ashfahan
Broken In
hi
I have serious problem
I am using NOD32 AV, Comodo firewall, Trojanremover as protection.
My computer is infected with
C:\WINDOWS\system32\iifeffgG.dll - Win32/Adware.Virtumonde application - cleaned by deleting (after the next restart) - quarantined
C:\Documents and Settings\ashfahan\Local Settings\Temp\avi0.18.exe - Win32/Rbot trojan - cleaned by deleting - quarantined
These virus . Becose of them all my desktop icons and everything disappears.
They are cleaned by trojanremover and NOD32 but after some times they again enter.
I am using BSNL home 900+ plan.They enter when i am connected.
I can only use taskmanager during this time.
I also use demontool to mount images....
HELP PLEASE [-O<
HIJACK THIS LOG....
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:06:19 PM, on 4/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Paizhao.EXE
C:\WINDOWS\Recovery.EXE
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\uTorrent.exe
G:\softwares\safely remove\USBSafelyRemove.exe
C:\WINDOWS\Integrator.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\COMODO\Firewall\cfpupdat.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
F:\TOOLS\Most Important\Security\hijackthis\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
*server.toolbar.rediff.com/toolbar/3.0/sidesearch.html?mode=toolb
ar
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
*us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/**www.yahoo
.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
*us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/**www.yahoo
.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
*www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
Sujin.com.np
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: &Yahoo! Toolbar Helper -
{02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button -
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program
Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper -
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} -
C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar1.dll
O2 - BHO: (no name) - {B95633F9-5626-41FB-BB3C-2DF98CDCBD03} -
C:\WINDOWS\system32\vtUKCUop.dll
O2 - BHO: XBTBPos00 - {BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} - (no
file)
O2 - BHO: (no name) - {C05C63D8-A55F-4C33-B0C2-F8FD79C8C2AB} -
C:\WINDOWS\system32\fccbYspQ.dll
O2 - BHO: (no name) - {EE5A1465-1E73-4784-8F63-45983FDF0DB8} -
C:\WINDOWS\system32\iifeffgG.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\Paizhao.EXE
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Recovery.EXE
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC
Camera (ZC0301PLH)
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program
Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan
Remover\Trjscan.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32
Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [USB Safely Remove] G:\softwares\safely
remove\USBSafelyRemove.exe /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program
Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: AntiCrash.lnk = C:\Program Files\Dachshund
Software\AntiCrash\AntiCrash.exe
O4 - Startup: broadband.lnk = ?
O4 - Startup: Hare.lnk = C:\Program Files\Dachshund
Software\Hare\Hare.exe
O4 - Startup: Zoom.lnk = C:\Program Files\Dachshund
Software\Zoom\Zoom.exe
O8 - Extra context menu item: &Clean Traces - C:\Program
Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program
Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program
Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Rediff Toolbar -
{12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O9 - Extra 'Tools' menuitem: Rediff Toolbar -
{12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O9 - Extra button: Send to OneNote -
{2670000A-7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote -
{2670000A-7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services -
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program
Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: spslsp.dll
O10 - Unknown file in Winsock LSP: spslsp.dll
O10 - Unknown file in Winsock LSP: spslsp.dll
O10 - Unknown file in Winsock LSP: spslsp.dll
O10 - Unknown file in Winsock LSP: spslsp.dll
O10 - Unknown file in Winsock LSP: spslsp.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation
Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 -
HKLM\System\CCS\Services\Tcpip\..\{32E2468C-579B-488A-AA2E-A9785109B2AC
}: NameServer = 218.248.240.79 218.248.240.135
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD}
- C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: iifeffgG - C:\WINDOWS\SYSTEM32\iifeffgG.dll
O22 - SharedTaskScheduler: Browseui preloader -
{438755C2-A8BA-11D1-B96B-00A0C90312E1} -
C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon -
{8C7461EF-2B13-11d2-BE35-3078302C2030} -
C:\WINDOWS\system32\browseui.dll
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO -
C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program
Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET
NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program
Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common
Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 7544 bytes
I have serious problem
I am using NOD32 AV, Comodo firewall, Trojanremover as protection.
My computer is infected with
C:\WINDOWS\system32\iifeffgG.dll - Win32/Adware.Virtumonde application - cleaned by deleting (after the next restart) - quarantined
C:\Documents and Settings\ashfahan\Local Settings\Temp\avi0.18.exe - Win32/Rbot trojan - cleaned by deleting - quarantined
These virus . Becose of them all my desktop icons and everything disappears.
They are cleaned by trojanremover and NOD32 but after some times they again enter.
I am using BSNL home 900+ plan.They enter when i am connected.
I can only use taskmanager during this time.
I also use demontool to mount images....
HELP PLEASE [-O<
HIJACK THIS LOG....
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:06:19 PM, on 4/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Paizhao.EXE
C:\WINDOWS\Recovery.EXE
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\uTorrent.exe
G:\softwares\safely remove\USBSafelyRemove.exe
C:\WINDOWS\Integrator.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\COMODO\Firewall\cfpupdat.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
F:\TOOLS\Most Important\Security\hijackthis\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
*server.toolbar.rediff.com/toolbar/3.0/sidesearch.html?mode=toolb
ar
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
*us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/**www.yahoo
.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
*us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/**www.yahoo
.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
*www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =
Sujin.com.np
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: &Yahoo! Toolbar Helper -
{02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button -
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program
Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper -
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} -
C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar1.dll
O2 - BHO: (no name) - {B95633F9-5626-41FB-BB3C-2DF98CDCBD03} -
C:\WINDOWS\system32\vtUKCUop.dll
O2 - BHO: XBTBPos00 - {BBBE1C1A-89F7-4AF6-ABD1-F8FBCFA47408} - (no
file)
O2 - BHO: (no name) - {C05C63D8-A55F-4C33-B0C2-F8FD79C8C2AB} -
C:\WINDOWS\system32\fccbYspQ.dll
O2 - BHO: (no name) - {EE5A1465-1E73-4784-8F63-45983FDF0DB8} -
C:\WINDOWS\system32\iifeffgG.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\Paizhao.EXE
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Recovery.EXE
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC
Camera (ZC0301PLH)
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program
Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan
Remover\Trjscan.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32
Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [USB Safely Remove] G:\softwares\safely
remove\USBSafelyRemove.exe /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program
Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: AntiCrash.lnk = C:\Program Files\Dachshund
Software\AntiCrash\AntiCrash.exe
O4 - Startup: broadband.lnk = ?
O4 - Startup: Hare.lnk = C:\Program Files\Dachshund
Software\Hare\Hare.exe
O4 - Startup: Zoom.lnk = C:\Program Files\Dachshund
Software\Zoom\Zoom.exe
O8 - Extra context menu item: &Clean Traces - C:\Program
Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program
Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program
Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Rediff Toolbar -
{12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O9 - Extra 'Tools' menuitem: Rediff Toolbar -
{12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O9 - Extra button: Send to OneNote -
{2670000A-7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote -
{2670000A-7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services -
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program
Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: spslsp.dll
O10 - Unknown file in Winsock LSP: spslsp.dll
O10 - Unknown file in Winsock LSP: spslsp.dll
O10 - Unknown file in Winsock LSP: spslsp.dll
O10 - Unknown file in Winsock LSP: spslsp.dll
O10 - Unknown file in Winsock LSP: spslsp.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation
Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 -
HKLM\System\CCS\Services\Tcpip\..\{32E2468C-579B-488A-AA2E-A9785109B2AC
}: NameServer = 218.248.240.79 218.248.240.135
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD}
- C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: iifeffgG - C:\WINDOWS\SYSTEM32\iifeffgG.dll
O22 - SharedTaskScheduler: Browseui preloader -
{438755C2-A8BA-11D1-B96B-00A0C90312E1} -
C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon -
{8C7461EF-2B13-11d2-BE35-3078302C2030} -
C:\WINDOWS\system32\browseui.dll
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO -
C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program
Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET
NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program
Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common
Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 7544 bytes