Microsoft Genuine Software

Discussion in 'Windows - Virus and spyware problems' started by Haomaru, Apr 15, 2007.

  1. Haomaru

    Haomaru Member

    Joined:
    Jun 26, 2006
    Messages:
    98
    Likes Received:
    0
    Trophy Points:
    16
    Hey i have a problem with a software which i think is a virus, once windows load up after a few seconds it appears in the tray icon right beside the time, its a blue star that stays there permanently, when u right click the icon, the different options that come up are
    1 validation purchase details, 2 Purchase a genuine windows license,
    3 Benefits of Genuine & 4 Change notification settings, i figured more of less its some malware, but i did the necessary stuff & it still remains on my PC, i ran Smithfraud, Hijack this, & even tried deleting the infected file with Killbox, the file i tried deleting was this [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"="e:\\windows\\system32\\mllmljj.dll" and it says file cannot be deleted, i ran smithfraud using option 2 and it didn't clean the infected files, so i ran option 1 *search*, anyway i am gonna posts both the rapport log, and the Hijack This log, any help would be greatly appreciated. *thanks in advance*

    (Hijack This Log)

    Boot mode: Normal

    Running processes:
    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\system32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\system32\spoolsv.exe
    E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    E:\Program Files\Alwil Software\Avast4\ashServ.exe
    E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    E:\WINDOWS\Explorer.EXE
    E:\WINDOWS\system32\svchost.exe
    E:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    E:\WINDOWS\system32\ctfmon.exe
    E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    E:\WINDOWS\system32\WgaTray.exe
    E:\Program Files\Internet Explorer\IEXPLORE.EXE
    E:\WINDOWS\system32\wuauclt.exe
    E:\Documents and Settings\Devon\Desktop\HiJackThis_v2.0.0.0.exe

    O2 - BHO: (no name) - {1B3C9DF5-33A4-436E-9821-475EA3CA6324} - E:\WINDOWS\system32\vturo.dll
    O2 - BHO: (no name) - {3546e5c2-075f-48db-a636-6bfe3de5248c} - E:\WINDOWS\system32\dosund.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [PcSync] E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [PcSync] E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O20 - AppInit_DLLs: e:\windows\system32\mllmljj.dll
    O20 - Winlogon Notify: dosund - E:\WINDOWS\SYSTEM32\dosund.dll
    O20 - Winlogon Notify: vturo - E:\WINDOWS\system32\vturo.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe

    --
    End of file - 3647 bytes

    (Rapport Log)


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» E:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"="e:\\windows\\system32\\mllmljj.dll"


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{68D9CAA3-3A0E-41BD-B1E6-A84EFB316EEF}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{68D9CAA3-3A0E-41BD-B1E6-A84EFB316EEF}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{68D9CAA3-3A0E-41BD-B1E6-A84EFB316EEF}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{68D9CAA3-3A0E-41BD-B1E6-A84EFB316EEF}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
    Haomaru, Apr 15, 2007
    #1
  2. blivetNC

    blivetNC Regular member

    Joined:
    Nov 8, 2005
    Messages:
    1,692
    Likes Received:
    0
    Trophy Points:
    46
    It appears that your copy of windows appears to be fake or pirated, contact whomever you got the license from and inform them of this. The license has probably been installed on more than one system and Microsoft is aware of this and is nicely asking you to correct this by purchasing an additional license.
     
    blivetNC, Apr 15, 2007
    #2
  3. Haomaru

    Haomaru Member

    Joined:
    Jun 26, 2006
    Messages:
    98
    Likes Received:
    0
    Trophy Points:
    16
    Ok thanks, it's just that i had a similar problem, but mines was jus a malware that wanted me to buy their product, so i figured this was the same
     
    Haomaru, Apr 16, 2007
    #3

Share This Page