Aller au contenu principal

TheMatrixHasYou

Commentaires

8 commentaires

  • Support

    Hi Sean, welcome!

     

    Create a HijackThis log and post it back here.

     

    Here's how:

     

    Instructions on creating a HijackThis Log

    http://www.lavasoftsupport.com/index.php?showtopic=216

    0
  • Customer

    I downloaded Ewido and updated it. Rebooted into Safe Mode and scanned using it. Ewido would have a problem and need to be closed after scanning 47.6% every time. I tried it 3 different times and the same thing kept happening. What should I do?

    0
  • Customer

    Logfile of HijackThis v1.99.1

    Scan saved at 5:32:43 PM, on 6/11/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\smss.exe

    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Common Files\AOL\1136554450\ee\AOLSoftware.exe

    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

    C:\WINDOWS\system32\Rundll32.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

    C:\Program Files\Lexmark 7100 Series\lxbxmon.exe

    C:\Program Files\Lexmark 7100 Series\ezprint.exe

    C:\WINDOWS\system32\kernels8.exe

    C:\WINDOWS\system32\dxvwzjmq.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe

    C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\WINDOWS\system32\lxbxcoms.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe

    C:\DOCUME~1\SEANPI~1\LOCALS~1\Temp\22494\explorer.exe

    C:\WINDOWS\system32\0mcamcap.exe

    C:\WINDOWS\system32\TheMatrixHasYou.exe

    C:\WINDOWS\system32\dxvwufrp.exe

    C:\WINDOWS\system32\dxvwycjn.exe

    c:\program files\common files\aol\1136554450\ee\aim6.exe

    C:\WINDOWS\system32\dxvwwddq.exe

    C:\WINDOWS\system32\dxvwpalk.exe

    C:\WINDOWS\system32\dxvwfpli.exe

    C:\Documents and Settings\Sean Pierce\Desktop\HijackThis\HijackThis.exe

     

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://127.0.0.1:80

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136554450\ee\AOLSoftware.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

    O4 - HKLM\..\Run: [panel_its] sound64.exe

    O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

    O4 - HKLM\..\Run: [WUSB54GS] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe

    O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16

    O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"

    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"

    O4 - HKLM\..\Run: [system] C:\WINDOWS\system32\kernels8.exe

    O4 - HKLM\..\Run: [DCOM Server] C:\WINDOWS\system32\dxvwfpli.exe

    O4 - HKLM\..\Run: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe

    O4 - HKLM\..\RunServices: [systemTools] C:\WINDOWS\system32\kernels8.exe

    O4 - HKLM\..\RunServices: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp

    O4 - HKCU\..\Run: [startman] forces_elite.exe

    O4 - HKCU\..\Run: [uint32] PasswdMon.exe

    O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe

    O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"

    O4 - HKCU\..\Run: [0mcamcap] C:\WINDOWS\system32\0mcamcap.exe

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{480BB276-0E97-4D97-B1F0-1BC9E5AF29A7}: NameServer = 85.255.116.66,85.255.112.61

    O17 - HKLM\System\CCS\Services\Tcpip\..\{9221EEF1-5E19-4947-860C-27F734F2411B}: NameServer = 85.255.116.66,85.255.112.61

    O17 - HKLM\System\CS1\Services\Tcpip\..\{480BB276-0E97-4D97-B1F0-1BC9E5AF29A7}: NameServer = 85.255.116.66,85.255.112.61

    O17 - HKLM\System\CS2\Services\Tcpip\..\{480BB276-0E97-4D97-B1F0-1BC9E5AF29A7}: NameServer = 85.255.116.66,85.255.112.61

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

    O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll

    O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\DOCUME~1\SEANPI~1\LOCALS~1\Temp\22494\explorer.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe

    O23 - Service: WUSB54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54GS.exe (file missing)

    0
  • Customer

    Got it posted just a minute before you asked.

    0
  • Support

    You have a nasty collection of trojans and other things

     

    Ugh, you have got a whole bundle of malware. This will take numerous steps to get everything.

     

    1. Please download the free trial program Ewido per the following instructions. This is a good trojan scanner and will help to block any further trojan downloads of malware onto your system while we're trying to clean it all up. Should any nasties try to enter your system it should popup a warning and you can block anything new coming in. But first lets install it, update it, and we'll scan later in SAFE MODE.

     

    Download, install, and update Ewido AntiMalware (get the free trial version)

    http://www.ewido.net/en/download/

     

    a. Install Ewido AntiMalware

     

    b. Launch Ewido, there should be a big yellowE icon on your desktop, double-click it.

     

    c. The program will prompt you to update click the OK button

     

    d. The program will now go to the main screen

     

    e. On the left hand side of the main screen click on Update

     

    f. Click on Start. The update will start and a progress bar will show the updates being installed.

     

    g. Do not scan yet. We'll do that later in SAFE MODE. After updating close Ewido and any open programs.

     

    *Note: Ewido is a free trial product for 14 days. After that you can purchase it for full features OR you can also keep the free version to use as an on-demand scanner (recommended).

    You will still be able to manually update Ewido using the *update* button

     

    2. Reboot into Safe Mode

    You can usually do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

     

    How to start the computer in Safe mode

    http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

     

    3. Once in safe mode, start Ewido AntiMalware

     

    a. Click on scanner

     

    b. Click on *complete system scan*

     

    c. Let the program scan the machine.

     

    d. While the scan is in progress you will be prompted to clean the first infected file it finds. Choose Remove, then put a check next to Perform action on all infections in the left corner of the box so you don't have to sit and watch Ewido the whole time.

    Checkmark the box: *Create encrypted backup in the quarantine* (recommended)

     

    Click OK.

     

    When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.

     

    4. Reboot back into normal mode.

     

    5. Get a free online AV scan at eTrust Antivirus Web Scanner

    http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

    (if prompted, please *allow* Active X and the install of software - this is needed to scan your system)

    It will take a while to download the updates needed, and then you'll be presented with a screen to scan your system. SAVE the report at the end to copy back here please.

     

    (This scan to make sure your Wininet.dll is fixed if infected)

     

    (Don't forget to *save report* at the end. We need you to post a copy with your topic reply. If no infections are found, there isn't a report to save.)

     

    6. Now please scan with HijackThis to produce a new log. Post that log into your topic along with the other requested logs named below.

     

    Logs needed in your next post are:

     

    Ewido Scan report

     

    eTrust online AV report

     

    Fresh HijackThis log

    0
  • Support

    Post a fresh HijackThis log please.

     

    The computer is too infected for the scanner I think. I'll try to eliminate some manually, but I need a new log.

    Hopefully the Ewido guard is at least blocking any new malware downloads.

    0
  • Customer

    Logfile of HijackThis v1.99.1

    Scan saved at 9:39:24 AM, on 6/12/2006

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\ewido anti-malware\ewidoctrl.exe

    C:\Program Files\ewido anti-malware\ewidoguard.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\smss.exe

    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Common Files\AOL\1136554450\ee\AOLSoftware.exe

    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

    C:\WINDOWS\system32\Rundll32.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe

    C:\Program Files\Lexmark 7100 Series\lxbxmon.exe

    C:\Program Files\Lexmark 7100 Series\ezprint.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\lxbxcoms.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Documents and Settings\Sean Pierce\Desktop\HijackThis\HijackThis.exe

     

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://127.0.0.1:80

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136554450\ee\AOLSoftware.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

    O4 - HKLM\..\Run: [panel_its] sound64.exe

    O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

    O4 - HKLM\..\Run: [WUSB54GS] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe

    O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16

    O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"

    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"

    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe

    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp

    O4 - HKCU\..\Run: [startman] forces_elite.exe

    O4 - HKCU\..\Run: [uint32] PasswdMon.exe

    O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe

    O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{480BB276-0E97-4D97-B1F0-1BC9E5AF29A7}: NameServer = 85.255.116.66,85.255.112.61

    O17 - HKLM\System\CCS\Services\Tcpip\..\{9221EEF1-5E19-4947-860C-27F734F2411B}: NameServer = 85.255.116.66,85.255.112.61

    O17 - HKLM\System\CS1\Services\Tcpip\..\{480BB276-0E97-4D97-B1F0-1BC9E5AF29A7}: NameServer = 85.255.116.66,85.255.112.61

    O17 - HKLM\System\CS2\Services\Tcpip\..\{480BB276-0E97-4D97-B1F0-1BC9E5AF29A7}: NameServer = 85.255.116.66,85.255.112.61

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

    O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll

    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe

    O23 - Service: WUSB54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54GS.exe (file missing)

    0
  • Support

    Please download FixWareout from one of these sites:

    http://downloads.subratam.org/Fixwareout.exe

    http://www.bleepingcomputer.com/file...Fixwareout.exe

     

    Save it to your desktop and doubleclick on Fixwareout.exe to run it.

    Click Next, then Install, make sure "Run fixit" is checked and click Finish.

    The fix will begin; follow the prompts.

    You will be asked to reboot your computer; please do so.

    Your system may take longer than usual to load; this is normal.

    Once the desktop loads post the text that will open (report.txt)

    Please post that report and a new Hijackthis log please.

    0

Vous devez vous connecter pour laisser un commentaire.