Virus

[navisangha]

hi,

I think my PC is infected with a virus as , when i connect to internet a error starts showing up saying "




Message from FROM to TO on 1/1/2006 4:13:16PM

STOP! WINDOWS REQUIRES IMMEDIATE ATTENTION

Windows has found 55 Critical Errors.

To fix

1. Download Registry Update from: www.fix-red.com( redfixit.com,fixnow.net)
2. Install Registry Update
3. Run Registry Update
4. Reboot your Computer

FAILURE TO ACT NOW MAY LEAD TO SYSTEM FAILURE!

"

Please help its urgent

3

 

[QwertyManiac]

Its a spyware/adware mostly.. d/l Spybot and run a scan. Also post a Hijack This Log here please

 

[navisangha]

Plz note Norton Antivirus was disabled by some virus, So i uninstalled it but entries are still there.



Logfile of HijackThis v1.99.1
Scan saved at 6:13:59 PM, on 1/1/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\Program Files\Intel\IDU\IDUServ.exe
E:\WINDOWS\System32\inetsrv\inetinfo.exe
E:\Program Files\Norton AntiVirus\navapsvc.exe
E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
E:\WINDOWS\Explorer.EXE
C:\PROGRA~1\UpsPilot\Winpower.exe
E:\WINDOWS\ALCFDRTM.EXE
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\ALCWZRD.EXE
E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
E:\Program Files\Intel\IDU\iptray.exe
E:\WINDOWS\System32\hkcmd.exe
E:\WINDOWS\System32\igfxpers.exe
C:\Program Files\AVPersonal\AVGNT.EXE
E:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE
C:\PROGRA~1\UpsPilot\hello21.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\cmd.exe
C:\Program Files\Opera\Opera.exe
E:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
D:\Program Files\Winamp3\winamp3.exe
D:\Program Files\Winamp3\winamp3.exe
E:\Documents and Settings\Singh\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DNS Resolve Support Dll - {4920E150-5D27-4B95-B60B-D68B78928441} - E:\WINDOWS\System32\dnscore.dll (file missing)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - E:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [AlcFDMonitor] E:\WINDOWS\ALCFDRTM.EXE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [CMPDPSRV] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
O4 - HKLM\..\Run: [ipTray.exe] "E:\Program Files\Intel\IDU\iptray.exe"
O4 - HKLM\..\Run: [igfxtray] E:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] E:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] E:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [DSS] E:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE
O4 - HKLM\..\RunServices: [Winpower] C:\Program Files\UpsPilot\Winpower.exe
O4 - HKCU\..\Run: [Yahoo! Pager] E:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - *www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - *www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D22D60D3-8B51-4F46-8667-210619B1AB8D}: NameServer = 202.56.230.5 202.56.230.6
O20 - Winlogon Notify: igfxcui - E:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Desktop Utilities Service (iHCService) - OSA Technologies, Inc. - E:\Program Files\Intel\IDU\IDUServ.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NT login service (ntlogin32) - Unknown owner - E:\WINDOWS\System32\libsys32.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Winpower - Zero G - C:\PROGRA~1\UpsPilot\Winpower.exe

 

[dIgItaL_BrAt]

This is the solution to ur problem--->*www.helpscreen.com.au/index.php?msgid=449855708&cid=7

 

[anandk]

amongst other things, u have been infected with a

virus : syslog32.exe; DONK.B or DONK.C or DONK.L or DONK.M or DONK.O VIRUSES!

spyware : DSSAgent by Brøderbund. it sends encrypted emails about the system back to the originators of the program.

suggest you boot is safe mode and run a good anti-virus (like avast/avg both freeware) and atleast 2 good anti-spys (ms anti-spy/spywaredoctor 3.1/lavasofts adaware, all freeware)

in case it doznt help, u cab use deletedoctor (www.discleaners.com) to delete E:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE and syslog32.exe files.

also use ccleaner (www.ccleaner.com) to keep ur pc clean.

too bad ur norton was crippled by some two-bit virus. but that doznt surprise me,really. ccleaner will also help u remove the uninstalled (!) nortons residual thrash.

 

[swatkat]

Download ShootTheMessenger and run it. Then disable the "Messenger Service" using it.


Download CCleaner and install it.


Next, boot in SAFE MODE.


Go to Start > Run and type services.msc and press ENTER. Here, navigate to the service named NT login service (ntlogin32) and right-click on it. Then click "Properties". Here, in the "Status" dialog box, select "Stop". Then, under "Startup type" dialog box, select "Disabled". Click "Apply" and then "OK".


Run HijackThis and click Do only a System scan.
Then put a check mark infront of below listed entries:-

O2 - BHO: DNS Resolve Support Dll - {4920E150-5D27-4B95-B60B-D68B78928441} - E:\WINDOWS\System32\dnscore.dll (file missing)
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O4 - HKLM\..\Run: [AlcFDMonitor] E:\WINDOWS\ALCFDRTM.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
O4 - HKLM\..\Run: [DSS] E:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE
O23 - Service: NT login service (ntlogin32) - Unknown owner - E:\WINDOWS\System32\libsys32.exe (file missing)

Close all other open programs except Hijackthis and click the button Fix Checked in HijackThis.


Exit from HijackThis. Delete these files:-
E:\WINDOWS\System32\libsys32.exe

And, Search for this file and delete it:
syslog32.exe

Delete these folders:-
E:\WINDOWS\BBSTORE


Run CCleaner, click "Options" button and here go to "Advanced" tab and uncheck the option "Only delete files in Windows Temp folder older than 48 hours". Click OK to exit from the Options. Finally click "Run Cleaner" and click "OK" to continue cleaning.


Reboot to Normal Mode. Run HijackThis again, click Do a System scan and save log, and post the fresh log.

 

[planetcall]

Go to Run
Type Services.msc
Look for Messenger Service
Disable it
Never Enable it.