Found 10 viruses

Discussion in 'Trojan Defence Suite' started by mao, Jun 8, 2004.

Thread Status:
Not open for further replies.
  1. mao

    mao Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    7
    I've just scanned my computer with the pc pitstop virus scan,and it has found 10 viruses,i have panda titanium antivirus software,i've run the scan on there too but it hasn't found any viruses,could any one help me in removing these viruses,here are the viruses that pc pitstop found,by the way i'm a new with computers.
    The Trj/Revop.A Virus was found in file C:\_RESTORE\TEMP\A0007859.CPY
    The Trj/Revop.F Virus was found in file C:\_RESTORE\TEMP\A0007862.CPY
    The Trj/Revop.E Virus was found in file C:\_RESTORE\TEMP\A0007863.CPY
    The Trj/Revop.E Virus was found in file C:\_RESTORE\TEMP\A0017626.CPY
    The Trj/StartPage.EB Virus was found in file C:\_RESTORE\TEMP\A0023650.CPY
    The Trj/StartPage.CM Virus was found in file C:\_RESTORE\TEMP\A0023662.CPY
    The Trj/Startpage.DI Virus was found in file C:\_RESTORE\TEMP\A0023743.CPY
    The Trj/Startpage.DI Virus was found in file C:\_RESTORE\TEMP\A0023848.CPY
     
  2. jaredite

    jaredite Registered Member

    Joined:
    Apr 21, 2004
    Posts:
    7
    Don't panic download NOD32 antivirus trial version update after installation and then scan your computer.
     
  3. mao

    mao Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    7
    thanks for replying jaredite,is it safe to have two antivirus programs running at the same time,i currently have panda titanium antivirus.
     
  4. dog

    dog Guest

    Hi Mao, :)

    It looks like those viruses have been cleaned by your AV ... the scan results indicate they're in system restore (XP) info ... try cleaning up some of your older restore points ... Select - Start -> control panel -> Performance and maintainence -> Free up space on your hard disk -> click the more options tab -> Clean up for System restore -> hit OK (this is for the default XP style)

    Then rescan with the online scan. See if the results are different. Post back if they are, and I can give you instruction to clear all the restore points, if a few still exist.

    HTH

    dog - *puppy*

    Yes, you can use more than one AV, so long as only one runs a resident (live) and the other on demand.
     
  5. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi there and welcome to the TDS forum!
    Since your infections are in system restore the easiest way is in my computer > troubleshooting disable system restore, reboot, enable system restore again and those former restore points with the infection have gone. Now make manually a new restore point of the situation.

    Since you posted in the TDS forum, --Nod32 is a very nice choice, one of the best for anti-trojans-- but your Panda is also an anti-virus/anti-trojan combination.
    with the current threats i would recommend to look also at the DiamondCS site for TDS which is a specific anti-trojan.
    There is in general not any problem having more ptrotective tools installed on your system, as long as none or only one at the time is set for resident protection.
    TDS works very different: it has a resident protection to check all executable code before it is allowed to run (in the registered version of TDS) the exec protection. this part is not a running process so you can leave that always on.
    KIf you scan with one of your scanners (NOD, Panda) others must be stopped during that, TDS can be up as long as you don't have it actively scanning at the same time, and during a TDS scan the other two must be stopped.
    So after installing TDS, reboot, (you were doing that anyway because of that system restore thing) back to the TDS download page for the update of the latest definitions, and have TDS doing a full system scan with all scan options in the scan console enabled and all unnecessary applications closed, sit bak for a coffee as it can take a while.
    In the end, in the bottom console with alerts right click on one of the items and save to text, which (scandump.txt) file you can paste in your next posting.

    In the meantime (before starting your scan or when it's finished, up to you) you read thios thread [thread]15913[/thread] about in step #2 hto download the Hijackthis file and how to create and post your Hijackthis log file for the experts to help you with looking at your system and possible malware.
    So you have a few things to do, we're here for you to help you out, so please post back soon!
     
  6. mao

    mao Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    7
    Hi Jooske,thanks for your reply,i also have a problem when i go onto ie as soon as i go on there about:blank appears on my homepage could you tell me how i can get rid of this heres my hijack this log.


    Logfile of HijackThis v1.97.7
    Scan saved at 16:03:04, on 08/06/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\INTRUSTW.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\APVXDWIN.EXE
    C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM ANTIVIRUS 2004\WEBPROXY.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\KRSNCVQX\HIJACKTHIS[1].EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\HDKPAA.DLL/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\HDKPAA.DLL/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\HDKPAA.DLL/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\HDKPAA.DLL/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\HDKPAA.DLL/sp.html (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\HDKPAA.DLL/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    O2 - BHO: (no name) - {78E9FF8F-9FD4-4DA1-9418-D948F0FBF67F} - C:\WINDOWS\SYSTEM\HDKPAA.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
    O4 - HKLM\..\Run: [INTRUSTW] C:\WINDOWS\SYSTEM\INTRUSTW.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
    O10 - Unknown file in Winsock LSP: c:\program files\panda software\panda titanium antivirus 2004\pavlsp.dll
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37906.4086574074
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7b77298065d0b9/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://phobos.apple.com/detection/ITDetector.cab
    O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE} (Tukati Launcher) - http://http.gamezone.tukati.com/tukati/1.7.20.20/tukati.cab
    O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4364/mcfscan.cab
     
  7. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Hi Mao, welcome to Wilders. :D

    What Jooske said about System Restore is the easiest way to clean it out, however, if you are infected with anything else after that, it will only restore those new items to it also. Your system needs to be cleaned and I see you posted your HJT log in here.

    There is a special thread in this Forum specifically for HJT logs.

    If you would like to repost it here: https://www.wilderssecurity.com/forumdisplay.php?f=26

    some expert there will assess it and help. :)

    Cheers, TAS
     
  8. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
Thread Status:
Not open for further replies.