Photoalbum.2007.rar //dsc515607.jpg Www.photoland.com Virus Help!
-
Photoalbum.2007.rar //dsc515607.jpg Www.photoland.com Virus Help!
Recently, I accepted a file from my friend name "photoalbum2007.rar" on MSN MESSENGER. I execute the file. Now, the virus keep sending the file to everyone in my contact list. how can i get rid of it? please help me
ive also done a bitdefender scan and the log file is after the hijack log file
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 17:17:55, on 23/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\AOL\1186429647\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HiJackThis_v2.exe
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1186429647\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\Go ogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/game...ts/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/game...ts/y/kt4_x.cab
O16 - DPF: Yahoo! Chinese Checkers - http://download.games.yahoo.com/game...s/y/cct0_x.cab
O16 - DPF: Yahoo! Hearts - http://download2.games.yahoo.com/gam...ts/y/ht1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://yog72.games.scd.yahoo.com/yog/y/poti_x.cab
O16 - DPF: {0B96BF84-DA5C-46F4-A7FC-5319CFF74163} (MnetLauncher Control) - http://player.mnet.com/package/cjmuset.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {68253470-5D4F-4CDF-8D9C-353C14A2F013} (SVPorsche Control) - http://imgcdn.pandora.tv/pan_img/liv.../SVPorsche.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1149173366437
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.ipop.co.kr/gom/GomWeb.cab
O16 - DPF: {868AB0F0-C411-4DB5-8279-E38AE3CDA3FD} (OiMPlayerCtrl Class) - http://listen.daum.net/52st/OiMPlayer/52MPlayer.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab9_1/dm...rsion=1,0,0,10
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{81DCFDDF-B481-46CC-9CB6-60A9C3E1D872}: NameServer = 205.188.146.145
O21 - SSODL: prodigy1 - {6D9C4B54-517D-4B1B-8393-573CBA564EE6} - newsystem25.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 7462 bytes
BitDefender Online Scanner
Scan report generated at: Thu, Aug 23, 2007 - 18:35:17
Scan path: A:\;C:\;E:\;F:\;G:\;
Statistics
Time
01:48:19
Files
225803
Folders
5969
Boot Sectors
4
Archives
7650
Packed Files
8810
Results
Identified Viruses
6
Infected Files
10
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
9
Engines Info
Virus Definitions
749682
Engine build
AVCORE v1.0 (build 2411) (i386) (Jul 9 2007 12:10:22)
Scan plugins
14
Archive plugins
37
Unpack plugins
6
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\Chi Hao\Desktop\DSC515607.jpg-www.pictureland.com
Infected with: Backdoor.Ircbot.ABFA
C:\Documents and Settings\Chi Hao\Desktop\DSC515607.jpg-www.pictureland.com
Disinfection failed
C:\Documents and Settings\Chi Hao\Desktop\DSC515607.jpg-www.pictureland.com
Deleted
C:\RECYCLER\S-1-5-21-1043198755-3581506895-1790521817-1006\Dc4.zip=>DSC515607.jpg-www.pictureland.com
Infected with: Backdoor.Ircbot.ABFA
C:\RECYCLER\S-1-5-21-1043198755-3581506895-1790521817-1006\Dc4.zip=>DSC515607.jpg-www.pictureland.com
Disinfection failed
C:\RECYCLER\S-1-5-21-1043198755-3581506895-1790521817-1006\Dc4.zip=>DSC515607.jpg-www.pictureland.com
Deleted
C:\RECYCLER\S-1-5-21-1043198755-3581506895-1790521817-1006\Dc4.zip
Updated
C:\WINDOWS\chi.exe
Infected with: Win32.Chiclen.A
C:\WINDOWS\chi.exe
Disinfection failed
C:\WINDOWS\chi.exe
Deleted
C:\WINDOWS\Help\freecell.hlp
Infected with: Trojan.Spy.Agent.OE
C:\WINDOWS\Help\freecell.hlp
Disinfection failed
C:\WINDOWS\Help\freecell.hlp
Deleted
C:\WINDOWS\Help\fxsclnt.hlp
Infected with: Trojan.Spy.Agent.OE
C:\WINDOWS\Help\fxsclnt.hlp
Disinfection failed
C:\WINDOWS\Help\fxsclnt.hlp
Deleted
C:\WINDOWS\myphotos2007.zip=>DSC515607.jpg-www.pictureland.com
Infected with: Backdoor.Ircbot.ABFA
C:\WINDOWS\myphotos2007.zip=>DSC515607.jpg-www.pictureland.com
Disinfection failed
C:\WINDOWS\myphotos2007.zip=>DSC515607.jpg-www.pictureland.com
Deleted
C:\WINDOWS\myphotos2007.zip
Updated
C:\WINDOWS\system32\mstsdsc.exe
Infected with: Trojan.Proxy.Cimuz.CV
C:\WINDOWS\system32\mstsdsc.exe
Disinfection failed
C:\WINDOWS\system32\mstsdsc.exe
Deleted
C:\WINDOWS\system32\newsystem25.dll
Infected with: Backdoor.Ircbot.ABFA
C:\WINDOWS\system32\newsystem25.dll
Disinfection failed
C:\WINDOWS\system32\newsystem25.dll
Delete failed
C:\WINDOWS\system32\ocgadkfm.exe
Infected with: Generic.Malware.SM!dldg.A921BD58
C:\WINDOWS\system32\ocgadkfm.exe
Disinfection failed
C:\WINDOWS\system32\ocgadkfm.exe
Deleted
C:\WINDOWS\system32\qdkchplf.dll
Infected with: Trojan.Downloader.GI
C:\WINDOWS\system32\qdkchplf.dll
Disinfection failed
C:\WINDOWS\system32\qdkchplf.dll
Deleted
Last edited by dbj; 23-08-2007 at 06:48 PM.
-
Welcome,
Download SDFix and save it to your Desktop.
Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, a menu with options should appear;
- Select the first option, to run Windows in Safe Mode, then press "Enter".
- Choose your usual account.
- In Safe Mode, right click the SDFix.zip folder and choose Extract All,
- Open the extracted folder and double click RunThis.bat to start the script.
- Type Y to begin the script.
- It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
- Your system will take longer that normal to restart as the fixtool will be running and removing files.
- When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
- Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log
