Please help! It appears I'm "infected"!

  • kcbikergal
  • Born
  • Born
  • kcbikergal
  • Posts: 3

Post 3+ Months Ago

I have NO idea what I'm doing here - I've spent the last day reading and scanning and I still have virus warnings popping up right and left. It keeps saying that I have "Worm.Win32.NetSky", although none of the scans that I've done come up with that.

Some of the "advice" that I've found when I submit an online HJ scan says to remove this:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2

but it won't let me!

My computer is painfully, PAINFULLY slow and I need it for work!

Please help me?
Thanks!


Logfile of HijackThis v1.99.1
Scan saved at 1:13:39 PM, on 1/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink ScamBlocker V2 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\Equifax\Toolbar\EScamBlk.dll
O2 - BHO: BDEX System - {1AC7107A-938F-4347-864C-C51E49EC586E} - C:\WINDOWS\dxpvqlmtqn.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\Equifax\Toolbar\ElnkPuB.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\system32\TwcToolbarBho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\Equifax\Toolbar\uninsttb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O3 - Toolbar: Equifax Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\Equifax\Toolbar\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: The ensfolr - {3723900A-B26F-40EC-B606-B7B37132B83F} - C:\WINDOWS\ensfolr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Lookup Meaning - res://C:\Program Files\ieSpell\iespell.dll/LOOKUPMEANING.HTM
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\Equifax\Toolbar\SearchUI.dll/search.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://boards.fool.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/d ... gctlcm.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/adobe/ ... tream3.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://webmail.dstsystems.com/iNotes6. ... m,CT=java+
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1700114981
O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) - http://entriq.vo.llnwd.net/o1/NBCUniver ... _0_0_4.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) - http://entriq.vo.llnwd.net/o1/NBCUniver ... Silent.cab
O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - http://entriq.vo.llnwd.net/o1/NBCUniver ... _0_0_3.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://webmail.dstsystems.com/,DanaInf ... +dwa7W.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/ ... .0.0.9.cab?
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites ... nstall.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: bklgvsf - {6393141E-2608-44D7-A4CD-B29B87BF6F38} - C:\WINDOWS\bklgvsf.dll
O21 - SSODL: ampkfst - {0A8D9717-8EBA-451A-92BB-0B2D7ACF8BA7} - C:\WINDOWS\ampkfst.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • ace5p1d0r
  • Expert
  • Expert
  • User avatar
  • Posts: 630
  • Loc: UK

Post 3+ Months Ago

What anti virus software are you using?
  • shatter2day
  • Graduate
  • Graduate
  • User avatar
  • Posts: 185
  • Loc: N.Y.

Post 3+ Months Ago

I've actually had a similar problem with another computer. The above worm wasn't detected by the virus program on those computers either (ran on AVG). Unfortunately I forget exactly what I did, but my suggestion is to run both Spybot, and ad-aware. You can download these programs at

http://www.download.com

The next program to run is at: http://housecall.trendmicro.com/

This will take a long time to run, especially if it is the first time. these three will clean the computer pretty well. After these have finished scanning and deleted the appropriate files, reboot your computer and se if you still have that pop-up. If not, its gone.

Whatever you do, DO NOT download the programs that say anything like "Remove NetSky Worm "Free."
  • deathblade
  • Proficient
  • Proficient
  • User avatar
  • Posts: 419
  • Loc: u.k

Post 3+ Months Ago

does anyone know what this virus does? i mean is it really bad like does over windows or just spreads?
  • shatter2day
  • Graduate
  • Graduate
  • User avatar
  • Posts: 185
  • Loc: N.Y.

Post 3+ Months Ago

its annoying really, if its the same thing, it comes up with a popup (similar to when windows needs to be updated) and will say something like your computer has "Worm.Win32.NetSky" and to get rid of the virus you are supposedly supposed to click on it to get rid of it. By clicking you are brought to a website and a supposed remover of the virus, which gives you yet another virus (my brother did this on his computer and I couldn't believe he fell for it). The reason it is so anoying though is if you choose to ignore the problem the window keeps popping up (i believe i timed it at once every 3 minutes) and a window may even open directly to the site.

So its hard to get any work done on the computer, but i don't know how much damage it does to the computer itself, I got rid of it pretty quick (out of 3 computers here, 2 got the virus. of course mine was the only one that didn't)
  • deathblade
  • Proficient
  • Proficient
  • User avatar
  • Posts: 419
  • Loc: u.k

Post 3+ Months Ago

fix

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2

O3 - Toolbar: The ensfolr - {3723900A-B26F-40EC-B606-B7B37132B83F} - C:\WINDOWS\ensfolr.dll

if you added

O15 - Trusted Zone: http://boards.fool.com

to trusted zones then leave it if not remove

check if you know these urls

O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) - http://entriq.vo.llnwd.net/o1/NBCUniver ... _0_0_4.cab

O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) - http://entriq.

vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_4_0_15_Silent .cab


O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - http://entriq.vo.llnwd.net/o1/NBCUniver ... _1_0_0_3.c ab

if not remove them

upload

C:\WINDOWS\bklgvsf.dll

C:\WINDOWS\ampkfst.dll

C:\WINDOWS\dxpvqlmtqn.dll


to http://www.virustotal.com/


i believe they are viruses
  • shatter2day
  • Graduate
  • Graduate
  • User avatar
  • Posts: 185
  • Loc: N.Y.

Post 3+ Months Ago

I forgot! a key for me to getting rid of the problem was SmitfraudFix, you can easily find this here:

http://siri.geekstogo.com/SmitfraudFix.php

Sorry about this, i should have thought of this earlier as the virus makes it take forever to run any ad-ware scans or spybot.
  • kcbikergal
  • Born
  • Born
  • kcbikergal
  • Posts: 3

Post 3+ Months Ago

deathblade wrote:
fix

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2

O3 - Toolbar: The ensfolr - {3723900A-B26F-40EC-B606-B7B37132B83F} - C:\WINDOWS\ensfolr.dll

if you added

O15 - Trusted Zone: http://boards.fool.com

to trusted zones then leave it if not remove

check if you know these urls

O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) - http://entriq.vo.llnwd.net/o1/NBCUniver ... _0_0_4.cab

O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) - http://entriq.

vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_4_0_15_Silent .cab


O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - http://entriq.vo.llnwd.net/o1/NBCUniver ... _1_0_0_3.c ab

if not remove them

upload

C:\WINDOWS\bklgvsf.dll

C:\WINDOWS\ampkfst.dll

C:\WINDOWS\dxpvqlmtqn.dll


to http://www.virustotal.com/


i believe they are viruses


Thanks for the reply!


It won't let me remove:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2

I did add O15 - Trusted Zone: http://boards.fool.com so that one's fine

Got rid of the rest of them that you listed though.

I'm now uploading those files to Virus Total, but I'm about at my wits end! I've run SmitfraudFix more times that I can count, run HiJackThis, run DSS, rebooted into Safe Mode, disconnected my modem, defragged, etc.!

My computer is no closer to being cleaned up than when I first started all of this.

OK, one of the scans just finished:

File bklgvsf.dll received on 01.11.2008


Antivirus Version Last Update Result
AhnLab-V3 2008.1.11.10 2008.01.10 -
AntiVir 7.6.0.46 2008.01.10 ADSPY/Agent.PB
Authentium 4.93.8 2008.01.09 -
Avast 4.7.1098.0 2008.01.10 Win32:Agent-LTS
AVG 7.5.0.516 2008.01.10 -
BitDefender 7.2 2008.01.11 -
CAT-QuickHeal 9.00 2008.01.10 -
ClamAV 0.91.2 2008.01.11 -
DrWeb 4.44.0.09170 2008.01.10 -
eSafe 7.0.15.0 2008.01.10 -
eTrust-Vet 31.3.5448 2008.01.11 -
Ewido 4.0 2008.01.10 -
FileAdvisor 1 2008.01.11 -
Fortinet 3.14.0.0 2008.01.11 -
F-Prot 4.4.2.54 2008.01.10 -
F-Secure 6.70.13030.0 2008.01.11 -
Ikarus T3.1.1.20 2008.01.10 -
Kaspersky 7.0.0.125 2008.01.11 -
McAfee 5204 2008.01.10 Puper
Microsoft 1.3109 2008.01.10 Adware:Win32/SmitFraud
NOD32v2 2782 2008.01.11 -
Norman 5.80.02 2008.01.10 -
Panda 9.0.0.4 2008.01.10 -
Prevx1 V2 2008.01.11 -
Rising 20.26.32.00 2008.01.10 -
Sophos 4.24.0 2008.01.11 -
Sunbelt 2.2.907.0 2008.01.11 -
Symantec 10 2008.01.11 -
TheHacker 6.2.9.185 2008.01.09 -
VBA32 3.12.2.5 2008.01.11 -
VirusBuster 4.3.26:9 2008.01.10 -
Webwasher-Gateway 6.6.2 2008.01.11 Ad-Spyware.Agent.PB



What's that mean and what do I do about it?

I've had eTrust EZ AntiVirus installed for quite awhile now. I also have eTrust PestControl running.

I definitely still need HELP!

Thanks,
kc
[/code]
  • deathblade
  • Proficient
  • Proficient
  • User avatar
  • Posts: 419
  • Loc: u.k

Post 3+ Months Ago

you tried in safe mode? i should of said sorry

and it will say if it;s infected of not


e.g

AhnLab-V3 2008.1.11.10 2008.01.10 -

means that av says it's clean where as


Microsoft 1.3109 2008.01.10 Adware:Win32/SmitFraud


says its Adware:Win32/SmitFraud

so from that post i see that 5/32 says it;s adware

you also know the names of the av that pit it up ;p
  • grinch2171
  • Moderator
  • Genius
  • User avatar
  • Posts: 6800
  • Loc: Martinsburg, WV

Post 3+ Months Ago

Did you try removing this entry in Safe Mode using Hijack This?

Quote:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
  • kcbikergal
  • Born
  • Born
  • kcbikergal
  • Posts: 3

Post 3+ Months Ago

Well, it's kind of a moot point now - last night I completely "killed" my computer. :-(

I uninstalled ETrust and installed AVG. It found some items and I had it clean them out. Then, to make sure, I reran the Microsoft Malware thing and it removed one file that it said was a virus and now my computer won't boot up completely. All I get when it's "done" is a black screen with a white arrow cursor - and that is it.

Crap! What do I do now?

(Thanks for your help up to now!)
kc

ps. And I tried rebooting into Safe mode after all this happens and it just streams a bunch of directories on the screen and then stops cold with all of them just sitting there, looking at me.
:shock:
  • tom2002
  • Novice
  • Novice
  • tom2002
  • Posts: 16
  • Loc: Eugene, OR

Post 3+ Months Ago

Probably the best thing to do is to reinstall your O/S.

You should make sure your data is backed up before you do this though.

Post Information

  • Total Posts in this topic: 12 posts
  • Users browsing this forum: No registered users and 34 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
cron
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.