Page 1 of 2 12 Last
  • Jump to page:
    #1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2013
    Posts
    12
    Rep Power
    0

    Advanced version of moneypak virus, need some high-level help please


    Hi, i contracted the moneypak virus while surfing the web. I've seen this virus before and was able to remove it from a friends laptop with some avira anti-virus software, but this one i just got on my desktop is much more difficult.

    Ok so to launch in -- I'm using a custom built desktop with windows XP operating system. Originally this virus attached itself to explorer.exe and if not terminated via task manager it would sieze my system (in both normal and safe mode), this took approximately 5 seconds and was difficult to thwart. I looked online on how to get rid of the virus unfortunately all the remedies have been comprimised: cant get online help (blocked), cant install antivirus software (its got something hogging memory that wont allow various anti-virus software to be launched each with thier own unique error), i cant do a system restore (says it cant be performed safely, restart system), and cant launch the antivirus software from flashdrive.

    I've tried closing down all my task manager process trees but i think the virus stuck itself in something that cant be closed like system_idle.exe. anyways im really stumped as to what to try next, i've got very limited functionality in both normal and safe mode (can use like windows explorer and search functions, but its as if theres some kind of intentional logic loop tieing up tons of system resources).

    Would love an experienced helping hand. Thanks.
  2. #2
  3. They're coming to take me away

    Join Date
    Jan 2005
    Location
    Florida
    Posts
    5,105
    Rep Power
    5049
    Unplug the network cable, restart the computer in Safe Mode. On another computer, download files and copy to flash drive from Sticky "If you have infection issues start here first" at top of AV forum. Try flash drive in safe mode (with networking cable unplugged). See if you can install the programs.

    You can also check Internet Explorer --> Tools --> Internet Options and verify under connection, LAN settings, that there is no proxy set.
    "I don't need to get a life. I'm a gamer. I have lots of lives!"
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2013
    Posts
    12
    Rep Power
    0
    ok so i went ahead and started following the instructions and successfully ran Ccleaner and the ATF cleaner. I downloaded malwarebytes and launched it from a flashdrive, it claims a run-time error: 372. Failed load control 'vbalgrid' from vbalsgrid6.ocx. Your version of vbalsgrid6.ocx may be outdated. make sure you are using the version of the control that was provided with your application.

    How should I proceed?
  6. #4
  7. They're coming to take me away

    Join Date
    Jan 2005
    Location
    Florida
    Posts
    5,105
    Rep Power
    5049
    Skip malwarebytes for now.
    "I don't need to get a life. I'm a gamer. I have lots of lives!"
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2013
    Posts
    12
    Rep Power
    0
    placeholder post to submit urls--
  10. #6
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2013
    Posts
    12
    Rep Power
    0
    placeholder to post urls--
  12. #7
  13. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2013
    Posts
    12
    Rep Power
    0
    placeholder--
  14. #8
  15. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2013
    Posts
    12
    Rep Power
    0
    final placeholder--
  16. #9
  17. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2013
    Posts
    12
    Rep Power
    0
    ok, I skipped the malwarebytes step and moved onto superantispyware. it found 7 malicious threats, then an additional 5 trackers. It does not appear to me it picked up on the moneypak virus, but i did indeed remove some 12 'bad things'. I was unable to run bitdefender as the virus still has my internet disabled. I did a quick peak in my network connections and there are no setup connections, when i tried creating a new one it claimed i already had a lan connection. Not sure if this is relivent. For all steps asking me to update my versions I am obviously unable to comply, having no internet access. I think it's worth noting, something is preventing my computer from picking up the flashdrive/new hardware feature in non-safe mode

    Something is still chewing up tons of system resources-- the following is a superantispyware log (followed by a hijackthis in safe mode, with no user-forced process tree terminations):

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 01/31/2013 at 11:28 PM

    Application Version : 5.6.1014

    Core Rules Database Version : 9954
    Trace Rules Database Version: 7766

    Scan type : Complete Scan
    Total Scan Time : 04:37:10

    Operating System Information
    Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
    Administrator

    Memory items scanned : 199
    Memory threats detected : 0
    Registry items scanned : 32547
    Registry threats detected : 4
    File items scanned : 98562
    File threats detected : 8

    Malware.Trace
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run#Adobe [ rundll32 "C:\Documents and Settings\Serain\Local Settings\Application Data\Deployment\Adobe\skggx.dll",DllRegisterServerW ]
    HKU\S-1-5-21-507921405-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run#Adobe [ rundll32 "C:\Documents and Settings\Serain\Local Settings\Application Data\Deployment\Adobe\skggx.dll",DllRegisterServerW ]
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run#Adobe [ rundll32 "C:\Documents and Settings\Serain\Local Settings\Application Data\Deployment\Adobe\skggx.dll",DllRegisterServerW ]
    HKU\S-1-5-21-507921405-413027322-839522115-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL

    Adware.Tracking Cookie
    ad.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\R3XRB9EC ]
    cdn5.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\R3XRB9EC ]
    content.yieldmanager.edgesuite.net [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\R3XRB9EC ]
    crackle.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\R3XRB9EC ]
    objects.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\R3XRB9EC ]

    Trojan.Agent/Gen-Kazy
    C:\DOCUMENTS AND SETTINGS\SERAIN\DESKTOP\VIRUS REMOVAL\EXEFIX.SCR

    Trojan.Agent/Gen
    ZIP ARCHIVE( C:\QOOBOX\QUARANTINE\[4]-SUBMIT_2011-12-08_13.45.02.ZIP )/7WDKXF13.COM_
    C:\QOOBOX\QUARANTINE\[4]-SUBMIT_2011-12-08_13.45.02.ZIP



    ===============================
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:57:53 AM, on 2/1/2013
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Safe mode

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (file missing)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (file missing)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKLM\..\Run: [AntiMalware] "C:\Documents and Settings\All Users\Application Data\AntiMalware.exe"
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [Corel Photo Downloader] "c:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [assembly] rundll32.exe "C:\Documents and Settings\Serain\Local Settings\Application Data\Chromium\assembly\jqvxxb.dll",COMMITQQW
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-21-507921405-413027322-839522115-1003\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent (User '?')
    O4 - HKUS\S-1-5-21-507921405-413027322-839522115-1003\..\Run: [Corel Photo Downloader] "c:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup (User '?')
    O4 - HKUS\S-1-5-21-507921405-413027322-839522115-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
    O4 - HKUS\S-1-5-21-507921405-413027322-839522115-1003\..\Run: [assembly] rundll32.exe "C:\Documents and Settings\Serain\Local Settings\Application Data\Chromium\assembly\jqvxxb.dll",COMMITQQW (User '?')
    O4 - HKUS\S-1-5-21-507921405-413027322-839522115-1003\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [assembly] rundll32.exe "C:\Documents and Settings\Serain\Local Settings\Application Data\Chromium\assembly\jqvxxb.dll",COMMITQQW (User '?')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [assembly] rundll32.exe "C:\Documents and Settings\Serain\Local Settings\Application Data\Chromium\assembly\jqvxxb.dll",COMMITQQW (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Application Management (AppMgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Windows Audio (AudioSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: CryptSvc - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: DHCP Client (Dhcp) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: DNS Client (Dnscache) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Wired AutoConfig (Dot3svc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Extensible Authentication Protocol Service (EapHost) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Error Reporting Service (ERSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: COM+ Event System (EventSystem) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Fast User Switching Compatibility (FastUserSwitchingCompatibility) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Help and Support (helpsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: HID Input Service (HidServ) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Health Key and Certificate Management Service (hkmsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Server (lanmanserver) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Workstation (lanmanworkstation) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Network Access Protection Agent (napagent) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Network Connections (Netman) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Removable Storage (NtmsSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Secondary Logon (seclogon) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: System Event Notification (SENS) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Shell Hardware Detection (ShellHWDetection) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: System Restore Service (srservice) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: SSDP Discovery Service (SSDPSRV) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Windows Image Acquisition (WIA) (stisvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: Terminal Services (TermService) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Themes - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Universal Plug and Play Device Host (upnphost) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: WebClient - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Windows Management Instrumentation (winmgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Windows Management Instrumentation Driver Extensions (Wmi) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: wscsvc - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing)
    O23 - Service: Network Provisioning Service (xmlprov) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing)
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 13312 bytes
  18. #10
  19. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2011
    Location
    Hawaii
    Posts
    51
    Rep Power
    4
    Try running computer in SafeMode (hit F8 Key) during startup.
    Select safemode with networking (so you have internet-connection).

    Download Hitmanpro (while in safemode)
    Install and run.
    This app is good for 30 days trial.

    It was recommended to me by several computer techs.
    It found stuff that malwareybytes and superantispyware could not detect.

    When finished, reboot into regular windows mode.
    See how it works.
  20. #11
  21. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2013
    Posts
    12
    Rep Power
    0
    cant connect to the internet in either normal or safe mode, I believe the virus has me both disabled from myinternet and blocked from establishing new connections, my laptop is getting internet fine from my wireless router, but my pc which is plugged into the same router cant seem to connect to internet. Ive tried many attempts in normal windows and safe mode to get internet back up and running. As such i cannot use this software (as it requires internet connection to initialize).

    Im hoping some sense can be made from the hijackthis log... for tough viruses in the past, this has always been my saving grace
  22. #12
  23. Contributed User
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jun 2005
    Posts
    4,392
    Rep Power
    1871
    A couple of thoughts.
    1. Can you read a CD on the infected machine?
    2. Can you burn a CD on any other machine you have access to?
    If you can, then download and save all the tools you can get your hands on, burn them to a CD.

    If you can't burn a CD, then a low capacity USB stick would also work. You can get 1GB (more than a CD) drives for around $2/unit, which is cheap enough to use once and throw away if you're that paranoid.
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper
  24. #13
  25. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2013
    Posts
    12
    Rep Power
    0
    Umm... It's not the CD drive that I'm really all that worried about at the moment. Your post leads me to believe your asking this question because you're looking for avenues to tackle the problem -- at this time I can use a flashdrive in safe mode to ferry over corrective software. In regular (non-safe) mode I cannot use the flash drive or plug my mouse in and have it auto-detect, i think the reason behind this is extreme cpu useage, as a consequence of 1 or more viruses.

    The reason i think my computer has something eating up tons of system resources is because despite terminating all allowable process trees, and even while the system idle process tree is at 99%, i still experience slow windows services, most noteable is the clipping when i drag the task manager -- with the computer running at bare bones, there is no reason why i should see clipping on dragging the task manager window.

    I am a little baffled why I'm experienceing such slow windows load times and real-time application speeds (launch times, search times, window dragging clipping, etc) when my system idle is reading 99%. My best educated guess is moneypak virus screwed up some registry keys to make my computer run slower. I'm hoping to have my hijackthis log decipher the problem so i can nip it in the butt, and hopefully, run a system restore.
  26. #14
  27. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Oct 2009
    Location
    Nebraska, USA
    Posts
    876
    Rep Power
    275
    do you have a svchost.exe file?.. in C:\WINDOWS\system32\svchost.exe?

    If it is indeed missing, that will cause all kinds of slowdowns and no internet.
  28. #15
  29. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2013
    Posts
    12
    Rep Power
    0
    No, there is no svc.exe in that folder. The closest object is svcpack.dll -- this is the only file with a svc in the prefix. It would appear the virus has removed these critical processes ( i recall having somewhere around 6 of these running in my task manager process trees at any given time ). How would i go about restoring these?
Page 1 of 2 12 Last
  • Jump to page:

IMN logo majestic logo threadwatch logo seochat tools logo