sycopathman
join:2003-09-23
Abilene, TX | chat virus
My brother has a virus and it sends people in his msn list a file called naked drunk.pif does anyone know how to get rid of this virus? |
|
siggyx
Siggy
Premium
join:2003-12-10
Cambridge | »Security »I think my computer is infected or hijacked. What should I do? |
|
sycopathman
join:2003-09-23
Abilene, TX | this is the virus which infected the pc
»securityresponse.symantec.com/av···a.c.html |
|
redwolfe_98
join:2001-06-11
 ·RoadRunner Cable
| reply to sycopathman
if he has an antivirus program on his computer, he could update the malware-definitions and run the antivirus program, and maybe that will help..
if he doesn't have an antivirus program, he could download a free trial version of an antivirus program, and run that, or he could go to trend micro's housecall and run an online scan..
»housecall.antivirus.com/housecal···corp.asp
»store.ca.com/dr/v2/ec_Main.Entry···D=181491 |
|
sycopathman
join:2003-09-23
Abilene, TX
1 edit | he has avg but it didn't get it
He scaned the file but it said no virus found. |
|
sycopathman
join:2003-09-23
Abilene, TX | reply to redwolfe_98
also that trend micro's housecall didn't work never found it. |
|
sycopathman
join:2003-09-23
Abilene, TX | every virus scan i tired never found it even after being updated what should i do? |
|
jaykaykay
4 Ever Young
Premium,MVM
join:2000-04-13
Scottsdale, AZ
 ·Speakeasy
| Your answer was already given. »Security »I think my computer is infected or hijacked. What should I do? Try doing all the steps and posting after that with your HJT log. That may show something. |
|
sycopathman
join:2003-09-23
Abilene, TX | HJT? |
|
NanDog
The Pup Was Female, I'M Not
Premium
join:2003-12-28
Tacoma, WA
·Rainier Connect fr..
| said by sycopathman  :HJT? HijackThis is a program that examines your drive and registry and creates a log file of contents. Folks trained in HJT analysis can then help you clean up that box.
--
See ya across the Rainbow Bridge, my good and faithful friend! |
|
sycopathman
join:2003-09-23
Abilene, TX
| I know what hijack this is i just didn't know what HJT was
here are the results
Logfile of HijackThis v1.99.0
Scan saved at 2:50:57 PM, on 2/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Alex\Desktop\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »aimhome.netscape.com/aimhome.adp
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\K-Lite Codec Pack\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [update] winis.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [THGuard] C:\Program Files\TrojanHunter 4.1\THGuard.exe
O4 - HKLM\..\RunServices: [update] winis.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - »security.symantec.com/sscv6/Shar···niff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - »security.symantec.com/sscv6/Shar···absa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - »a840.g.akamai.net/7/840/537/2004···an53.cab
O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| This is most likely your worm:
Scan and fix these items with HijackThis (use the *fix checked button after checkmarking them.
O4 - HKLM\..\Run: [update] winis.exe
O4 - HKLM\..\RunServices: [update] winis.exe
Reboot the PC. Go here to scan the file:
winis.exe ---scan this file
Scan it here:
Jotti's malware scan 2.24
»virusscan.jotti.dhs.org/
Copy the results at the end and paste it back here please.
--
It takes a disaster to make a woman out of a female
Gladiator Security Forum
Proud Member of ASAP (Alliance of Security Analysis Professionals) |
|
sycopathman
join:2003-09-23
Abilene, TX
1 edit | i update norton antivirus and it found and fixed it.
Must of been a new worm when i first updated and scanned yesterday it never found it.
the worm was msnj.exe |
|
amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
·RoadRunner Cable
2 edits | said by sycopathman :i update norton antivirus and it found and fixed it. Must of been a new worm when i first updated and scanned yesterday it never found it. the worm was msnj.exe Did you upload the winis.exe file as CJ suggested above for scanning? Let us know what happened...
said by CalamityJane :This is most likely your worm: Scan and fix these items with HijackThis (use the *fix checked button after checkmarking them. O4 - HKLM\..\Run: [update] winis.exe O4 - HKLM\..\RunServices: [update] winis.exe Reboot the PC. Go here to scan the file: winis.exe ---scan this file Scan it here: Jotti's malware scan 2.24 » virusscan.jotti.dhs.org/Copy the results at the end and paste it back here please. :) |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
1 edit | reply to sycopathman
I think it's this one
»www.trendmicro.com/vinfo/virusen···&VSect=T
Perhaps dropped by this:
»www.trendmicro.com/vinfo/virusen···&VSect=T
But wanted to see a scan log to be sure. |
|
sycopathman
join:2003-09-23
Abilene, TX
1 edit | this is the worm he had
»New variant of Bropia worm is spreading.
when he first scanned it never found it but today it found it after update. |
|
amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
·RoadRunner Cable
| Symantec has released this removal tool dated Feb 3:
»securityresponse.symantec.com/av···ool.html
 |
|
