Can someone take a look at this and advise. I was having a lot of problems with a trojan which seems to have been generating from the file: c:\windows\g_server2006, dll, and 123 I ran adaware, spybot, smitfraud, and hijack this. I went into msconfig and unchecked g_server. I changed the extensions in windows to .bak and moved to another folder. Here is the hijack this log: Logfile of HijackThis v1.99.1 Scan saved at 4:15:06 PM, on 7/30/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\wsys.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Plaxo\2.6.2.15\PlaxoHelper.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\D-Link\AirPlus G\AirGCFG.exe C:\WINDOWS\ALCWZRD.EXE C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\WINDOWS\LSASS.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Common Files\AOL\1134529827\ee\AOLSoftware.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE c:\program files\common files\aol\1134529827\ee\aim6.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE D:\Download\HijackThis_v1.99.1.exe O1 - Hosts: 61.129.75.124 mir.100888290cs.com O1 - Hosts: 61.129.75.124 woool.100888290cs.com O1 - Hosts: 61.129.75.124 www.mir5173.com O1 - Hosts: 61.129.75.124 ert0003.e76.163ns.com O1 - Hosts: 222.73.4.246 www.chenshijituan.com O1 - Hosts: 59.36.96.132 qq.etsoft.com.cn O1 - Hosts: 61.129.75.124 www.wg581.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134529827\ee\AOLSoftware.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\INTELAUDIOSTUDIO.exe" BOOT O4 - HKLM\..\Run: [ToP] C:\WINDOWS\LSASS.exe O4 - HKLM\..\Run: [SOUNDMAN] C:\WINDOWS\SYSTEM32\SOUNDMAN.EXE O4 - HKLM\..\RunServices: [] C:\WINDOWS\system32\intenat.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.15\PlaxoHelper.exe -a O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O12 - Plugin for .PSD: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab O18 - Protocol: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Check to fix these in HijackThis. [bold]O1 - Hosts: 61.129.75.124 mir.100888290cs.com O1 - Hosts: 61.129.75.124 woool.100888290cs.com O1 - Hosts: 61.129.75.124 www.mir5173.com O1 - Hosts: 61.129.75.124 ert0003.e76.163ns.com O1 - Hosts: 222.73.4.246 www.chenshijituan.com O1 - Hosts: 59.36.96.132 qq.etsoft.com.cn O1 - Hosts: 61.129.75.124 www.wg581.com O4 - HKLM\..\RunServices: [] C:\WINDOWS\system32\intenat.exe[/bold] Post new log after fix.
Too late, I somehow got the most malicious virus. Within a couple of hours my entire system was wiped out. w32/horn.A infected every dll and exe file and my AVG virus software could do nothing. I removed AVG and installed NOR32 I think was the name, could not heal the 'over 380 infected files'. I was dead in the road. I could not access system restore during any of this. I tried everything in my bag of tricks. Then when I finally gave in and went to format my hard drive and start all over, it killed my motherboard! My computer will not even start. I tried removing and installing the memory and checked all the connections but it seems to be a gonner. Anyone have anything to add or ask?
Holy sh*t! That's a very bad case of a virus! I'm sorry to here that. Do you know how you aquired this virus?
I have no idea, I was looking at different hotels for a trip to Costa Rica and these viruses started popping up, I couldn't find them on the internet for help to remove them. Here is a list of their names: win32/delf.bu, generic.ygx, generic.xlq, psw.generic.agent.bxj, w32.honk.a
