Can anyone help? Through much trial and error (and by running Hijack This) I believe that my system has been infected by Ms4Hd. Programs, applications, drivers, etc.. randomly will be uninstalled. Hijack This suggests that I revert to an earlier version than the current version (HijackThis_v1.99.1.exe) but I can't find an earlier version anywhere. Suggestions?
Hmm... i smell a worm... Post your HijackThis log it will be very helpful 1.)Download & install KasperSky Anti-Virus - http://usa.kaspersky-labs.com/trial...ownloads/trial-versions.php&chapter=146481750 (you must have a valid email to download it) 2.)Download & install Avast! Home Editon - http://www.download.com/Avast-Home-Edition/3000-2239_4-10533644.html?tag=lst-3-2 3.)Download & install AVG Anti-Virus - http://www.download.com/AVG-Anti-Virus-Free-Edition/3000-2239_4-10596553.html?tag=lst-3-4 4.)UPDATE ALL SOFTWARE ONE AT A TIME 5.)RUN ALL anti-virus software in safe mode 6.)Make Avast! do a boot time scan... to do this open Avast! then go to the button that looks a eject symbol in the upper left hand corner then look for "Schedule Boot-Time Scan" then select the option "Scan archive files" 7.)Run HijackThis and post back with your log... i found HijackThis 1.99.1 http://www.download.com/HijackThis/3000-8022_4-10379544.html?tag=lst-0-1 P.S... if all else fails NUKE IT!... just kidding
thanks for responding.....here's my hijack this log. let me know your thoughts.... Logfile of HijackThis v1.99.1 Scan saved at 7:43:34 PM, on 10/24/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\netdde.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Computer Associates\CA Anti-Virus\ISafe.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\system32\svchost.exe C:\Computer Associates\CA Anti-Virus\VetMsg.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\dmadmin.exe C:\Computer Associates\cctray\cctray.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Computer Associates\CA Anti-Virus\CAVRID.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe D:\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\LVComsX.exe C:\Documents and Settings\TOM SUTHER\Desktop\HijackThis_v1.99.1.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 65.26.92.202 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [cctray] "C:\Computer Associates\cctray\cctray.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Computer Associates\CA Anti-Virus\CAVRID.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SpybotSnD] "D:\Spybot - Search & Destroy\SpybotSD.exe" /autoclose /waitstart O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Computer Associates\CA Anti-Virus\ISafe.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Computer Associates\CA Anti-Virus\VetMsg.exe
it doesn't sound like a worm it could be several viruses that just hit here is a listr 1.monkey b exteme virus: deletes drivers nad systems files funny though doesn't attach it self to music and office documents 2.mega delete 33: this is not a real virus it is a fake virus that inhabits auto exec.bat and gives you a fake ms dos startup screen s simple remedy back up the system files autoexec.bat and config.sys
