A deadly virus

[pritish_kul2]

Hey i think i got a virus on my pc,...... the logon screen of windows xp which usually comes is not coming instead the 98-ishstyle logon box is comin' and then the icons load afta 2-3mins....i can't access my task manager also...

MY HIJACKTHIS REPORT
Logfile of HijackThis v1.99.1
Scan saved at 18:49:31, on 25/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\IA\command.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = *www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = *www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: taskmgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC2ECD96-2152-4826-A855-1BB0A1C6147F}: NameServer = 59.179.243.70,203.94.243.70
O17 - HKLM\System\CCS\Services\Tcpip\..\{E53127E8-671E-473D-A682-6D442036C614}: NameServer = 203.94.243.70,203.94.227.70
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

 

[The_Devil_Himself]

C:\WINDOWS\IA\command.exe

C:\Program Files\Network Monitor\netmon.exe


C:\Documents and Settings\All Users\Start Menu\Programs\Startup\taskmgr.exe

sounds like viruses to me.Use avast's boot time scanning if you have avast.

 

[cool_techie_tvm]

Ahh...norton at its best

Friend, u have been infected by smitfraud trojan. Google for smitfraud removal tool.

 

[vaibhavtek]

AVG is the best.
Norton slows PC

 

[anandk]

auto-analysing it at www.hijackthis.de shows that yr pc is infected.

C:\WINDOWS\IA\command.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\taskmgr.exe

are indeed malware. if inspite of having norton, yr pc has got infected, maybe you'd like to do a re-think about it. should u choose to and wish to uninstall norton, make sure u download and use the norton uninstaller.

kaspersky av or a boot-time scan of avast will help remove the infection.

alternatively download and use delete doctor from www.diskcleaners.com to delete the 3 malware files on boot. then after the re-boot, run freeware ccleaner to clean registry.

 

[choudang]

Use kaspersky....

 

[cool_techie_tvm]

@pritish_kul2 Did u remove the said trojan from your pc ?

 

[pritish_kul2]

yss bt the virus is still der and now i am also being bombarded by antivirus downloadsss

 

[Saharika]

dont know how to get rid of virus....
norton...
well the newer virus are never detected and cleaned by norton ..it seems that virus writers always target norton first

kaspersky....
directly it makes computer too slow...
indirectly ..the activation key fails after one months ..and its says it is not valid copy ..and so on
offline update not so good

nod 32 ....
it doesnt detect some virus ..and when the computer is infected and the virus is installed it normally doesnt work for real virus....and leaves clue less...
and it shows some real programs as virus ..for eg in one computer it was showing apache as virus and stopping it...
offline update ...works some where ..some where not...

avg...
doesnt detect many virus...
offline update easy....
is very hungry ..you date next day it says your av is out of date..
pro version gives message it is not valid one...

avira....
update is too slow....
have not tested much...

so dont know what to do with these ....virus...

especially when the computer is already infected..the av sometimes goes crazy...

 

[vaibhavtek]

ur explanation says that all antivirus r not good then which is good..??
No one it is immposible.
I use AVG and it detect many virus and kill them however if a great deadly virus attack pritish_kul2 u need to format ur drive...

 

[Saharika]

ur explanation says that all antivirus r not good then which is good..??
No one it is immposible.
I use AVG and it detect many virus and kill them however if a great deadly virus attack pritish_kul2 u need to format ur drive...

well i donot recommend any av...as non has been upto the mark...
i can name the virus ...for each av and even the problem with each av detailly if anybody need...
(av are the best fren..but ..even after the av installation there always remain a doubt is my computer infected...?)
once i use to have macafee ..i used to update it eevery day..and i use to think my comp was totally virus free
(ok hackers attack..lets forget for now)

but when i transferred file to another computer with avg...it showed some viruses in the pendrive and file..(taken from my computer)
so ..macfaee out...

avg
well as i say there is license problem
another ...when the computer is already infected one cannot install it...with many virus ...
chernovyl was one the virus which avg dectected was unable to cure...

some more are there...

any way av are friend..but i think none of them are perfect ...for now..

 

[pritish_kul2]

Thanks saharika and others for ur valuable suggestions......so the conclusion comes out tht i m gonna format the drive afta my xamz get over..THREAD CLOSED>>NO MORE REPLIES

 

[The_Devil_Himself]

just one more repliy hehe.

Dude get rid of nortan antivirus get yourself avast home edition,its free and updates are very small sizes(comes twice daily or so),and the best part is boot time scanning-it just works everytime for me.Um...thats it Thread closed.