Goku Posted June 20, 2008 Posted June 20, 2008 Well, it seems that I have got infected. Yesterday, during my scheduled scan in Avira, it found a Trojan but was unable to remove it for some reason. I tried again on boot but Avira was still unable to remove it. The file shows in the log too. I cannot download anything unless its a *.zip file so please post any recommended removal tools as attachments. I would find a tool myself but I am unable to search for anything for now. ----------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:23:16 PM, on 6/20/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe D:\Downloads\Avira AntiVir Removal Tool 3.0.1.16.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Downloads\HijackThis 2.0.2 (Executable).exe O2 - BHO: (no name) - {53C5DF30-5878-4596-8498-D4B59957776B} - C:\WINDOWS\system32\fccdecDw.dll O2 - BHO: (no name) - {BE7E4CE1-8CBA-44A6-956F-462A667D3286} - C:\WINDOWS\system32\urqQiFWP.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [bMcf834d5e] Rundll32.exe "C:\WINDOWS\system32\nrirnwiw.dll",s O20 - Winlogon Notify: urqQiFWP - C:\WINDOWS\SYSTEM32\urqQiFWP.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- End of file - 1785 bytes -------------------------------------------------------------------------- Let me know if it can be cured or not as I am already due for a format. Also, as far as possible, please try and recommend some procedures which are not so CPU extensive as I have very low System Specifications. Thanks for any help that might be given. :) -- Goku Quote
maynardvdm Posted June 20, 2008 Posted June 20, 2008 (edited) Have you run the scans in the malware sticky? It looks like a Vundo infection, but i'll let Seth handle this one. Edited June 20, 2008 by maynardvdm Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs. RaidMax Smilodon Gaming Case | Gigabyte Z77X-UD5H M/B | Intel Core i5 3570K @ 3.4GHz | 8GB Corsair RAM | Nvidia GTX550 Ti 1GB GDDR5 | Corsair 800w PSU Register for FREE >>here<< | If we have helped you, please consider a donation >>here<< SAS | MBAM | WinPatrol | Avira | ERUNT | Nvidia Drivers http://i285.photobucket.com/albums/ll57/mjsmileys/userbarnew4sec.gif
Guest Wolfeymole Posted June 20, 2008 Posted June 20, 2008 Are you sure that's the full log Goku, there doesn't seem to be hardly any programs listed? Quote
Goku Posted June 20, 2008 Author Posted June 20, 2008 Have you run the scans in the malware sticky? It looks like a Vundo infection, but i'll let Seth handle this one. Unfortunately, I can't download anything Maynard and therefore I am not in a state to run Malwarebytes or SUPERAntiSpyware. Can you just verify if a simpler tool will be able to remove it or better yet, if a format will remove it. As I said, I am already due for a format and therefore shall do it if needed. :) -- Goku Quote
Goku Posted June 20, 2008 Author Posted June 20, 2008 Are you sure that's the full log Goku, there doesn't seem to be hardly any programs listed? Yes Wolfey, that is the complete log and that too in Normal mode. As I said, I have very low System Specifications and cannot afford to run many programs. I will be happy enough to run more when I have a computer with higher specifications. :) -- Goku Quote
Goku Posted June 20, 2008 Author Posted June 20, 2008 Exactly what are the specs Goku? Intel Pentium III 551 MHz Processor, 128 MB RAM, Microsoft Windows XP Professional, Version 2002, Service Pack 3, 18.6 GB Hard Drive. I know its not much but I am striving hard for a new computer and should be able to get a new one in some time. :) -- Goku Quote
Guest Wolfeymole Posted June 20, 2008 Posted June 20, 2008 XP will take it's toll on those specs Goku I have to agree but you should still be able to obtain the programs listed in the Malware sticky. I would refrain from making partitions also Goku. Quote
RandyL Posted June 20, 2008 Posted June 20, 2008 Hi Goku; Can you download SuperAntiSpyware and MalwareBytes from another computer? If so burn it to disk along with the updates for them. Then install on your computer and run the scans. SAS updates. Malwarebytes updates. Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
RandyL Posted June 20, 2008 Posted June 20, 2008 In addition to my last post I have two more questions. What was the name of the trojan Antivir found? Can you just not save downloaded files if they are not zip? I'm asking because I want to know if you can download, run and install the eset files as they don't need to be saved but can be run from the download itself. Note the ActiveX component. If you can do that as well as download SAS and Malwarebytes and the updates on another computer then burn to disk you should be able to install all three programs. For that matter can you Run the SAS and Malwarebytes downloads instead of saving? Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
Goku Posted June 20, 2008 Author Posted June 20, 2008 Sorry for the inconvenience all as I just did a reformat and am back. Completed all within an hour with all the drivers. The machine is running smoothly now. Here is a new log which I believe is cleaner than the last one. :) --------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:59:52 PM, on 6/20/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Downloads\HijackThis 2.0.2 (Executable).exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- End of file - 1321 bytes ------------------------------------------------------------------------------------- Sorry for putting you on your heels. By the way, Randy, I could not save any file because after I would click on Save, the file would disappear and no matter how many times I downloaded it, the Trojan would always delete it. Anyways, as I said, a reformat solved it. Thank you all for your help. :) -- Goku Quote
maynardvdm Posted June 20, 2008 Posted June 20, 2008 Yes. Even i can say the log is clean :) Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs. RaidMax Smilodon Gaming Case | Gigabyte Z77X-UD5H M/B | Intel Core i5 3570K @ 3.4GHz | 8GB Corsair RAM | Nvidia GTX550 Ti 1GB GDDR5 | Corsair 800w PSU Register for FREE >>here<< | If we have helped you, please consider a donation >>here<< SAS | MBAM | WinPatrol | Avira | ERUNT | Nvidia Drivers http://i285.photobucket.com/albums/ll57/mjsmileys/userbarnew4sec.gif
Goku Posted August 2, 2008 Author Posted August 2, 2008 This thread appears to be solved and is now closed If you are the original poster of this thread and need it re-opened, then please PM (Private Message) an Administrator or Moderator -- Goku Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.