• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Virus help

S

shelaby

Golden Member
Ok, so my computer has this virus.

i am using antivir and about once an hour, this message pops up that says.

xxxxx.exe is the Trojan horse TR/Dldr.Small.alr.1
i googled for it, and nothing came up

where xxxxx is a different set of 5 numbers each time the message pops up

so i tell antivir to delete the file, pops up again in about an hour or less
if i deny it, same thing happens, it doesnt matter whcih option i choose, i cant get rid of the virus.

i have booted into safe mode and ran the virus check. got rid of it for the time being, but it comes back once i boot up normally.

I have tried ad-aware, microsoft antispyware, and antivir to get rid of it, but to no avail.

it hasnt done anything to my computer yet, because antivir never lets it run but that message is annoying.

if anybody has any ideas, or any other antivirus programs that worked for them please let me know

Thanks
 
Originally posted by: shelaby
did it, anti vir found the virus, got rid of it

now its back
Click to expand...

have you performed the manual removal instructions (or perhaps a cleaner program just for this bug)? Are you on a network? Are you fully patched?
 
yes, i have tried to manually remove it, dont know of any other good virus programs (any suggestions). i am at uconn right now, but i got this when i was at my home in mass. yes i am fully patched
 
well see if you can find out exactly what bug it is. There may be a clearn program from some of the other AV companies.

trendmicro
symantec
 
http://www.sysinternals.com/Utilities/ProcessExplorer.html

Run that in safe-mode and see what EXEs are running. Usually there's a source EXE that is somewhere in your computer that regenerates itself and creates a new file name. Try to find the suspicious one(s) and end them if you can. Then go and delete the EXE from your computer. Also empty your temporary Internet files because many trojans lie in there.

While in safe-mode, run MSCONFIG from a RUN window and see what processes/programs startup when the computer starts. Anything suspicious = uncheck it and reboot.

Good luck!
 
Logfile of HijackThis v1.99.1
Scan saved at 12:40:37 AM, on 9/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
E:\AntiVir\AVGUARD.EXE
e:\APC PowerChute Personal Edition\mainserv.exe
E:\AntiVir\AVWUPSRV.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ups.exe
E:\VNC4\WinVNC4.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
E:\Microsoft Antispyware\gcasServ.exe
E:\D-Link\AirCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
E:\Microsoft Antispyware\gcasDtServ.exe
E:\Logitech\iTouch\iTouch.exe
E:\Motherboard Monitor 5\MBM5.EXE
E:\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
E:\Winamp\winampa.exe
C:\Program Files\Daily Weather Forecast\weather.exe
E:\AntiVir\AVGNT.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
E:\AIM95\aim.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
E:\Vitrite\Vitrite.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
e:\APC PowerChute Personal Edition\apcsystray.exe
E:\mIRC\mirc.exe
E:\Winamp\winamp.exe
C:\Program Files\Ventrilo\Ventrilo.exe
E:\Steam\Steam.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\internet explorer\iexplore.exe
C:\DOCUME~1\Brendan\LOCALS~1\Temp\Rar$EX00.703\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://students.uconn.edu/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xoxide.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe Reader 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [gcasServ] "E:\Microsoft Antispyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [D-Link Air Utility] E:\D-Link\AirCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [zBrowser Launcher] E:\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MBM 5] "E:\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] E:\Winamp\winampa.exe
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "E:\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [AVGCtrl] E:\AntiVir\AVGNT.EXE /min
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\Run: [AIM] E:\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - Startup: Konfabulator.lnk = C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
O4 - Startup: Vitrite.lnk = E:\Vitrite\Vitrite.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Adobe Reader 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.goldenram.com/upgradedetect/upgradedetect.cab?562
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/14c529289143e5963505/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda...86/client/wuweb_site.cab?1121315945021
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - E:\AntiVir\AVGUARD.EXE
O23 - Service: APC UPS Service - American Power Conversion Corporation - e:\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - E:\AntiVir\AVWUPSRV.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - E:\VNC4\WinVNC4.exe" -service (file missing)

 
You must log in or register to reply here.

TRENDING THREADS

Back
Top