Virus

Status
Not open for further replies.
N

navisangha

Journeyman
hi,


Todaywhile searching for some keygens .. i knw its wrong , my pc got infected with virus...


Now windows explorer.exe shuts down... if i start it frm taskmanager it again shuts down restarting again and again this happens even in safe mode... plz tell me how to remove this virus or malware anythng?????


thanx
 
NucleusKore

NucleusKore

TheSaint
Download Ultimate Boot cd
Boot from it and scan with F-Prot or Mcafee bundled with it

I hope you've learnt your lesson
 
K

kpmsivachand

SivaChand
navisangha said:
hi,


Todaywhile searching for some keygens .. i knw its wrong , my pc got infected with virus...


Now windows explorer.exe shuts down... if i start it frm taskmanager it again shuts down restarting again and again this happens even in safe mode... plz tell me how to remove this virus or malware anythng?????


thanx
Click to expand...

Following the following registry keys:

Go run type "regedit.exe"

HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows NT\
CurrentVersion\ Winlogon > Shell give value as explorer.exe


If your registry access is disable then for enable type it in the run:

reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

Delete the virus entries in the startup navigate the following registry keys and delete the virus entries....

HKCU\software\microsoft\windows\currentversion\run
HKLM\software\microsoft\windows\currentversion\run
 
OP
N

navisangha

Journeyman
i didnt find any registry entries of virus... there i thnk it corrupted my explorer....
plz help..

Ya i hav learnt my lesson
 
ravi_9793

ravi_9793

TechTin.com
turn off system restore-->>restore windows XP to best know time.

After that do full system scan in safe mode.
 
OP
N

navisangha

Journeyman
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:11:20 PM, on 12/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
f:\Program Files\Dassault Systemes\B14\intel_a\code\bin\CATSysDemon.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Huawei\MT841\dslagent.exe
D:\Program Files\Executive Software\DiskeeperLite\DkService.exe
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
D:\Program Files\Softwin\BitDefender10\bdmcon.exe
D:\Program Files\Softwin\BitDefender10\bdagent.exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\WINDOWS\system32\tcpsvcs.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
D:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
D:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
D:\Program Files\Softwin\BitDefender10\vsserv.exe
D:\Program Files\Softwin\BitDefender10\bdlite.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Opera\Opera.exe
D:\Program Files\Hijackthis\HijackThis.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\imapi.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = *server.toolbar.rediff.com/toolbar/3.0/sidesearch.html?mode=toolbar
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {749EA47D-F0E5-4BC5-B64D-66947418718E} - D:\WINDOWS\system32\awtqp.dll
O2 - BHO: (no name) - {B285004D-6D02-4212-91FC-B8F47B68C254} - D:\WINDOWS\system32\jkkjghe.dll
O2 - BHO: (no name) - {CAD7D94E-6A4E-4EB5-B8CB-FE693E3C8489} - D:\WINDOWS\system32\audiode.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] D:\Program Files\Huawei\MT841\dslagent.exe
O4 - HKLM\..\Run: [igfxtray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AAWTray] D:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [BDMCon] "D:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "D:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [SpyHunter] D:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: WordWeb.lnk = D:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing)
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - D:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{5ADFC590-5D7C-4E17-98C3-AF62880F8E83}: NameServer = 218.248.240.79 218.248.240.135
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: jkkjghe - D:\WINDOWS\SYSTEM32\jkkjghe.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - f:\Program Files\Dassault Systemes\B14\intel_a\code\bin\CATSysDemon.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - D:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper Lite.lnk (Diskeeper) - Executive Software International, Inc. - D:\Program Files\Executive Software\DiskeeperLite\DkService.exe
O23 - Service: Intel(R) Desktop Utilities Service (iHCService) - OSA Technologies, Inc. - C:\Program Files\Intel\IDU\IDUServ.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - D:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - D:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - D:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 6026 bytes
 
Last edited:
OP
N

navisangha

Journeyman
ya didnt help.. plz help ... i tried avira it tried a trojan named Spy.Agent.AOS

it is .dll file keeps on changing names ... how do i remove it
 
K

kpmsivachand

SivaChand
navisangha said:
ya didnt help.. plz help ... i tried avira it tried a trojan named Spy.Agent.AOS

it is .dll file keeps on changing names ... how do i remove it
Click to expand...

Try Avast boot scan.... It will remove all threats in the booting itself....
 
Status
Not open for further replies.
Top Bottom