Msn virus!? Hvordan fjerne det?!

[l_man]

Har fått msn virus:(

Hvordan får jeg driten vekk?

Selve viruset åpnet seg selv, å når det slår inn, så fryser tastaturet og musa, man har ikke mulighet til å trykke på noe som helst i den perioden når viruset får maskinen til å fryse. Annet enn restart knappen....

 

Formaterte i forrige uke,kjenner ikke at jeg orker formatere nok en gang denne uka...

 

Noen som vet en enkel og effektiv måte fjerne gørra på?

 

Takker for svar:)

[chberge]

Sikkert dumt spørsmål, men har du prøvd å la et anitviurs program skanne gjennom pcen din?

[PerB]

Les trådene i Programvare > Antivirusprogrammer og datasikkerhet hvor du vil få mange forslag og råd rundt dette temaet.

Endret 3. juni 2008 av PerB

[snippsat]

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

[l_man]

Sikkert dumt spørsmål, men har du prøvd å la et anitviurs program skanne gjennom pcen din?

 

Seff har jeg prøvd det xD

 

Last Combofix ned ,legg på skrivebordet.

Ikke klikk på vindu mens programet kjører.

post logg C:\combofix.txt

Skal teste det ut Asap

 

Takker for svar

[l_man]

Combofix Funke som bare juling

Maskinen er slik som den skal nå faktisk

 

Takker så meget

[norbat]

Du bør kopiere og lime inn loggen i din neste post, da det fortsatt kan ligge filer som skal fjernes.

[snippsat]

l_man når vi ber deg om og kjøre combofix skal alltid loggen postes.

Dette er ikke noe vanling scanning verktøy.

 

Den skal også avinnstallers.

Endret 4. juni 2008 av SNIPPSAT

[Resus]

En kompis av meg fikk MSN viruset i dag.

 

Har kjørt Combofix og fikk følgende logg fil.

Hva er det egentlig dere som skjønner dette her ser etter?

 

-----------------------------------------------------------------------------------

 

ComboFix 08-06-03.4 - Otsi 2008-06-04 21:58:00.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.221 [GMT 2:00]

Running from: C:\Documents and Settings\Otsi\Desktop\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Otsi\Application Data\macromedia\Flash Player\#SharedObjects\MZG9D6WQ\iforex.com

C:\Documents and Settings\Otsi\Application Data\macromedia\Flash Player\#SharedObjects\MZG9D6WQ\iforex.com\Emerp\Events\flash_object.swf\user_data.sol

C:\Documents and Settings\Otsi\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com

C:\Documents and Settings\Otsi\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol

 

.

((((((((((((((((((((((((( Files Created from 2008-05-04 to 2008-06-04 )))))))))))))))))))))))))))))))

.

 

2008-06-04 13:46 . 2008-06-04 13:46 53,252 -r-hs---- C:\WINDOWS\ehSched.exe

2008-05-31 16:24 . 2008-05-31 16:24 0 --a------ C:\WINDOWS\mngui.INI

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-02 22:37 --------- d-----w C:\Program Files\DC++

2008-06-02 11:21 --------- d-----w C:\Program Files\Clue

2008-05-20 12:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Aventail

2008-05-17 12:15 --------- d-----w C:\Documents and Settings\Otsi\Application Data\Audacity

2008-05-13 11:19 --------- d-----w C:\Documents and Settings\Otsi\Application Data\AdobeUM

2008-05-09 10:42 --------- d-----w C:\Program Files\Webteh

2008-04-30 10:50 2,889,336 ----a-w C:\TvantsSetup.exe

2008-04-14 11:55 --------- d-----w C:\Program Files\Windows Live Safety Center

2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys

2007-12-25 12:17 260,624 ----a-w C:\Documents and Settings\Otsi\Application Data\setup_no[1].exe

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:07 15360]

"MsnMsgr"="~C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]

"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-08-12 11:02 103712]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AGRSMMSG"="AGRSMMSG.exe" [2003-02-14 10:59 88107 C:\WINDOWS\AGRSMMSG.exe]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-03-10 19:45 35328]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-07-12 06:45 180269]

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 03:07 110592 C:\WINDOWS\system32\bthprops.cpl]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-03-19 21:37 155648]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-03-19 21:33 118784]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-24 03:24 282624]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]

"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2002-12-02 10:22 32768]

"HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2003-01-09 10:41 57418]

"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [2002-10-23 17:18 163840]

"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2003-01-09 09:57 53248]

"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-04-24 15:51 110592]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-04-24 15:44 610304]

"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-08-12 11:02 103712]

"Windows UDP Control Center"="ehSched.exe" [2008-06-04 13:46 53252 C:\WINDOWS\ehSched.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 03:07 15360]

 

C:\Documents and Settings\Otsi\Start Menu\Programs\Startup\

Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]

BTTray.lnk - C:\Program Files\Sitecom\Bluetooth-software\BTTray.exe [2003-12-01 15:28:00 499779]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.ACDV"= ACDV.dll

"MSACM.MSNAUDIO"= msnaudio.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\DC++\\DCPlusPlus.exe"=

"C:\\Program Files\\B2BPOKER\\Unibet Poker\\jre\\bin\\javaw.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"C:\\Program Files\\SopCast\\SopCast.exe"=

"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=

 

R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2002-10-29 14:25]

R1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys [2002-10-23 11:25]

R2 NgVpnMgr;Aventail VPN Client;C:\WINDOWS\system32\ngvpnmgr.exe [2007-01-16 09:15]

R3 NgLog;Aventail VPN Logging;C:\WINDOWS\system32\DRIVERS\nglog.sys [2007-01-16 09:13]

R3 NgVpn;Aventail VPN Adapter;C:\WINDOWS\system32\DRIVERS\ngvpn.sys [2007-01-16 09:14]

S3 NgFilter;Aventail VPN Filter;C:\WINDOWS\system32\DRIVERS\ngfilter.sys [2007-01-16 09:14]

 

*Newly Created Service* - CATCHME

.

Contents of the 'Scheduled Tasks' folder

"2008-06-02 09:07:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2008-06-04 15:12:02 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job"

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-04 22:01:20

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MsnMsgr = ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background?g?e

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-06-04 22:03:24

ComboFix-quarantined-files.txt 2008-06-04 20:02:29

 

Pre-Run: 144,633,856 bytes free

Post-Run: 447,389,696 bytes free

 

114 --- E O F --- 2008-05-29 01:02:34

[norbat]

Vi ser etter de filene som hører til denne (og evt. andre) infeksjoner.

 

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

 

File::

C:\WINDOWS\ehSched.exe

 

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows UDP Control Center"=-

 

Du trenger ikke å poste ny logg.

Fortell hvordan det går med msn-problemet.

 

EDIT: Neste gang oppretter du din egen tråd (klikk Nytt Emne-knappen), da det gjør det hele litt mer ryddig

Endret 4. juni 2008 av norbat

[Resus]

Tusen takk for kjapt svar!

 

MSN-problemet ser ut til å være borte.