10-26-2007, 06:11 AM | #1 (permalink) |
Upright
Location: the netherlands
|
i got a Virus
Perhaps wrong topic
I recently found a virus/malware whatever it is. Here is my hijack log R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {58046B6C-AFBD-4218-BD09-5CAFC2EDB4A4} - C:\WINDOWS\system32\autodis.dll O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1193334138843 O17 - HKLM\System\CCS\Services\Tcpip\..\{98B61128-28F1-44CC-9ECD-3C905B001744}: NameServer = 62.45.45.45,62.45.45.46 O20 - Winlogon Notify: awttrom - awttrom.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe This is the virus O2 - BHO: (no name) - {58046B6C-AFBD-4218-BD09-5CAFC2EDB4A4} - C:\WINDOWS\system32\autodis.dll Already tried removing it with hijack but it kept coming back. Avg doesnt remove it completely aswell. Deleting it manually doesnt work and neither does going into "safe mode" So any ideas? what program will definitely remove it ? |
11-03-2007, 08:04 PM | #2 (permalink) |
Upright
|
Maybe try getting a stronger anti virus, such as AVG pro, I believe they offer a free 30 day trail, and if you like it, you can buy it.
I personally use Nod32, which is extremely awsome, allthough the retail of it is 30. After you've tried scanning everything and tried some other methods of removing it, you might just have to reformat all together. Have you tried going into safe mode, and then scanning, or just going into safe mode and manually deleteing it? Do you know how you got it? And when you got it? Also, do you have the system restore enabled? |
11-03-2007, 08:41 PM | #4 (permalink) | |
Upright
|
Quote:
Reguardless of my name, the information I offer is valid. It's not like I'm telling him straight off to reformat, or to mess with his registry. I'm sure other people will actually post some information reguarding the problem he has, and it might match up to mine. |
|
11-03-2007, 08:50 PM | #5 (permalink) |
Playing With Fire
Location: Disaster Area
|
This may or may not help, they also have a support forum.....
http://www.majorgeeks.com/download3550.html
__________________
Syriana...have you ever tried liquid MDMA?....Liquid MDMA? No....Arash, when you wanna do this?.....After prayer... |
11-04-2007, 05:17 AM | #6 (permalink) |
Talk nerdy to me
Location: Flint, MI
|
Run an online scan at http://housecall.trendmicro.com. Run Ad Aware from http://lavasoftusa.com
__________________
I reject your reality, and substitute my own -- Adam Savage |
Tags |
virus |
|
|