msupdate16.exe virus?

[Runar]

Nesten hver gang dataen skrur seg på, kommer det opp melding om at filen msupdate16.exe i system32 mappen er spyware(eller noe) men antivirus programemt kan ikke fjerne det. Er det et virus eller et det update filen som er smittet. Og er det da trykt å fjerne den manuelt?

[Gunnar B]

http://forums.techguy.org/t138215/s19395b3...7a7c854f71.html

Les denne posten,nede på siden står det.

After rebooting find and delete the MSUPDATE16.EXE file, which is a worm or trojan.

 

Kjør disse programmene også.(Husk å oppdatere).

Adaware: http://www.lavasoft.de/support/download/

Spybot: http://www.safer-networking.org/

 

Hijackthis: http://www.spywareinfo.com/~merijn/downloads.html

 

Hijackthis is a general homepage hijackers detector and remover. Initially based on the article Hijacked!, but expanded with almost a dozen other checks against hijacker tricks. It is continually updated to detect and remove new hijacks. It does not target specific programs/URLs, just the methods used by hijackers to force you onto their sites. As a result, false positives are imminent and unless you are sure what you're doing, you should always consult with knowledgable folks (e.g. the forums) before deleting anything.

[Runar]

Takk for hjelpen. Men kan du si hvilke filer i logg-filen jeg skal fjerne?

 

Her er loggen:

 

Logfile of HijackThis v1.97.7

Scan saved at 18:51:29, on 12.03.2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG6\avgserv.exe

C:\WINDOWS\System32\cisvc.exe

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7Debug\mdm.exe

C:\Programfiler\Norman\NPF\NPFSVICE.EXE

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\cidaemon.exe

C:\WINDOWS\Explorer.EXE

C:\Programfiler\Microsoft Hardware\Keyboard\type32.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

C:\WINDOWS\System32\pctspk.exe

C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe

C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe

C:\Programfiler\QuickTime\qttask.exe

C:\Programfiler\Fellesfiler\CMEII\CMESys.exe

C:\Programfiler\MSN Messenger\msnmsgr.exe

C:\Programfiler\Norman\NPF\npfmsg.exe

C:\Programfiler\Sony Ericsson\Mobile\audevicemgr.exe

C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE

c:\Programfiler\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe

C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CapMan.exe

C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\ElogErr.exe

C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\BROADC~1.EXE

C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\SCRFS.exe

C:\PROGRA~1\SONYER~1\MOBILE\MOBILE~1\EPMWOR~1.EXE

C:\Programfiler\Lavasoft\Ad-aware 6\Ad-aware.exe

C:\Documents and Settings\Gjest.RUNAR\Skrivebord\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearchnow.com/searchbar.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://mysearchnow.com/searchbar.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.c2i.net/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://oca.microsoft.com/auto.asp?id=10_8_....2.00010300.1.0

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: BrowserAccelerator - {2D6A91CF-37C6-4EB2-A8D8-F65F1DB14ECE} - C:\WINDOWS\Downloaded Program Files\BrowserAccelerator.dll

O4 - HKLM\..\Run: [WorksFUD] C:\Programfiler\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programfiler\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [WINSTA~1.EXE] C:\WINDOWS\System\WINSTA~1.EXE -b

O4 - HKLM\..\Run: [intelliType] "C:\Programfiler\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe

O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP

O4 - HKLM\..\Run: [Windows Update] msupdate16.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [CMESys] "C:\Programfiler\Fellesfiler\CMEII\CMESys.exe"

O4 - HKLM\..\RunServices: [Microsoft Cvrt] mscvrt32.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: NPF Messenger.lnk = ?

O4 - Global Startup: Phone Connection Monitor.lnk = ?

O4 - Global Startup: GStartup.lnk = C:\Programfiler\Fellesfiler\GMT\GMT.exe

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Subscribe in Desktop Sidebar (HKLM)

O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar (HKLM)

O9 - Extra button: Researcher (HKLM)

O9 - Extra button: Mail This Page! (HKLM)

O9 - Extra 'Tools' menuitem: Mail This Page! (HKLM)

O9 - Extra button: Real.com (HKLM)

O12 - Plugin for .pdf: C:\Programfiler\Internet Explorer\PLUGINS\nppdf32.dll

O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.c2i.net/

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstall...unknown&unknown

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebpr...etup1.0.0.5.cab

O16 - DPF: {1FDEC088-A699-46FE-BF76-D5FD6DAE6150} (UCSearch.ucUCSearch) - http://www.armbender.com/UCSearch.CAB

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab

O16 - DPF: {2D6A91CF-37C6-4EB2-A8D8-F65F1DB14ECE} (BrowserAccelerator) - http://download.browseraccelerator.com/Bro...ccelerator2.cab

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200211...meInstaller.exe

O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab

O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/patch/EARTPX.cab

O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab

O16 - DPF: {5B27C20D-FFB6-4054-BA78-DE4A059BC75A} (Microsoft Office Template Downloader) - http://office.microsoft.com/norge/templateGallery/msotd.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

O16 - DPF: {94742E3F-D9A1-4780-9A87-2FFA43655DA2} - http://akamai.downloadv3.com/binaries/Dial...TML_pack_XP.cab

O16 - DPF: {99E79790-2B09-11D6-8C73-0800460222F0} - http://www.andlotsmore.com/plug/install.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7864.2742592593

O16 - DPF: {AA59BA6E-B44F-4514-AB3C-0C1DD2306FC3} (MSN Money Charting) - http://fdl.msn.com/public/investor/v12/invinstl.exe

O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab

O16 - DPF: {C1C2AC28-5E4B-4228-B7A0-05E986FFCE14} (TIBSLoader Class) - http://movie-browser.com/tl4000.dll

O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/patch/MaxisSimCity4PatcherX.cab

O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://flash.vg.no/codvg/cabs/cssweb.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?310

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab