A Number of files I believe are probably viruses...

Status
Not open for further replies.
R

Rich18144

Solid State Member
Messages
8
Could you guys confirm if these files are viruses (tried looking in process libraries...) and if so how to remove them (used AVG Anti-Virus & Ad-Aware SE so far..)


  • iiqszwlmfnd.exe (Called Aurora or Buddy by computer)
    getst.exe
    qvedetd.exe
    SECURITY.EXE (Stored in an irregular place, not like a official program)
    istvc.exe
    aslgvzo.exe
    upnchat.exe
    SVCHOST.EXE (Doesn't seem to be Standard Windows svchost.exe)
    unllt.exe
 
The HijackThis Log is in transit, but it seems to me that the files I have added here arent listed on the log, I may be mistaken, so I'll put the Log here & in the Hijack Log part of the forum one i have it.
 
Here is the HijackThis file I mentioned earlier...Any ideas??
 

Attachments

  • hijackthis.txt
    6.5 KB · Views: 34
Hi Rich18144


Please print out the instructions here (or save it in Notepad) so that you can follow along more easily.

Download Ewido Security Suite at http://www.ewido.net/en/download/ and install it. Update to the newest definitions. If you have trouble updating, you may do it manually at http://www.ewido.net/en/download/updates/ Do NOT the Ewido scan yet.

Please download Nailfix at http://www.noidea.us/easyfile/file.php?download=20050515010747824 Unzip it to the desktop but do NOT run it yet.

Reboot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.

Once in Safe Mode, please double-click on nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Next run a full scan in Ewido. Save the log from the Ewido scan so that you can post it later.

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O2 - BHO: IEsearch.clsIESpy - {4508E20C-ACAD-11D2-9FC0-00550076E06F} - c:\progra~1\2search\plugin.dll
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765728274} - C:\WINDOWS\System32\wer8274.dll (file missing)

O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{8F0C6EF2-15A1-4018-A35F-BAE84C3A7A60}\SVCHOST.EXE
O4 - HKLM\..\Run: [uwpvjpa] c:\windows\system32\knkxez.exe
O4 - HKLM\..\Run: [vhhfufk] c:\windows\system32\crikjvw.exe
O4 - Global Startup: BTTray.lnk = ?

O16 - DPF: {20048BB3-DB68-11CF-9CAF-00AA006CB425} (007installer Control) - http://download.007guard.com/msnnames/msnnames.cab
O16 - DPF: {8FACB588-4A4B-46C1-807B-1F08D0AC7592} (eTours Control) - http://www.360etours.net/tours/activex/eTours.ocx

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe


Close all open windows except for HijackThis and click Fix Checked.

Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:

folders...

c:\progra~1\2search
C:\WINDOWS\System32\Services

files...

C:\WINDOWS\Nail.exe
c:\windows\system32\knkxez.exe
c:\windows\system32\crikjvw.exe
C:\WINDOWS\svcproc.exe




Restart your computer.

Download FindIt's.zip http://forums.net-integration.net/index.php?act=Attach&type=post&id=142443 to your desktop.

1. Unzip/extract the files inside to a folder on your desktop.
2. Open the folder. Double click on FindIt's.bat and wait for Notepad to open a text file. It will take a while so please be patient... Note: If you are having problems using FindIt's.bat (16 bit error), copy autoexec.nt from the C:\WINDOWS\repair folder to C:\WINDOWS\system32 folder. Now try running FindIt's.bat.
3. Then post the results here along with the new HijackThis log. Also post the Ewido scan results here.

Lobos
 
Woah! Thanks Lobos! Thanks for the time you spent writing and thinking about this post!

I'm just printing your recommendations now, I'll post a little later when I have been through them!!

Again, Wow!

Rich18144
 
Ok! After following your instructions the following occured...

1. No Log File for Ewido...No idea where that went

2. On the HijackThis Log file i was missing the following files:

  • O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{8F0C6EF2-15A1-4018-A35F-BAE84C3A7A60}\SVCHOST.EXE
  • O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
    [/list=a]

    3. On the Deleting items these werent here also:
    • C:\WINDOWS\Nail.exe
    • c:\windows\system32\knkxez.exe
    • c:\windows\system32\crikjvw.exe
    • C:\WINDOWS\svcproc.exe
      [/list=a]

      Log File for HijackThis and Find-It attached!!
 

Attachments

  • find-it log file.txt
    1.8 KB · Views: 30
Download KillBox http://www.greyknight17.com/spy/KillBox.exe. Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. Now Copy and paste each of the following into KillBox (hitting the X button for each file - choose NO when it asks if you want to reboot):

C:\WINDOWS\System32\2SEARCH.EXE
C:\WINDOWS\System32\EGZCKNL.EXE


when you enter the last one and it asks if you want to reboot choose YES

Reboot post your hijack this log and let me know how your computer is running


Lobos
 
Status
Not open for further replies.

Similar threads

S
Psychos 'R' Us: A genuine tale of stalking!
Replies
2
Views
2K
Scissorman
S
I
After a bad virus attack I have these concerns.Help!
2
Replies
11
Views
5K
carnageX
carnageX
A
Fast photo viewer for large picture files
Replies
2
Views
1K
root
root
R
torrents are not downloading so need help.
Replies
0
Views
1K
rupeshforu3
R
AMD_man
Read it! They got to CCleaner too
Replies
0
Views
2K
AMD_man
AMD_man
Back
Top Bottom