Results 1 to 6 of 6

Thread: virus probelms.

  1. #1
    Junior Member
    Join Date
    Mar 2010
    Posts
    3

    Default virus probelms.

    Hi.

    I have a computer here that has had ""xp defender", and possibly other viruses.
    I used a quick scan with SuperAntiSpyware, and found 3 trojans called "Ave.exe", i cleaned them and restarted as requested.

    Now, it seems to have gone as it is not running, but i think this removal didn't do the job because, now I'm trying to install malwarebytes but when i do that, it comes up with the "Open With" box, and a list of programs I should chose to open the program. This is the same for any other application even if it is installed

    Is this "open with" problem a virus or something else?


    Please help, thanks!

  2. #2
    Member
    Join Date
    Dec 2004
    Location
    NZ
    Posts
    44,851

    Default Re: virus probelms.

    Boot into safe mode / networking. Get hijackthis below, run it, click on scan the system and save a log. Copy and paste the log back here. And get trojan remover below, update it then click on scan. Then select all options under the utilities menu. Then try and install malwarebytes. What version of windows is it?

  3. #3
    Junior Member
    Join Date
    Mar 2010
    Posts
    3

    Default Re: virus probelms.

    Thanks. XP Professional, SP3 I Think. (Not my computer)

    I've booted into safe mode and all programs have the same problem of not opening.
    The only way i can get installed programs opening, is opening them with the shortcut after the "Open With" box comes up.

    Log is below:


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:17:28 PM, on 3/26/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Safe mode with network support

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Roger\My Documents\Downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
    O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
    O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe"
    O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
    O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"
    O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"
    O4 - HKLM\..\Run: [ASUSTPE] C:\WINDOWS\system32\ASUSTPE.exe
    O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\ASScrProlog.exe
    O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\ASScrPro.exe
    O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
    O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\Treshna\RemoteAssist\vnc\WinVNC.exe" -servicehelper
    O4 - HKLM\..\Run: [Netdrive] "C:\Program Files\Netdrive\Netdrive.exe" -tray
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [TRUUpdater] "C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" /bkground
    O4 - HKLM\..\Run: [WatcherHelper] "C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM')
    O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user')
    O4 - .DEFAULT User Startup: CCC.lnk = ? (User 'Default user')
    O4 - Startup: CCC.lnk = ?
    O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1243931308624
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NetDrive Service (ndsvc) - SolutionBox - C:\Program Files\Netdrive\ndsvc.exe
    O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
    O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe
    O23 - Service: SWAutoLaunch - Unknown owner - C:\Program Files\Sierra Wireless\3G Wireless Module\Generic\Components\SWAutoLaunch.exe
    O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\Treshna\RemoteAssist\vnc\WinVNC.exe

    --
    End of file - 6310 bytes

  4. #4
    Member
    Join Date
    Dec 2004
    Location
    NZ
    Posts
    44,851

    Default Re: virus probelms.

    You can tick these then tick fix checked

    Close browsers

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

    O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

    O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM')

    O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user')

    O4 - .DEFAULT User Startup: CCC.lnk = ? (User 'Default user')

    O4 - Startup: CCC.lnk = ?

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

    No sign of any nasties in this. Try trojan remover, update it first, and do a scan with that and then go to the utilities menu, select everything else. So, it can reset everything

    Then get ccleaner, install it then click on run cleaner. You'll have to close all browsers. Then will remove all the temp files etc

  5. #5
    Junior Member
    Join Date
    Mar 2010
    Posts
    3

    Default Re: virus probelms.

    Thanks for confirming there was no more malware. I ended up having to download an exe fix registry file. That seems to have fixed everything. Thanks
    again

  6. #6
    Member
    Join Date
    Dec 2004
    Location
    NZ
    Posts
    44,851

    Default Re: virus probelms.

    cool ! Did you scan with trojan remover and reset everything with it as well?

Similar Threads

  1. Konica minolta E50 Probelms
    By callum_62 in forum PressF1
    Replies: 3
    Last Post: 12-08-2006, 06:47 PM
  2. Installation Probelms with Money 99 and XP Pro
    By jeffericon in forum PressF1
    Replies: 3
    Last Post: 20-02-2005, 11:24 AM
  3. Replies: 8
    Last Post: 02-01-2003, 01:47 PM
  4. Replies: 4
    Last Post: 28-05-2002, 10:16 AM
  5. CD-ROM drive probelms
    By in forum PressF1
    Replies: 2
    Last Post: 07-04-2001, 07:46 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •