NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  
February 13, 2012, 02:51:16 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: SMF - Just Installed!
 
   Home   Help Search Login Register  

HELP PLEASE!...


AddThis Social Bookmark Button AddThis Feed Button
Pages: [1]
« previous next »
  Print  
Author Topic: HELP PLEASE!...  (Read 6593 times)
p0chacco
Newbie
*
Posts: 3


View Profile
« on: July 28, 2007, 05:12:52 AM »
Logfile of HijackThis v1.99.1
Scan saved at 7:05:10 PM, on 7/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Seagate\Sync\SeaSyncServices.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\DOCUME~1\JOSEMA~1\LOCALS~1\Temp\AutoDetect.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\JGochangco\My Documents\Applications\HijackThis.exe


F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\kernel.dll.vbs
O4 - HKLM\..\Run: [Aikelyu] C:\WINDOWS\system32\aikelyu.html
Logged
Guest
Guest
« Reply #1 on: July 28, 2007, 05:13:02 AM »
Hello, visitor!

The Hijack This log analyzer has analyzed your log. Please take a closer look on the results.

Your log does not indicate any spyware or virus infection. However, there are some entries that you might want to fix. Please follow the steps below.

The following entries are not malicious, but some of them are not used anymore. You may use HijackThis to fix a few of them. However, please keep in mind that some of the entries marked as Questionable or Not Needed are fully legitimate and might be required by installed software to work properly, while some others might be related to certain parasites. It is up to you to decide whether you need any of them, or not.
O4 - HKLM\..\Run: [Aikelyu] C:\WINDOWS\system32\aikelyu.html[/b:c8a1bfb31a]


The following files and Windows registry entries are marked as "unknown". Currently, the HijackThis Log Analyzer cannot provide required information on these items. The files and entries in the list below can be both malicious and fully legitimate. Because of this, please do not take any action! Wait for the forum responders or other forum users to provide you with necessary details and further instructions.
C:\Program Files\Seagate\Sync\SeaSyncServices.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\DOCUME~1\JOSEMA~1\LOCALS~1\Temp\AutoDetect.exe

If you want to see more detailed analysis of your log, click here.

Thank you for using the 2-Spyware.com HijackThis log analyzer beta 2!
Logged
p0chacco
Newbie
*
Posts: 3


View Profile
« Reply #2 on: July 28, 2007, 05:16:16 AM »
I've been trying REAL hard to delete

O4 - HKLM\..\Run: [Aikelyu] C:\WINDOWS\system32\aikelyu.html[/b:c8a1bfb31a]

AND

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\kernel.dll.vbs

But, everytime i delete both of them... BOTH of them REGENERATES.

Is it a virus? when i first got it. an html file popped up with some spanish words.

*STUMPED BAD*
Logged
p0chacco
Newbie
*
Posts: 3


View Profile
« Reply #3 on: August 08, 2007, 07:43:38 AM »
Still cant be deleted.

*bump*
Logged
Bobby
Administrator
Newbie
*****
Posts: 290



View Profile
« Reply #4 on: August 13, 2007, 02:40:35 AM »
hello,
have you tried to delete those entries in a safe mode? you can find safe mode instructions here.
Logged
I reccomend Spyware Doctor and Malwarebytes’ Anti-malware as ultimate protection.
stardestiny
Newbie
*
Posts: 1


View Profile
« Reply #5 on: August 15, 2007, 10:26:46 AM »
I've finally learned how to kill it... but first an intro...

I got this virus in a internet cafe in Cebu, Philippines

It exploits the autorun feature in memorycards and copies itself to computers and connected memory cards thereafter

Because it does not spread itself to the internet, it hasn't gained enough notoreity to be included in virus defenses of various programs

Be sure to also clean your infected memory cards...

Here's how you clean it:

Download startup control Panel at mlin.net (You're going to use this later)

Go to your Task Manager (Ctrl+Alt+Del)
Terminate the Wscipt.exe process
Terminate the Explorer.exe process

Click New Task and Type "cmd" (without the quotes)

type the following in your command prompt

del c:\pooh.vbs /f/s/q/a
del d:\pooh.vbs /f/s/q/a
(include your other drives and USB drives that have been infected)

del c:\autorun.inf
del d:\autorun.inf
(include your other drives and USB drives that have been infected)


del c:\windows\system32\kernell.dll.vbs

del c:\aikelyu.html /f/s/q/a

Use the start-up program from mlin.net to remove aikelyu.html on windows startup

Go to New Task and type "regedit" (without the quotes)

Go to

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

and modify it to make the value in Shell to only contain "explorer.exe"

That's about it... Good luck everybody...

Oh yeah... to the creator of the virus... "Jayker"... go f*ck yourself
Logged
Bobby
Administrator
Newbie
*****
Posts: 290



View Profile
« Reply #6 on: August 16, 2007, 01:40:59 AM »
hello stardestiny
i'm glad you want to help and you are welcome here. but please be kind enough to not spam this forum :roll: i left your post that was not spam, but if you post anything advertisement related, i won't hesitate to delete it again.
Logged
I reccomend Spyware Doctor and Malwarebytes’ Anti-malware as ultimate protection.
Pages: [1]
  Print  
« previous next »
 
Jump to:  




Recommended software:
STOPzilla
(90/100)
STOPzilla is a powerful anti-spyware program that detects, blocks, and removes malicious software allowing users to surf the Web not worrying about spyware, Trojan horses,...
Malwarebytes Anti Malware
(88/100)
There are loads of malware removers on the net today and most of them are lightweight applications, which usually means they’re fast and don’t...
Spyware Doctor
(87/100)
Spyware Doctor is a very powerful, but yet highly user-friendly spyware remover, made by PC Tools, reputable computer security experts. This product provides effective and...
SpyHunter
(86/100)
SpyHunter is a quite simple, but yet highly effective spyware remover with an easy-to-use interface. This program is an excellent choice for users, who are...
XoftSpySE Anti Spyware
(84/100)
XoftSpySE, an anti-spyware program made by ParetoLogic, Inc., is a simple, but effective on-demand scanner with the typical set of functions but very easy to...
Encyclopedia of parasites:

Spreading the knowledge:

It is very hard to fight Computer parasites alone in internet space. If you have a website we would be more than happy if you would help us to spread the knowledge about latest threats. You can help your visitors to manage their Computer system manually without aditional expences. Knowledge is the power, we just need to spread it.
add text box
rss feed
help other
Latest Spyware Threats: Internet Security 2012 | Win 7 Total security 2012 | System Check | Win 7 Internet Security 2012 | Win 7 Home Security 2012 | Win 7 Antivirus 2012 | Win 7 Antispyware 2012 | Vista Security 2012 | Vista Antivirus 2012 | Vista Antispyware 2012 | XP Antispyware 2012 | XP Antivirus 2012 | XP Security 2012 | XP Home Security 2012 | Security Shield
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2011 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.