PDA

View Full Version : Help me please

JamisonGolf
February 16th, 2005, 01:23 AM
I am having a lot of problems with my sytem. I recently had to reformat my harddrive. :( Now I am having difficulties accessing microsoft updates to get the critical patches and updates. I have also accumulated several trojans which I am unable to remove. I have tried to remove them with AVG, spybot, ad-aware, and cwshredder but nothing seems to work. Here is a list of the trojans that are on my system from AVG:

"C:\_RESTORE\TEMP\A0000452.CPY","Trojan horse Dropper.Small.9.AQ","Infected"
"C:\_RESTORE\TEMP\A0000466.CPY","Trojan horse Startpage.14.E","Infected"
"C:\_RESTORE\TEMP\A0000468.CPY","Trojan horse Downloader.Small.6.AE","Infected"
"C:\_RESTORE\TEMP\A0000483.CPY","Trojan horse Downloader.Agent.6.A","Infected"
"C:\_RESTORE\TEMP\A0000625.CPY","Trojan horse Downloader.Small.19.AB","Infected"
"C:\_RESTORE\TEMP\A0000627.CPY","Trojan horse Downloader.Small.19.AB","Infected"
"C:\_RESTORE\TEMP\A0000629.CPY","Trojan horse Downloader.Small.19.AB","Infected"
"C:\_RESTORE\TEMP\A0000631.CPY","Trojan horse Dropper.Agent.2.BS","Infected"
"C:\_RESTORE\TEMP\A0000633.CPY","Trojan horse Dropper.Small.9.AQ","Infected"
"C:\_RESTORE\TEMP\A0000635.CPY","Trojan horse Dropper.Small.9.AQ","Infected"



Here also is my Hijackthis file:

Logfile of HijackThis v1.98.2
Scan saved at 6:33:22 PM, on 2/17/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\TEMP\TD_0007.DIR\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://clearsurfing.net/srch.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Name - {E9AD4CB5-453D-4905-A59A-4D4E0CAFE09B} - C:\WINDOWS\SYSTEM\MSCTQ.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: FreshBar - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - C:\WINDOWS\SYSTEM\IESP2.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [GDRIVE] C:\IBMTOOLS\IBMBOOT\GDRIVE.EXE -N
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [Srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [Srv32 spool service] C:\WINDOWS\System\spoolsrv32.exe
O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.188.180,195.225.176.31
O18 - Filter: tϠ5TR - {6CECD78E-2813-4836-8BF9-A514C44136D3} - C:\WINDOWS\SYSTEM\QWSXP.DLL


Can anyone help me?
degsy
February 16th, 2005, 03:23 AM
The virus is in your System Restore folder.

See here on how to disable (clear) the System Restore
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001012513122239?OpenDocument&src=sec_doc_nam
Psy
February 17th, 2005, 12:18 AM
search google.com for Avast! antivirus:

this company has apparently been making military-grade antivirus software for 12 years!

this should fix your problems... oh, and there is a free version available too.