The crappiest virus ever!

[bruxism]

I'm having the worst computer luck ever! first the undeletable porn, now, stupidly, my computers got some dumb ass virus!

 

i got it through MSN, (i know, flame me if you must, i'm an idiot) and the deal with it is, you get a message from the person you're talking to to check out a website, you go there, and you stupidly download something, and then it's on your computer. then if you try to talk to someone, it sends messages to your contacts telling them to check out "this cool website".

 

Symptoms of my shit house virus,

 

it won't let me run microsoft antispyware,

if i hit alt-ctrl-del the screen pops up for a second and then leaves again, so i can't stop processes or check anything

it won't let me make a hijack this log, i open it and then it quickly closes it

it seems to be making all antivirus websites i want to go to say that the website is unavailable

and of course, it tries to spread itself if i talk to anyone on msn

 

please help me, this is the crappiest virus ever!

[Steve]

What was the name of the file you accepted and ran?

[bruxism]

dude, i know you're going to call me an idiot, but i don't know. i assumed it was from a friend, i didn't realise his computer was automatically inviting me to get bent over and done up the bumhole!

 

any suggestions?

[Steve]

Easiest way is to add me on MSN and I'll see what happens when I'm sent the virus: -

 

dj_sigma_uk@hotmail.com

[Dice]

These are common mailer viruses/Mail client viruses. The file you downloaded was most likely a portal on to your computer for the hacker in question. Ill see if i can find any ways out but im not sure...

[Guest Ryan]

Hold down all the keys on your keyboard, and use your foot to unplug the computer from the wall. If that doesnt work get back to me

[bruxism]

2 cheers for STEVE!!!! hip hop, hooray! hip hop hooray, ho, hey ho!

 

anyway, virus gone, and as an extra treat, here is a hijack this log, this is an example of how not to look after you computer. ready? here we go!

 

Logfile of HijackThis v1.99.1

Scan saved at 7:20:46 PM, on 8/23/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\asuskbservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\D-Link\DSL-200\dslstat.exe

C:\Program Files\D-Link\DSL-200\dslagent.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\User\Desktop\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll

O3 - Toolbar: (no name) - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - (no file)

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon

O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [svshost] C:\WINDOWS\system32\eoepikd\svshost.exe

O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [svshost] C:\WINDOWS\system32\eoepikd\svshost.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ASUSKeyboardService - ASUSTeK COMPUTER INC. - C:\WINDOWS\asuskbservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: %NVSVC.name% (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

 

 

p.s trust noone, the internet is a dangerous place! you have been warned

[Steve]

Uninstall the AOL Toolbar via Add/Remove Programs unless you really must use it. It's shite though, so if I were you I'd ditch it. If you do remove it, reboot your PC before following these instructions........

 

Run HijackThis and check off the following: -

 

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O3 - Toolbar: (no name) - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - (no file)

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O4 - HKLM\..\Run: [svshost] C:\WINDOWS\system32\eoepikd\svshost.exe

O4 - HKCU\..\Run: [svshost] C:\WINDOWS\system32\eoepikd\svshost.exe

 

There were two entries for svshost.exe so make sure you get them both if they still show up.

 

If you decided to remove the AOL Toolbar, also check off these too (if present): -

 

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

 

Close ALL other windows except HijackThis and hit Fix Checked. Reboot your PC into Safe Mode and delete the following bold items: -

 

C:\WINDOWS\system32\eoepikd

C:\Program Files\AOL\AOL Toolbar 2.0

 

Download CCleaner from THIS site, install it and run it to clear out any temporary files, then reboot your PC back into regular Windows.

 

Start IE and hit Tools then Internet Options. Hit the Programs tab, then the Reset Web Settings button. Hit the Security tab, then the Internet Zone icon and if the security level has been set to low, hit the Default Level button. Finally, hit the General tab and re-enter your chosen homepage if necessary then hit Apply then OK.

 

You're not using a proper firewall. I'd recommend the free version of Sygate which you can get HERE. Download it, disable the built in XP firewall, then install Sygate. That will offer you more protection because it checks outgoing traffic as well as incoming.

 

You should be OK once all that's done. Post back if you have anymore problems.

[bruxism]

big thanks to steve, the man's a legend, who didn't mind helping out at all with a crappy problem and even had the patience to talk me (a computer idiot) through fixing it all up.

 

Now i've managed to help 3 friends to get rid of that crazy ass virus too!

 

and yes, even the undeletable porn is gone now!

 

cheers steve

[lem]

my computer is broken

[Steve]

What's up with it Lem? Read the first post in this thread and post a HijackThis log. I'll help you fix it if I can: -

 

http://www.digitalvertigo.co.uk/index.php?showtopic=90