Fanatic4Christ
Daemon Poster
- Messages
- 1,351
well... i got a virus... removed it... now my google chrome or internet exlporer won't work...firefox works... here's a log of hijack this... any ideas?
the virus was some fake scanner virus... it was named by malwarebytes as "Trojan/Fake.Alert"
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:21:56 PM, on 1/5/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\IFXTCS.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Avira\AntiVir Desktop\sched.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\Rundll32.exe
F:\Program Files\Microsoft IntelliType Pro\itype.exe
F:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
F:\WINDOWS\system32\RunDll32.exe
F:\Program Files\Avira\AntiVir Desktop\avgnt.exe
F:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
F:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
F:\Program Files\Avira\AntiVir Desktop\avguard.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
F:\WINDOWS\system32\IFXSPMGT.exe
F:\Program Files\iolo\common\lib\ioloServiceManager.exe
F:\PROGRA~1\AVG\AVG8\avgrsx.exe
F:\PROGRA~1\AVG\AVG8\avgnsx.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Microsoft ActiveSync\wcescomm.exe
F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
F:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\Program Files\CDBurnerXP\NMSAccessU.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
F:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
F:\WINDOWS\system32\PnkBstrA.exe
F:\WINDOWS\system32\PnkBstrB.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Viewpoint\Common\ViewpointService.exe
F:\PROGRA~1\AVG\AVG8\avgemc.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
F:\Program Files\AVG\AVG8\avgcsrvx.exe
F:\WINDOWS\system32\wscntfy.exe
F:\WINDOWS\system32\msiexec.exe
F:\WINDOWS\System32\alg.exe
F:\WINDOWS\system32\MsiExec.exe
F:\Program Files\iolo\System Mechanic Professional\SMTrayNotify.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe
F:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
the virus was some fake scanner virus... it was named by malwarebytes as "Trojan/Fake.Alert"
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:21:56 PM, on 1/5/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\IFXTCS.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Avira\AntiVir Desktop\sched.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\Rundll32.exe
F:\Program Files\Microsoft IntelliType Pro\itype.exe
F:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
F:\WINDOWS\system32\RunDll32.exe
F:\Program Files\Avira\AntiVir Desktop\avgnt.exe
F:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
F:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
F:\Program Files\Avira\AntiVir Desktop\avguard.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
F:\WINDOWS\system32\IFXSPMGT.exe
F:\Program Files\iolo\common\lib\ioloServiceManager.exe
F:\PROGRA~1\AVG\AVG8\avgrsx.exe
F:\PROGRA~1\AVG\AVG8\avgnsx.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Microsoft ActiveSync\wcescomm.exe
F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
F:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\Program Files\CDBurnerXP\NMSAccessU.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
F:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
F:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
F:\WINDOWS\system32\PnkBstrA.exe
F:\WINDOWS\system32\PnkBstrB.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Viewpoint\Common\ViewpointService.exe
F:\PROGRA~1\AVG\AVG8\avgemc.exe
F:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
F:\Program Files\AVG\AVG8\avgcsrvx.exe
F:\WINDOWS\system32\wscntfy.exe
F:\WINDOWS\system32\msiexec.exe
F:\WINDOWS\System32\alg.exe
F:\WINDOWS\system32\MsiExec.exe
F:\Program Files\iolo\System Mechanic Professional\SMTrayNotify.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe
F:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll