My computer was infected with virus since my friends came and connected my computer to his phone. Apperently his computer is already infected which infected is handphone and now my computer is infected. another friend of mine have his com infected by psp by him.
Here's how the virus look like:
Infected PSP
If i end the process it will open a new one.
It's files are invisible, and cant be removed.
Results 1 to 6 of 6
-
10-16-2008, 08:15 AM #1
Member
- Join Date
- Oct 2008
- Posts
- 13
Highly Dangerous Contagious Virus, Psp,handphone Viable- Spyware Doctor Unable To Dep
-
10-16-2008, 08:16 AM #2
Member
- Join Date
- Oct 2008
- Posts
- 13
It will still remain after restart.
It will spam pop-up if i end them with virus scan on , it will stop after a while but if i restart, it will return.
Virus Info-
(The Attributes and setting are changeable but no effect however.)
My virus scan find some virus and clear them and then show this:
which then even after restart the virus still retain, scan again and this will pop up again.
There is a text file created by the virus-(Read Me)Pendekar Blank.txt
Salam Kenal Buat User yang sedang Aktif di Komputer ini
Saya adalah Pendekar Blank 1, Program yang dibuat oleh seseorang yang ingin
memberantas kejahatan di muka bumi ini dan saya dikirim ke sini untuk:
1. Mencoba memberantas virus-virus lokal yang sudah menyebar di Indonesia
2. Mencoba mengamankan komputer ini dari infeksi virus lokal, dan
3. Mencoba menghalangi anda untuk berbuat sesuatu yang tidak perlu dilakukan di komputer ini
Itulah 3 Misi saya setelah dikirim ke komputer ini
Mohon maaf apabila nantinya terdapat kesalahan-kesalahan selama melakukan 3 misi diatas
Mudah-mudahan anda adalah orang baik yang mempergunakan komputer pada jalan yang benar
I have no idea what it mean.. if u know please translate
btw spyware doctor is a really good virus scan, i used it compared with others, so i dun think it's the virus scan fault, as my friend scan it with another virus scan it also says restart which is useless.
If anyone think they know how to cure this, (system restore dun work) not reformat nor reinstall windows , please post them.
-
10-16-2008, 08:16 AM #3
Member
- Join Date
- Oct 2008
- Posts
- 13
Virus Info-
(The Attributes and setting are changeable but no effect however.)
-
10-16-2008, 08:17 AM #4
Member
- Join Date
- Oct 2008
- Posts
- 13
Virus scan only clear some virus probably created by those process, but virus remain.
-
10-16-2008, 08:42 AM #5
Member
- Join Date
- Oct 2008
- Posts
- 13
Logfile of HijackThis v1.99.1
Scan saved at 4:35:01 PM, on 10/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\FlexibleSoft\Absolute Time Corrector\atcorrector.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllChache\Empty.jpg
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\dllChache\Blank.doc
C:\WINDOWS\system32\dllChache\Zero.txt
C:\WINDOWS\system32\dllChache\Hole.zip
C:\WINDOWS\system32\dllChache\Unoccupied.reg
C:\DOCUME~1\NGYAOW~1\taskmgr.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Ng Yao Wei\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.114la.com/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Service Pack 3 Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, "C:\WINDOWS\system32\M5VBVM60.EXE StartUp"
O1 - Hosts: dgbwc.servegame.com update.nprotect.com
O1 - Hosts: dgbwc.servegame.com update.nprotect.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: FGCatchUrl - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jdk1.6.0_10\bin\ssv.dll
O2 - BHO: Skype Control Class - {9018F6A8-2495-45DF-9F16-C738F8F3C8FF} - C:\WINDOWS\system32\SkypeComm.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jdk1.6.0_10\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jdk1.6.0_10\lib\deploy\jqs\ie\jqs_plugi n.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - (no file)
O4 - HKLM\..\Run: [Blank AntiViri] C:\AUT0EXEC.BAT StartUp
O4 - HKLM\..\RunServices: [sys host] ENCRYPTED.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Secure64] C:\WINDOWS\system32\dllcache\Regedit32.com StartUp
O4 - HKCU\..\Run: [Secure32] C:\WINDOWS\system32\dllcache\Shell32.com StartUp
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enqueue in Star Downloader - C:\Program Files\Star Downloader\sdieenq.htm
O8 - Extra context menu item: Leech with Star Downloader - C:\Program Files\Star Downloader\leechie.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: ,
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Absolute Time Corrector Service (atccorrector) - FlexibleSoft Co. - C:\Program Files\FlexibleSoft\Absolute Time Corrector\atcorrector.exe
-
10-16-2008, 03:33 PM #6
Enthusiast
- Join Date
- Oct 2008
- Posts
- 53
I analyzed your log
Fix the following, using hijackthis
C:\DOCUME~1\NGYAOW~1\taskmgr.exe
(Its a fake, usually runs from system 32 folder)
O1 - Hosts: dgbwc.servegame.com update.nprotect.com(maybe nasty)
O1 - Hosts: dgbwc.servegame.com update.nprotect.net (detected as nasty)
O2 - BHO: Skype Control Class - {9018F6A8-2495-45DF-9F16-C738F8F3C8FF} - C:\WINDOWS\system32\SkypeComm.dll
(check if this the real skype file. Detected as extreamly nasty)
O4 - HKLM\..\RunServices: [sys host] ENCRYPTED.EXE(EXTREAMLY NASTY)
O4 - HKCU\..\Run: [Secure64] C:\WINDOWS\system32\dllcache\Regedit32.com StartUp
O4 - HKCU\..\Run: [Secure32] C:\WINDOWS\system32\dllcache\Shell32.com StartUp
O20 - AppInit_DLLs: ,
YOU MAY NEED TO DOUBLE CHECK THESE. THIS LOG HAS BEEN ANALYZED BY A SPECIFIED TOOL, SO THERE MAY BE SOME FALSE THINGS.
Good Luck, I will analyze the rest later.Thanks and kind Regards...
VirusPING
Reply With Quote
