User
Pass
2FA
 
 

Unidentified infection

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Freakz Forum Index -> Trash Bin -> Trash -> Software
Author Message4236
Exile the Ninja
[Banned user]

Banned


Status: Offline
(since 14-09-2009 21:50)
Joined: 10 Nov 2008
Posts: 121, Topics: 9
Location: Nu fumati.

Reputation: 35.2
Votes: 13

Post Posted: 29-01-2009, 12:59:15 | Translate post to: ... (Click for more languages)
Aseara am dat un scan , am avut aproximativ 3700 virusi , majoritatea arhivelor erau infectate, si detectau ceva JPG-Crack.exe

Azi , am vazut ca trimiteam mesaje pe messenger cu "
Exile the Ninja: lol ur so dumb http://ophywmntzrtew.info/s/pic18223.jpg_____.exe " (nu accesati linkul)

Am vazut ca apar niste fisiere care nu stiu ce sunt cu ele in C , se numesc 1030.exe , crim2.exe , dd22.exe , dd222.exe , ddial.exe , dl1a.exe , htp.exe , http.exee , ms.exe , ns2setup.exe , rhjbmu.exe , setup.ex , windows.exe
De asemenea , imi consuma 1.20 GB RAM , cu mozilla , winamp , lastfm , messener deschise.

Log HiJackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:53:49 PM, on 1/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\WTMKM.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\usbautotuner.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\winusbservice.exe
D:\Games\Steam\Steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Ex!le\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\HyperIM\HyperIM.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\usbservice.exe
C:\WINDOWS\system32\atwtusb.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\atwtusb.exe
C:\1030.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Ex!le\LOCALS~1\Temp\RarSFX0\Codec_v.1003.7.exe
C:\Documents and Settings\Ex!le\Application Data\_63fd2f06d67565c2c85360687013ea84\down\im001.exe
C:\Documents and Settings\Ex!le\Application Data\_63fd2f06d67565c2c85360687013ea84\down\chimera000.exe
C:\WINDOWS\System32\rs32net.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Ex!le\Application Data\_63fd2f06d67565c2c85360687013ea84\down\tp000.exe
C:\WINDOWS\System32\rs32net.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Last.fm\LastFM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.100/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [MacrokeyManager] WTMKM.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Microsoft USB Windows2 Driver] usbautotuner.exe
O4 - HKLM\..\Run: [Windows USB Automatic Service] winusbservice.exe
O4 - HKLM\..\Run: [*svchostBoot] "C:\Documents and Settings\Ex!le\Application Data\svchost.exe"
O4 - HKLM\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe
O4 - HKLM\..\Run: [Java Runtime Enviornment] C:\Documents and Settings\Ex!le\Application Data\_63fd2f06d67565c2c85360687013ea84\down\C:\Documents and Settings\Ex!le\Application Data\_63fd2f06d67565c2c85360687013ea84\down\chimera000.exe
O4 - HKLM\..\Run: [svchost32] C:\WINDOWS\scvhost32.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Steam] "D:\Games\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Ex!le\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [HyperIM] C:\Program Files\HyperIM\HyperIM.exe -min
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe
O4 - Startup: Need for Speed™ Undercover Registration.lnk = D:\Games\NFSU\Support\EAregister.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Usb Service 2.0 - Unknown owner - C:\WINDOWS\usbservice.exe
O23 - Service: WTService - Unknown owner - C:\WINDOWS\system32\atwtusb.exe

--
End of file - 8675 bytes

DAI!
0 0
  
Back to top
View user's profile Send private message
*0ranGe ! extrem

[I ❤ MY POLO!]



Status: Offline
(since 11-12-2017 12:06)
Joined: 01 Jul 2007
Posts: 11419, Topics: 191
Location: Romania

Reputation: 683.4
Votes: 117

   
Post Posted: 29-01-2009, 13:26:06 | Translate post to: ... (Click for more languages)
Pentru problema cu messenger, da-i un reinstall, ai avut un messenger cu virus incorporated, cauta altul si instaleaza-l. Verifica programele care le-ai instalat in ultimul timp, mi s-a intamplat si mie de la un simplu driver luat de pe net, un driver de sunet si imi apareau executabile in C si cand deschideam C antivirusul le gasea si stergea.


0 0
  
Back to top
View user's profile Send private message
Exile the Ninja
[Banned user]

Banned


Status: Offline
(since 14-09-2009 21:50)
Joined: 10 Nov 2008
Posts: 121, Topics: 9
Location: Nu fumati.

Reputation: 35.2
Votes: 13

Post Posted: 29-01-2009, 13:30:14 | Translate post to: ... (Click for more languages)
N-am avut probleme cu messengerul pana azi dimineata, desi o sa dau un reinstall. Antivirusul nu gaseste nimic neinregula cu fisierele din C. Am uitat sa spun ca apare si asta cand pornesc computerul (si mai tarziu)



DAI!
0 0
  
Back to top
View user's profile Send private message
*0ranGe ! extrem

[I ❤ MY POLO!]



Status: Offline
(since 11-12-2017 12:06)
Joined: 01 Jul 2007
Posts: 11419, Topics: 191
Location: Romania

Reputation: 683.4
Votes: 117

   
Post Posted: 29-01-2009, 13:33:14 | Translate post to: ... (Click for more languages)
Ei bine, m-am documentat putin de acel msas2009.exe si am gasit ca este un Malware.

Am gasit o chestie care te-ar putea ajuta sa scapi de el:

http://www.spywareremove.com/removemsas2009exe.html


0 0
  
Back to top
View user's profile Send private message

  Topic locked


Topic is closed, you cannot post any messages in it anymore


 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Freakz Forum Index -> Trash Bin -> Trash -> Software  


The time now is 03-12-2024, 08:31:49
Copyright info

Based on phpBB ro/com
B

 
  
 







I forgot my password


This message appears only once, so
like us now until it's too late ! :D x