Virus
February 9th, 2020
What should i do? Makwarebytes is not fixing the problem like it told me when i googled it
this is one of the bad ones..try running malwarebytes and superantispyware in safe mode..see if it can pick anything up
i just reinstalled my comp too man fmlll
you reinstalled after waiting 2 mins for a reply?..owell..how did it go..that should have done the trick if you did a clean install..might not have been necessary though
no, he means he reinstalled and got infected again, so he’s smiling.
go to safe mode, run a full scan with malwarebytes. delete what it finds… then download a program called hijackthis, and run it in normal mode. post the log results here, and it’ll be evaluated.
u have to reinsall windows and format ur whole hard drive
You need antivirus, malwarebytes is not enough. Get SuperAntiSpyware, Combofix, Avira and Comodo Firewall.
If you waited I could have helped you remove it. Oh well get a third party firewall as well as a antivirus. I recommend Avira along with Outpost Firewall.
If you waited I could have helped you remove it. Oh well get a third party firewall as well as a antivirus. I recommend Avira along with Outpost Firewall.
waited for wat?
no, he means he reinstalled and got infected again, so he's smiling.
go to safe mode, run a full scan with malwarebytes. delete what it finds... then download a program called hijackthis, and run it in normal mode. post the log results here, and it'll be evaluated.
Found nothing in safe mode. heres the log file
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:51 PM, on 1/17/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\smss32.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 – REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
O2 – BHO: AcroIEHlprObj Class – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 – BHO: NAV Helper – {BDF3E430-B101-42AD-A544-FADC6B084872} – c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 – BHO: JQSIEStartDetectorImpl – {E7E6F031-17CE-4C07-BC86-EABFE594F69C} – C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} – c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 – HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 – HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 – HKLM\..\Run: [ccApp] “c:\Program Files\Common Files\Symantec Shared\ccApp.exe”
O4 – HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 – HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 – HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 – HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 – HKLM\..\Run: [ps2] C:\WINDOWS\system32\ps2.exe
O4 – HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 – HKLM\..\Run: [ATIPTA] “C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe”
O4 – HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 – HKLM\..\Run: [RECGUARD] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 – HKLM\..\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 – HKLM\..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 – HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 – HKLM\..\Run: [ISUSPM Startup] “C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” -startup
O4 – HKLM\..\Run: [ISUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start
O4 – HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [Aim] “C:\Program Files\AIM\aim.exe” /d locale=en-US
O4 – .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User ‘Default user’)
O4 – Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Connection Help – {E2D4D26B-0180-43a4-B05F-462D6D54C789} – C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 – Extra ‘Tools’ menuitem: Connection Help – {E2D4D26B-0180-43a4-B05F-462D6D54C789} – C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O23 – Service: Adobe LM Service – Adobe Systems – C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 – Service: Apple Mobile Device – Apple Inc. – C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: Bonjour Service – Apple Inc. – C:\Program Files\Bonjour\mDNSResponder.exe
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Network Proxy (ccProxy) – Symantec Corporation – c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 – Service: iPod Service – Apple Inc. – C:\Program Files\iPod\bin\iPodService.exe
O23 – Service: ISSvc (ISSVC) – Symantec Corporation – c:\Program Files\Norton Internet Security\ISSVC.exe
O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. – C:\Program Files\Java\jre6\bin\jqs.exe
O23 – Service: LightScribeService Direct Disc Labeling Service (LightScribeService) – Hewlett-Packard Company – C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 – Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) – Unknown owner – C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
O23 – Service: MobilePre Installer (MobilePreInstallerService) – M-Audio – C:\Program Files\M-Audio\MobilePre\Install\MPInst.exe
O23 – Service: Norton AntiVirus Auto-Protect Service (navapsvc) – Symantec Corporation – c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 – Service: SAVScan – Symantec Corporation – c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Symantec SPBBCSvc (SPBBCSvc) – Symantec Corporation – c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 – Service: SymWMI Service (SymWSC) – Symantec Corporation – c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
—
End of file – 9942 bytes
Looks clean, if you wouldn’t have formatted I meant I could have helped you remove it. Its pointless now since you formatted so you shouldn’t have a virus.
Looks clean, if you wouldn't have formatted I meant I could have helped you remove it. Its pointless now since you formatted so you shouldn't have a virus.
noo u misunderstood me. i need help. i meant that i just recently reformatted a week ago and already i have the virus. Please help im not trrying to reformat again.
try pc tools spyware doctor instead of malwarebytes anti-malware and if that doesnt help i suggest you use combofix here
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Internet Security 2010 manual removal:
Kill processes:
IS2010.exe 41.exe winlogon86.exe winupdate86.exe HELP:
how to kill malicious processes
Delete registry values:
HKEY_CURRENT_USER\Software\IS2010
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Internet Security 2010”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “winupdate86.exe” HELP:
how to remove registry entries
Unregister DLLs:
winhelper86.dll
HELP:
how to unregister malicious DLLs
Delete files:
IS2010.exe 41.exe winhelper86.dll winlogon86.exe winupdate86.exe Internet Security 2010.lnk HELP:
how to remove harmful files
Delete directories:
C:\s
C:\Program Files\InternetSecurity2010\
Internet Security 2010 manual removal:
Kill processes:
IS2010.exe 41.exe winlogon86.exe winupdate86.exe HELP:
how to kill malicious processes
Delete registry values:
HKEY_CURRENT_USER\Software\IS2010
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Internet Security 2010"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "winupdate86.exe" HELP:
how to remove registry entries
Unregister DLLs:
winhelper86.dll
HELP:
how to unregister malicious DLLs
Delete files:
IS2010.exe 41.exe winhelper86.dll winlogon86.exe winupdate86.exe Internet Security 2010.lnk HELP:
how to remove harmful files
Delete directories:
C:\s
C:\Program Files\InternetSecurity2010\
how do i do this sorryy im a n00b
dude , just download an progam call’d Combo Fix and run it … it works great here when i get infected badly and no other anti-vir works…
just use it at your own risks. if it doesnt works at least i tryd to help
if i helped you , just pm me saying thanx
okk im gonna try that now ^
okk im gonna try that now ^
I wouldn’t advise you to run ComboFix without supervision as it could hinder your system useless.