Go Back   Computer Forums > General Computing > Hardware
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 01-21-2006, 12:25 PM   #1
Baseband Member
 
Join Date: Jan 2006
Posts: 58
Default Help... please malware = bad

well i messed up my computer for well hopefully the last time. this time i did it real good and i cant see to restore the easy way to make my desktop change pictures and i cant quite seem to make trend micro work on fire fox or on IE. well of cource i couldent have done it unless i was doing some thing i wasnt supposed to. i down loaded something and well it ran... well here is my hijack this list if you need that. i can get around my computer prety easy so hopefully some one can help.


Logfile of HijackThis v1.99.1
Scan saved at 12:21:26 PM, on 1/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jared Currie\Desktop\HijackThis-1.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
__________________

C.S. is offline   Reply With Quote
Old 01-21-2006, 12:44 PM   #2
Baseband Member
 
Join Date: Jan 2006
Posts: 58
Default Re: Help... please malware = bad

so yeha that thing i dled is great so far i have 31 viruses and a hundred and two infected objects.... wow i messed it up good. this is useing kaspersky. so far the only scaner that is working
__________________

__________________
(\__/)
(='.'=)This is Bunny. Copy and paste bunny into your
(")_(")signature to help him gain world domination.i probably spelled taht wrong
C.S. is offline   Reply With Quote
Old 01-21-2006, 12:46 PM   #3
Golden Master
 
01001010's Avatar
 
Join Date: Oct 2005
Posts: 7,888
Default Re: Help... please malware = bad

That HJT file is way to small. Make sure you posted a full logfile.
__________________
Stop the genocide now.
↳ www.savedarfur.org

Send comments, suggestions and criticisms.
↳ 01001010listens@gmail.com
01001010 is offline   Reply With Quote
Old 01-21-2006, 12:56 PM   #4
Baseband Member
 
Join Date: Jan 2006
Posts: 58
Default Re: Help... please malware = bad

things have been removed now that i look at it i do not see alot of things i should see one off the top of my head is java related things... that is the full scan and file i redid the scan again. i do remove certian things like kazza. though but i wouldent remove things for java...
__________________
(\__/)
(='.'=)This is Bunny. Copy and paste bunny into your
(")_(")signature to help him gain world domination.i probably spelled taht wrong
C.S. is offline   Reply With Quote
Old 01-21-2006, 01:10 PM   #5
Daemon Poster
 
thebigdintx's Avatar
 
Join Date: Oct 2005
Posts: 1,272
Default Re: Help... please malware = bad

try starting your computer in safe mode, and running all your antivirus/antispyware applications while in safe mode......don't know if "C:\WINDOWS\system32\lsass.exe" has anything to do with the sasser worm...you may want to research that possibility.
__________________
Antec 300 Case, Intel Core 2 Quad Q9650 @ 3GHz, Gigabyte GA-EP43-UD3L, PNY 4GB PC6400 800MHz DDR2 RAM, XFX Radeon HD 5550 1GB DDR3 Ram, 1TB Western Digital Black 7200 32MB cache, 64-bit Windows 7 Ultimate SP1, Antec Earthwatts 500 Watts
thebigdintx is offline   Reply With Quote
Old 01-21-2006, 02:20 PM   #6
Baseband Member
 
Join Date: Jan 2006
Posts: 24
Default Re: Help... please malware = bad

lsass.exe is a critical Windows security program. It is not affiliated with the Sasser virus.

To the OP, you're HJT log is way too small as another poster said. Either you have a virus that's disabling all your standard processes, or you deleted too much from your log. Definitely reboot into SafeMode, and start recovery there. I'm not a huge fan of SafeMode as many, many hostile programs out there can now operate within SafeMode, but it's the best start. Run all your anti-virus, Ewido, Adaware, Spybot's, etc. Knock out as much as you can. Then reboot, run HJT, but don't delete anything and post the log.

Plus if you can get IE to work, let me know if you've actually been hijacked. You can also get that information in your IE Tools Internet Options.
MiniVanMan is offline   Reply With Quote
Old 01-21-2006, 03:12 PM   #7
Baseband Member
 
Join Date: Jan 2006
Posts: 58
Default Re: Help... please malware = bad

well so far i kasper waht ever has said i have 39 viruses it i think was just letting me know if you will... i have attached that file log here for you may be it will help its named crack.exe... i have already tried the samfe mode trick with trend micro it is not working.


the list of things gone wrong atm normaly i can get viruses but i have met my match with this package. gotta love the trojin dler

*edit* i cannot post the virus list if you think it will help i cna email the list to you.

i am going to go back to a restor eariler and ill try this again

*edit* the restor gave me back some of the little things but i feel there is still a problem... im going to do one more kasper scan to see
__________________
(\__/)
(='.'=)This is Bunny. Copy and paste bunny into your
(")_(")signature to help him gain world domination.i probably spelled taht wrong
C.S. is offline   Reply With Quote
Old 01-21-2006, 06:54 PM   #8
Baseband Member
 
Join Date: Jan 2006
Posts: 58
Default Re: Help... please malware = bad

well thank you i guess i jsut freaked... i have gotten a virus program to work and i manualy went threw and removed the threats any one recomend a program to use for malware and spyware? btw ie never was taken over it just messed with all sorts of setting it manafested itself mainly in my java folder and my temp folder. but now the files are gone and same goes for the ones assoiated wiht it.
__________________

__________________
(\__/)
(='.'=)This is Bunny. Copy and paste bunny into your
(")_(")signature to help him gain world domination.i probably spelled taht wrong
C.S. is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 01:52 AM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0