Virus help. Hijackthis used (1 Viewer)

[SashatheMan]

ok people. i got this virus on my computer. and i used hijackthis. and got rid of some stuff i thoguht was bad. however i still get a regular warning message such as this and my background wallpaper is this and i cant get rid of it.


this is my hijackthis log . have a look if i missed something

C:\Documents and Settings\Sasha\My Documents\Programs\HijackThis.exe
C:\PROGRA~1\MSNMES~1\msnmsgr.exe

O2 - BHO: Acrobat IE Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE083} - C:\WINDOWS\system\ctldlg32.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe Deleted
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

 

[MedNez]

You missed:

O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

Second one is just a cleanup, but first might be a large contributor to your problem!

 

[rnitya_25]

i thought it was best to use either norton, mc afee or symantec, best ones to clear out viruses and stuff. try and get a hold of one of those, even if they're trial versions, just to get rid of this virus. if not, get all your stuff from your computer, put it on a portable hard drive or cd's and then format your comp.

 

[SashatheMan]

You missed:

O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

Second one is just a cleanup, but first might be a large contributor to your problem!

yes thank for that. it solved my problem. that annoying warning message disappeared. all i needed was to delete that program

 

[SashatheMan]

i thought it was best to use either norton, mc afee or symantec, best ones to clear out viruses and stuff. try and get a hold of one of those, even if they're trial versions, just to get rid of this virus. if not, get all your stuff from your computer, put it on a portable hard drive or cd's and then format your comp.

i used AD-aware before hand. it found some stuff and i repaired what i could. but now i think the problem is solved

 

[SashatheMan]

for some reason my firewall was turned off. and when i was visiting some site, all of a sudden , it started downloading and istalling random trojans and other crap. i delted about 7 or 8 things before i posted that blog.

 

[insert-username]

Moral of the story: don't look up porn on an unprotected computer.


I_F

 

[AsyLum]

Pfft, don't set anything to auto-download and always prompt, and you'll be fine

 

[Rekkusu]

Lmao, anyhows be sure to install firewall + antivirus + at least 2 anti-spyware apps. Without either one, you'll easily get spyware installed into your Systems directory without you knowing. [The moment you connect to the internet, without a firewall alone, you're basically opening the door to allow backdoor trojans,etc in] --> even by just visiting google.

Oh and btw, don't rely on Windows' Firewall, or their Anti-spyware programs, its totally useless.

 

[Enoch]

lol windows firewall is a fuking joke i just turn the mofo off..

i use outpost firewall
ad-aware
spysweeper
SSD

oh and always have ur windows updates installed..

i havent had a major trojan/virus in like 2 years..tho ive had he odd one or 2 deleteable

lol sif use hijack as first option ..go through ur virus/trojan/spyware/adware sweepers first and then use if nececarry..i only use it stop it temporarily functioning to be able to delete it...i had to do this to like previous strong viruses/trojans before i properly secured my comp.

 

[redruM]

sorry to go off topic, but that happening to the wallpaper is ownage

 

[SashatheMan]

i still cant change my wallpaper

 

[studynoob]

norton may be the most "trusted" antivirus program but its actually the gayest when a virus happens it just tells you its there and does nothing!

 

[Enoch]

depends..u need to update ur NAV regulary and also u need like a more recent NAV like 2005 or 2004

 

[SashatheMan]

i fianlly fixed my problem. a guy told me to use a program called spybot: search and destroy, to fix it. and it did.

however afterwards another guy posted this link which would directly fix the problem

http://www.delphifaq.com/faq/windows_user/f850.shtml

very useful for anyone else who gets the same problem

 

[iamsickofyear12]

I got a trojan with a similar warning message to the one you got. I used spyware doctor and got rid of it. But then I had to delete it because it kept automatically deleting bearshare from my computer.