.MulDrop.6474;Deleted.;
A0001672.inf;F:\System Volume Information\_restore{96773862-1721-48C0-A05E-0ED86B9ED574}\RP16;Win32.HLLW.Autoruner.1215;Deleted.;
Desktopfun.EXE;F:\sonu\games\game1;Joke.Puncher;;
autorun.inf;H:\;Win32.HLLW.Autoruner.1215;Deleted.;
autorun.inf;H:\;Win32.HLLW.Autoruner.1215;Deleted.;
log file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:41:03 PM, on 2/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Softwin\BitDefender9\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\Program Files\Softwin\BitDefender9\bdnagent.exe
C:\Program Files\Softwin\BitDefender9\bdswitch.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Administrator\My Documents\cureit.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\_start.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\setup.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
--
End of file - 3834 bytes
ANSWER: Hi Anil
Dr.Web found and removed a number of viruses from your system, but your HJT log still shows some infections. Please follow the steps below:
Turn off System Restore:
1. Click Start, right-click My Computer, and then click Properties.
2. In the System Properties dialog box, click the System Restore tab.
3. Click to select the Turn off System Restore check box. Or, click to select the Turn off System Restore on all drives check box.
4. Click OK.
5. When you receive the following message, click Yes to confirm that you want to turn off System Restore:
You have chosen to turn off System Restore. If you continue, all existing restore points will be deleted, and you will not be able to track or undo changes to your computer.
Do you want to turn off System Restore?
After a few moments, the System Properties dialog box closes.
Please download ComboFix from this link:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Save it to your desktop.
Double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. You should now press the number 1 key and then press the enter key to continue. ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt. It will then display the log file automatically for you. Copy and paste that log in a follow up here along with a new HJT log.
Brian
---------- FOLLOW-UP ----------
QUESTION: as you says i am sending you combofix report and new hi jack log
combo fix log
ComboFix 08-02-20.2 - Administrator 2008-02-20 23:05:05.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.84 [GMT 5.5:30]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
[color=purple]The following files were disabled during the run:[/color]
C:\WINDOWS\system32\sockspy.dll
((((((((((((((((((((((((( Files Created from 2008-01-20 to 2008-02-20 )))))))))))))))))))))))))))))))
.
2008-02-20 22:36 . 2008-02-20 22:36 <DIR> d-------- C:\Program Files\Softwin
2008-02-20 17:20 . 2008-02-20 17:20 142 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-02-20 16:55 . 2008-02-20 16:55 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-20 16:55 . 2008-02-20 16:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-20 16:23 . 2008-02-20 16:23 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\skypePM
2008-02-20 16:23 . 2008-02-20 16:23 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-20 16:17 . 2008-02-20 16:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-02-20 16:14 . 2008-02-20 16:14 <DIR> d-------- C:\My FLVs
2008-02-20 16:13 . 2008-02-20 16:13 <DIR> d-------- C:\Program Files\YouTubeRobot
2008-02-20 12:30 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-02-20 02:30 . 2008-02-20 02:30 <DIR> d--hs---- C:\Recycled
2008-02-20 02:20 . 2008-02-20 02:20 <DIR> d-------- C:\Documents and Settings\Administrator\DoctorWeb
2008-02-20 02:09 . 2008-02-20 02:09 <DIR> d-------- C:\Program Files\Internet Cyclone
2008-02-20 02:07 . 2006-06-27 05:40 12,800 --------- C:\WINDOWS\system32\dllcache\WgaTray.exe
2008-02-20 02:07 . 2006-06-27 05:40 3,584 --------- C:\WINDOWS\system32\dllcache\WgaLogon.dll
2008-02-19 23:59 . 2008-02-19 23:59 <DIR> d-------- C:\WINDOWS\FLV Player
2008-02-19 23:59 . 2008-02-19 23:59 <DIR> d-------- C:\Program Files\FLV Player
2008-02-19 23:45 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-02-19 23:38 . 2008-02-19 23:38 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-19 22:33 . 2008-02-19 22:33 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-02-19 22:30 . 2008-02-19 22:30 <DIR> d-------- C:\Program Files\Google
2008-02-19 22:26 . 2008-02-19 22:26 <DIR> d-------- C:\Program Files\Java
2008-02-19 22:26 . 2008-02-19 22:26 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-19 22:26 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-19 22:25 . 2008-02-20 22:43 28 --a------ C:\WINDOWS\system32\getfile.dat
2008-02-19 22:18 . 2008-02-19 22:18 <DIR> d-------- C:\Program Files\ADSL Router
2008-02-19 22:18 . 2006-03-13 22:51 21,504 --a------ C:\WINDOWS\system32\drivers\bcmndis.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-19 16:09 --------- d-----w C:\Program Files\Common Files\Softwin
2008-02-19 16:05 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-02-19 16:05 --------- d-----w C:\Program Files\AvRack
2008-02-19 16:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-19 16:04 --------- d-----w C:\Program Files\Intel
2008-02-19 16:04 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-19 15:55 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2002-10-15 23:54 47104 C:\WINDOWS\SOUNDMAN.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-01-24 00:17 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-01-24 00:05 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"BDMCon"="C:\Program Files\Softwin\BitDefender9\bdmcon.exe" [2006-01-27 18:16 368640]
"BDOESRV"="C:\Program Files\Softwin\BitDefender9\bdoesrv.exe" [2005-03-11 18:53 90112]
"BDNewsAgent"="C:\Program Files\Softwin\BitDefender9\bdnagent.exe" [2005-06-09 11:28 9728]
"BDSwitchAgent"="C:\Program Files\Softwin\BitDefender9\bdswitch.exe" [2005-04-06 14:09 33280]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll
S3 USB_NDIS_51;USB NDIS DSL Router Network Device Driver;C:\WINDOWS\system32\DRIVERS\bcmndis.sys [2006-03-13 22:51]
*Newly Created Service* - BDRSDRV
*Newly Created Service* - BDSS
*Newly Created Service* - LIVESRV
*Newly Created Service* - VSSERV
*Newly Created Service* - XCOMM
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 23:06:03
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-20 23:06:25
log file of tread hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:46 PM, on 2/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\Program Files\Softwin\BitDefender9\bdnagent.exe
C:\Program Files\Softwin\BitDefender9\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdswitch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Download by YouTube Robot - res://C:\Program Files\YouTubeRobot\RobotExt.ocx/LINK.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender9\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
--
End of file - 4455 bytes
Hello Anil
Your logs are coming up clean now. Run a scan again with your BitDefender to see if it detects anything, which it should not. If it does, let me know. Otherwise, you may uninstall HJT and Dr.Web if you wish, although there is no harm in keeping them. To remove Combofix, Click Start > Run > ComboFix /u
Make sure there's a space between Combofix and /
Then hit enter.
This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
I hope I have helped you with your problem. Good luck.
Brian
Related Articles
Computer Security & Viruses
Answers by Expert:
Brian Benosky
Expertise
I will help you in eradicating malware and all forms of virus/trojans/adware. I can answer all PC-related hardware issues. I can also troubleshoot Windows OS errors (all versions) and other software problems. HijackThis logs are a MUST for virus related help. If you do not know how to do this, I have posted easy-to-follow instructions on the Ask a Question page. Every computer infection is different, so I will give you personal instructions on how to remove the malware, not a 'pat' answer. You can be assured of a prompt, polite, and knowledgeable response in all regards.
Experience
I have over 25 years experience in using, building, and repairing computers. I have helped over two thousand people here on AllExperts, with consistent Top Feedback Scores. Please look at my answers here:
http://en.allexperts.com/q/Computer-Security-Viruses-1737/indexExp_84308.htm
I am also a Top Contributor of General Computing answers in Yahoo! Questions.
Education/Credentials
College Educated
Self-taught Computer Skills
©2012 About.com, a part of The New York Times Company. All rights reserved.