hard to remove virus. (HijackThis)

Hey all, I got the virus , one of the Gaobot and it totally fu*ked up my system, it deleted the "search" option in the start Menu , I couldn’t get in Symantec page after thatI couldn't get into the internet at all...so on .

I reinstalled Windows Xp pro on my system, updated my Norton Antivirus, did a full scan but nothing come up. After some time I got a massage from the antivirus that he found the virus W32.HLLW.Gaobot.AO and deleted it. Again I did a full scan, but he didn’t find any thing, the antivirus keeps finding this virus in the file winhlpp32.exe and deletes it evry half an hour or so. I tried adware, spybot, and couple more softwares like that, but nothing. I also tried symantec removel tool, and manual remove…..NOTHING! it keeps adding web pages to "hosts" and i keep removing them. my system became sooo sloww.. What should I do?

Posted: Fri Apr 30, 2004 4:48 pm Post subject:

--------------------------------------------------------------------------------

i rescaned my computer with Kasperski antivirus and found alot of "Backdor" crap and deleted them, but the first powerfull virus is still in my system, i cant work on my system coz every thing is 100 times more slow then it use to before the virus.
maybe some files are deleted from the virus thats why its so slow? ..

here is the new log.

Logfile of HijackThis v1.97.7
Scan saved at 05:10:22, on 30/04/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\new\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://windowsupdate.microsoft.com/
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &רדיו - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL332.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /wait
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004...scan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C...5152893519
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc...wflash.cab

 

Hi segevgold,

Can you tell us the exact complete location (path : c:\.... etc) where your AV detects it on your PC?

Thnx

Cheers,