Results 1 to 8 of 8

Thread: yet another virus...

  1. #1
    Diego Quality rockmanj's Avatar
    Join Date
    Jul 2003
    Location
    Lovin' On the Run
    Posts
    2,959

    yet another virus...

    Apparently my PC has gotten another virus, even though I play it safe. Its that autorun.inf thing, i think. I tried to delete it using the command prompt, but that didnt work, since for some reason, I can't change directories. Can anyone help me with this? my antivirus program isnt doing jack shit but alerting me to having a virus.

    here's my report from SDfix:

    SDFix: Version 1.142

    Run by Sq on Fri 02/15/2008 at 03:19 PM

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...


    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\Documents and Settings\Sq\Local Settings\Temp\aax2CE.tmp.exe - Deleted
    C:\autorun.inf - Deleted





    Removing Temp Files...

    ADS Check:



    Final Check:

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-15 15:27:59
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...


    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 4


    Remaining Services:
    ------------------



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
    "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
    "C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\ \Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Ena bled:Yahoo! Messenger"
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Progra m Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Ya hoo! FT Server"
    "C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
    "C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\PPMate\\ppmate.exe"="C:\\Program Files\\PPMate\\ppmate.exe:*:Enabled:PPMate"
    "C:\\Program Files\\PPMate\\ppamnet.exe"="C:\\Program Files\\PPMate\\ppamnet.exe:*:Enabled:PPMate"
    "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:ęTorrent"
    "C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVUPlaye r Component"
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    Remaining Files:
    ---------------

    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    Sat 12 Jan 2008 115,937 ..SHR --- "C:\ek.com"
    Sat 12 Jan 2008 115,937 ..SHR --- "C:\WINDOWS\system32\kavo.exe"
    Fri 15 Feb 2008 96,768 ..SHR --- "C:\WINDOWS\system32\kavo0.dll"
    Wed 3 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

    Finished!

    but the autorun.inf is still there! Is it possible that it didnt remove the one on my HDD?
    Last edited by rockmanj; Fri, 02-15-2008 at 01:42 AM.

  2. #2
    Awesome user with default custom title itadakimasu's Avatar
    Join Date
    Feb 2007
    Location
    Ebay
    Age
    41
    Posts
    1,612
    less porn = less virus

  3. #3
    Banned darkshadow's Avatar
    Join Date
    Apr 2005
    Location
    Phantom Zone
    Age
    39
    Posts
    4,117
    this virus, is a trojan i think, its been circulating a lot recently, some of my friends got it too. this autorun, wants to start some exe IN THE SAME DIR, which is mostly root.

    In my friends case it was called wupdmgr.exe, or something along the lines.

    Just download an antivirus app, like avast, check your c:/ d:/ g:/... etc... for the autorun and the exe, delete those manually, run avast to check the drives, best way is to just right click on the drive and click "scan".

    This should take care of it, if it doesnt, check your windows/system32 for anything weird, like kvkjc.exe or something, if you are unsure screenshot it, if you are sure its bogus, just delete it.
    -----------------

  4. #4
    Graphics Whore Phoenix20578's Avatar
    Join Date
    Aug 2005
    Location
    Jersey
    Age
    37
    Posts
    1,879
    I agree with above. Sounds like the best course of action. If you have XP, you cant go wrong with Avast.

    You caught a pretty bad trojan to. It looks like it went into every program you have.


    For all you awesome people, it's just Phoenix. The numbers are just the amount of times people misspell it.

  5. #5
    Diego Quality rockmanj's Avatar
    Join Date
    Jul 2003
    Location
    Lovin' On the Run
    Posts
    2,959
    Actually, I mainly use avast, and have for quite a while. I hasn't really helped all that much.

  6. #6
    Banned darkshadow's Avatar
    Join Date
    Apr 2005
    Location
    Phantom Zone
    Age
    39
    Posts
    4,117
    did you actually scan the drives? its not gonna scan out of itself you know
    -----------------

  7. #7
    Family Friendly Mascot Buffalobiian's Avatar
    Join Date
    Sep 2006
    Location
    Amaburi
    Age
    34
    Posts
    18,833
    Try using Kaspersky's online virus scanner to pick up all the infected files and the name of the infection, then try some manual removal methods for the infection on McAfee or Norton's database.

    http://www.kaspersky.com/virusscanner

  8. #8
    If it's still a problem (maybe you've solved it by now), go to http://forums.majorgeeks.com/forumdisplay.php?f=35 and read the stickies, then post with the information the stickies prompt you for. Please note, they're really sticklers for the stickies (no pun intended). If you leave something out, most of them will ignore you post or redirect you to the stickies.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •