It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Another virus, or something like that.
page: 10
share:
Since last time, I've been browsing the net much more carefully. However, I forgot one little thing: memory sticks. Apparently the memory stick my
friend gave me to put some files on it had a virus or something. Something serious. As soon as I inserted it, my computer alerted me that its infected
and a fake program popped up, doing a fake scan and prompting me to download the full version to kill the virus. Furthermore, all other programs were
unopenable. Basically when I clicked any program, it said its infected and asks me to download the antivirus. So basically the computer was
inoperable. I restarted in safe mode, ran Avast (which is the program I use) and ran a scan that took 1.5 days. It said that it uncovered malware and
I deleted it. Then I restarted the computer. I quickly opened task manager before it would become unopenable, and closed all processes that are
close-able. It said that my firewall is turned off, but I checked it and its on. So that's what happened. I don't know what to do now. Is Avast not
sufficient to delete this so-called thread? I cannot use a recovery disk because my computer is full of important files that I need to back up, but
can't, because the USBs don't work (but will be able to when I get a new laptop). So what should I do? Is there some other program that can deal
with this (free of course)? What is this "thing" that my computer is infected with?
Any and all help would be greatly appreciated.
Any and all help would be greatly appreciated.
hey, RussianSoldier.
Got a site for you to check out.
Help and hints for virus removal
This site is for a specific virus, but some of the progs can help...
Let me know if you need more help.
This is as quick as I can reply because of work...
Got a site for you to check out.
Help and hints for virus removal
This site is for a specific virus, but some of the progs can help...
Let me know if you need more help.
This is as quick as I can reply because of work...
Is it possible to identify the problem files?
Try booting into safe mode and then doing a virus scan of your system files.
If it finds the bad files, try "hijackthis" from "trend micros". It allows your PC to do a reboot and before any of the operating system gets up and running it will delete any files selected before the reboot that may have previously been undeletable because they run processes that are hard to find and close.
Good luck there and keep us updated so we might help.
[edit on 7/2/2010 by nerbot]
Try booting into safe mode and then doing a virus scan of your system files.
If it finds the bad files, try "hijackthis" from "trend micros". It allows your PC to do a reboot and before any of the operating system gets up and running it will delete any files selected before the reboot that may have previously been undeletable because they run processes that are hard to find and close.
Good luck there and keep us updated so we might help.
[edit on 7/2/2010 by nerbot]
Thanks for the help guys. When and if I remove it, I will post which method I use so other people can use this information in the future to remove
such crap from their computers.
Currently trying the methods suggested in this thread....
Currently trying the methods suggested in this thread....
I think I may have found it. First I did a scan with Malwarebytes' Anti-Malware. It did a full scan and found stuff like Adware.TMAagent,
Trojan.Downloader, Trojan.FakeAlert, and Trojan.Dropper. However, I wasn't convinced that the problem was solved. I did a restart and immediately ran
Task Manager before it became unrunnable. I opened it, and right after I opened it, the same window popped up as before: Your computer is infected
with a Trojan, please download the antivirus. Now, I quickly started shutting down processes on the Task Manager. I closed 2 files called
"vymosftav.exe". As soon as I did, that pop-up thing disappeared and all programs were openable again.
So I'm quite sure that the problem, or part of the problem is that file:
vymosftav.exe
I searched my computer for all files with that name and found this:
VYMOSFTAV.EXE-25C62352.pf in the folder: C:\WINDOWS\Prefetch
I'm going to google this now to see what I should do about this file.
So I'm quite sure that the problem, or part of the problem is that file:
vymosftav.exe
I searched my computer for all files with that name and found this:
VYMOSFTAV.EXE-25C62352.pf in the folder: C:\WINDOWS\Prefetch
I'm going to google this now to see what I should do about this file.
Googled this file's name and didn't find anything. Perhaps a new type of Malware?
I'm assuming as long as I don't have unfamiliar processes running on task manager I'm safe, right?
[edit on 7-2-2010 by Russian soldier]
I'm assuming as long as I don't have unfamiliar processes running on task manager I'm safe, right?
[edit on 7-2-2010 by Russian soldier]
Glad you got it under control.
I would still advise a malware check every now and then, and the file you found may also have other files linked to it.
Use the program I mentioned above if things go doo-lally and you can't delete a file or shut down a process.
Good luck.
I would still advise a malware check every now and then, and the file you found may also have other files linked to it.
Use the program I mentioned above if things go doo-lally and you can't delete a file or shut down a process.
Good luck.
Thanks bro.
Well I'm not 100% sure that the threat is gone, so I did a hijackthis scan. However, I am not sure of which files to delete. The program just shows which programs are suspicious, but not which ones are dangerous. So here is the log, and if anyone could tell me which programs in the list are definitely dangerous, it would be much appreciated.
------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:24 AM, on 2/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\ICQLite\ICQ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = start.icq.com...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.toshibadirect.com...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = www.toshibadirect.com...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: (no name) - - (no file)
F1 - win.ini: run=C:\WESTWOOD\REDALERT\INSTICON.EXE C:\WESTWOOD\REDALERT\INSTICON.EXE C:\WESTWOOD\REDALERT\INSTICON.EXE
O2 - BHO: (no name) - [02478D38-C3F9-4efb-9B51-7695ECA05670] - (no file)
O2 - BHO: AcroIEHlprObj Class - [06849E9F-C8D7-4D59-B87D-784B7D6BE0B3] - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - [3049C3E9-B461-4BC5-8870-4C09146192CA] - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - [9030D464-4C02-4ABF-8ECC-5164760863C6] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: JQSIEStartDetectorImpl - [E7E6F031-17CE-4C07-BC86-EABFE594F69C] - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "c:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [ujsgtqwr] C:\Documents and Settings\*********\Local Settings\Application Data\vuwjws\vymosftav.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ujsgtqwr] C:\Documents and Settings\*********\Local Settings\Application Data\vuwjws\vymosftav.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - [92780B25-18CC-41C8-B9BE-3C9C571A8263] - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - [CD67F990-D8E9-11d2-98FE-00C0F0318AFE] - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - [e2e2dd38-d088-4134-82b7-f2ba38496583] - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - [e2e2dd38-d088-4134-82b7-f2ba38496583] - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ Lite - [E59EB121-F339-4851-A3BA-FE49C35617C2] - ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - [E59EB121-F339-4851-A3BA-FE49C35617C2] - ICQ.exe (file missing)
O9 - Extra button: Messenger - [FB5F1910-F110-11d2-BB9E-00C04F795683] - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - [FB5F1910-F110-11d2-BB9E-00C04F795683] - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: [6E32070A-766D-4EE6-879C-DC1FA91D2FC3] (MUWebControl Class) - update.microsoft.com...
O16 - DPF: [8100D56A-5661-482C-BEE8-AFECE305D968] (Facebook Photo Uploader 5 Control) - upload.facebook.com...
O16 - DPF: [C3F79A2B-B9B4-4A66-B012-3EE46475B072] (MessengerStatsClient Class) - messenger.zone.msn.com...
O17 - HKLM\System\CCS\Services\Tcpip\..\[66DA01D4-BB8D-4363-B564-21E3CEBBA05D]: NameServer = 79.134.0.1,79.134.0.2
O18 - Protocol: skype4com - [FFC8B962-9B40-4DFF-9458-1830C7DD7F5D] - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu#a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
--
End of file - 7930 bytes
Edit to add: Besides the two vymosftav.exe files.
[edit on 8-2-2010 by Russian soldier]
Well I'm not 100% sure that the threat is gone, so I did a hijackthis scan. However, I am not sure of which files to delete. The program just shows which programs are suspicious, but not which ones are dangerous. So here is the log, and if anyone could tell me which programs in the list are definitely dangerous, it would be much appreciated.
------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:24 AM, on 2/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\ICQLite\ICQ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = start.icq.com...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.toshibadirect.com...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = www.toshibadirect.com...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: (no name) - - (no file)
F1 - win.ini: run=C:\WESTWOOD\REDALERT\INSTICON.EXE C:\WESTWOOD\REDALERT\INSTICON.EXE C:\WESTWOOD\REDALERT\INSTICON.EXE
O2 - BHO: (no name) - [02478D38-C3F9-4efb-9B51-7695ECA05670] - (no file)
O2 - BHO: AcroIEHlprObj Class - [06849E9F-C8D7-4D59-B87D-784B7D6BE0B3] - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - [3049C3E9-B461-4BC5-8870-4C09146192CA] - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Sign-in Helper - [9030D464-4C02-4ABF-8ECC-5164760863C6] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: JQSIEStartDetectorImpl - [E7E6F031-17CE-4C07-BC86-EABFE594F69C] - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "c:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [ujsgtqwr] C:\Documents and Settings\*********\Local Settings\Application Data\vuwjws\vymosftav.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ujsgtqwr] C:\Documents and Settings\*********\Local Settings\Application Data\vuwjws\vymosftav.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - [92780B25-18CC-41C8-B9BE-3C9C571A8263] - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - [CD67F990-D8E9-11d2-98FE-00C0F0318AFE] - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - [e2e2dd38-d088-4134-82b7-f2ba38496583] - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - [e2e2dd38-d088-4134-82b7-f2ba38496583] - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ Lite - [E59EB121-F339-4851-A3BA-FE49C35617C2] - ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - [E59EB121-F339-4851-A3BA-FE49C35617C2] - ICQ.exe (file missing)
O9 - Extra button: Messenger - [FB5F1910-F110-11d2-BB9E-00C04F795683] - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - [FB5F1910-F110-11d2-BB9E-00C04F795683] - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: [6E32070A-766D-4EE6-879C-DC1FA91D2FC3] (MUWebControl Class) - update.microsoft.com...
O16 - DPF: [8100D56A-5661-482C-BEE8-AFECE305D968] (Facebook Photo Uploader 5 Control) - upload.facebook.com...
O16 - DPF: [C3F79A2B-B9B4-4A66-B012-3EE46475B072] (MessengerStatsClient Class) - messenger.zone.msn.com...
O17 - HKLM\System\CCS\Services\Tcpip\..\[66DA01D4-BB8D-4363-B564-21E3CEBBA05D]: NameServer = 79.134.0.1,79.134.0.2
O18 - Protocol: skype4com - [FFC8B962-9B40-4DFF-9458-1830C7DD7F5D] - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu#a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
--
End of file - 7930 bytes
Edit to add: Besides the two vymosftav.exe files.
[edit on 8-2-2010 by Russian soldier]
reply to post by Russian soldier
These are the only things I see, but you already know that...
That's a long log list...
Can't really tell about the others. They seem normal.
Malwarebytes Anti-malware is yer best bet.
If that doesn't help, look for Spyb ot Search & Destroy
Its helps too. But be careful, because the latest version has some lag.
[edit on 8-2-2010 by havok]
O4 - HKLM\..\Run: [ujsgtqwr] C:\Documents and Settings\*********\Local Settings\Application Data\vuwjws\vymosftav.exe
O4 - HKCU\..\Run: [ujsgtqwr] C:\Documents and Settings\*********\Local Settings\Application Data\vuwjws\vymosftav.exe
These are the only things I see, but you already know that...
That's a long log list...
Can't really tell about the others. They seem normal.
Malwarebytes Anti-malware is yer best bet.
If that doesn't help, look for Spyb ot Search & Destroy
Its helps too. But be careful, because the latest version has some lag.
[edit on 8-2-2010 by havok]
reply to post by Russian soldier
One thing I forgot to mention...
If you find a file you KNOW is suspicious (ever) and you get a virus warning or message reffering to it...WRITE DOWN THE INFO.
Then look at the file in windows explorer and "arrange icons by DATE CREATED".
It is a good way to find files that were insalled at the same time as the virus/malware.
You then have the opportunity to delete those files when normally they may get missed.
Like "havok" said, "spybot search and destroy" is pretty good and worth running to weed out these b*st*rds.
Most problem files get installed into the "windows\system32" folder and that's what you should concentrate on. Also, a "prefetch" file can be the result of the originally infected file that is located somewhere else (system32) and when deleted, it will just reappear the same "prefetch" file next time you boot up.
"vymosftav.exe" seems to have been the bug, so lets hope you found the cure. The two files pointed out below by "havok" seem to be linked to the original one you pointed out and deleted. Check the date for them (arrange icons by"date created") and search your "windows\system32" folder for any files installed at that time. I would quarantine them yourself for a while and if your system runs OK, then delete them permenantly after you are happy everything is still running fine.
You have my sympathy and I've been through what you are before but don't give up because getting it sorted is a nice feeling and makes for more enjoyable computing time.
Keep us informed eh?
Cheers.
One thing I forgot to mention...
If you find a file you KNOW is suspicious (ever) and you get a virus warning or message reffering to it...WRITE DOWN THE INFO.
Then look at the file in windows explorer and "arrange icons by DATE CREATED".
It is a good way to find files that were insalled at the same time as the virus/malware.
You then have the opportunity to delete those files when normally they may get missed.
Like "havok" said, "spybot search and destroy" is pretty good and worth running to weed out these b*st*rds.
Most problem files get installed into the "windows\system32" folder and that's what you should concentrate on. Also, a "prefetch" file can be the result of the originally infected file that is located somewhere else (system32) and when deleted, it will just reappear the same "prefetch" file next time you boot up.
"vymosftav.exe" seems to have been the bug, so lets hope you found the cure. The two files pointed out below by "havok" seem to be linked to the original one you pointed out and deleted. Check the date for them (arrange icons by"date created") and search your "windows\system32" folder for any files installed at that time. I would quarantine them yourself for a while and if your system runs OK, then delete them permenantly after you are happy everything is still running fine.
You have my sympathy and I've been through what you are before but don't give up because getting it sorted is a nice feeling and makes for more enjoyable computing time.
Keep us informed eh?
Cheers.
Thank you very much, guys.
The file vymosftav.exe no longer appears on my task manager list at start-up. Malwarebytes' Anti-Malware also comes up clean after a scan. However, I'm staying sharp, never know if something is still left. I downloaded GMER and OTL, scanned with both of them and made extensive logs and posted them on a special website to have all the files scanned reviewed. I will update you guys if anything comes up.
The file vymosftav.exe no longer appears on my task manager list at start-up. Malwarebytes' Anti-Malware also comes up clean after a scan. However, I'm staying sharp, never know if something is still left. I downloaded GMER and OTL, scanned with both of them and made extensive logs and posted them on a special website to have all the files scanned reviewed. I will update you guys if anything comes up.
Update:
When I started my pc and opened task manager, the file appeared for a split second and disappeared. It must still be there
When I started my pc and opened task manager, the file appeared for a split second and disappeared. It must still be there
I just went through this. I think the bad files are the ones that end with sftave.exe. I used malware bytes to get rid of it however, if its not
updated, it wont find it. I had to update mine by restarting in safe mode with networking, go to internet options, connections, LAN settings and then
uncheck proxy server box. Update malwarebytes, run it remove infections or whatever and your good to go. BUT NOW......I cant get ie to work when I
recheck the proxy server box and I don't know what to do . It works fine without this box checked but I think it needs to be checked. I don't know
?
reply to post by Russian soldier
Check in your "windows\system32" folder for the file and any installed at the same time.
Follow the instructions I posted above.
Good luck, we're still with you.
Check in your "windows\system32" folder for the file and any installed at the same time.
Follow the instructions I posted above.
Good luck, we're still with you.
new topics
-
Watts home paranormal activity
Paranormal Studies: 59 minutes ago -
So, what is really going on in South Korea ?
World War Three: 1 hours ago -
Congress Says the FBI is Covering Up Vital Info on the Jan 5th 2021 D.C. Pipe Bombs at RNC-DNC.
Political Conspiracies: 1 hours ago -
The trial on kids was stopped
Medical Issues & Conspiracies: 4 hours ago -
Orbs Appear And Form Triangle On Live Cam.
Aliens and UFOs: 6 hours ago -
Biden Has New Bizarre Injuries to His Face
Politicians & People: 8 hours ago -
Something is not adding up in regards to the H-1B commotion
General Conspiracies: 8 hours ago -
Elon Musk Calls for Tommy Robinson to be Freed - and Takes a Dig at Starmer
Politicians & People: 9 hours ago -
Biden to award Presidential Citizens Medal to Liz Cheney and Bennie Thompson
US Political Madness: 9 hours ago
top topics
-
Biden Has New Bizarre Injuries to His Face
Politicians & People: 8 hours ago, 11 flags -
Biden to award Presidential Citizens Medal to Liz Cheney and Bennie Thompson
US Political Madness: 9 hours ago, 9 flags -
The trial on kids was stopped
Medical Issues & Conspiracies: 4 hours ago, 9 flags -
Just learned a really helpful trick for internet searches
Computer Help: 15 hours ago, 7 flags -
Congress Says the FBI is Covering Up Vital Info on the Jan 5th 2021 D.C. Pipe Bombs at RNC-DNC.
Political Conspiracies: 1 hours ago, 7 flags -
Orbs Appear And Form Triangle On Live Cam.
Aliens and UFOs: 6 hours ago, 6 flags -
Not off to a good start
General Chit Chat: 17 hours ago, 6 flags -
Something is not adding up in regards to the H-1B commotion
General Conspiracies: 8 hours ago, 5 flags -
Elon Musk Calls for Tommy Robinson to be Freed - and Takes a Dig at Starmer
Politicians & People: 9 hours ago, 5 flags -
So, what is really going on in South Korea ?
World War Three: 1 hours ago, 4 flags
active topics
-
Congress Says the FBI is Covering Up Vital Info on the Jan 5th 2021 D.C. Pipe Bombs at RNC-DNC.
Political Conspiracies • 15 • : WeMustCare -
Something is not adding up in regards to the H-1B commotion
General Conspiracies • 27 • : fringeofthefringe -
Vehicle Strikes people in New Orleans
Mainstream News • 283 • : WeMustCare -
Tesla Cybertruck Explodes in Front of Trump Hotel in Las Vegas
Mainstream News • 129 • : WeMustCare -
Watts home paranormal activity
Paranormal Studies • 3 • : TheMisguidedAngel -
Post A Funny (T&C Friendly) Pic Part IV: The LOL awakens!
General Chit Chat • 7980 • : underpass61 -
The trial on kids was stopped
Medical Issues & Conspiracies • 7 • : nugget1 -
So, what is really going on in South Korea ?
World War Three • 2 • : rickymouse -
Biden Has New Bizarre Injuries to His Face
Politicians & People • 10 • : rickymouse -
-@TH3WH17ERABB17- -Q- ---TIME TO SHOW THE WORLD--- -Part- --44--
Dissecting Disinformation • 3900 • : IndieA
0