Tech Support Guy banner
Cancel

Can not remove virus

Jump to Latest Follow
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 5 of 5 Posts
L

· Registered
Joined
·
41 Posts
Discussion Starter · #1 ·
Hi! Can anyone help me? I there is a virus named "Trojano-864" which is a .exe virus according to avast. I already repaired the file when the virus was detected but everytime I scan my laptop it is still there. I can't seem to be able to remove it. This is the log of my avast:
*
* avast! Report
* This file is generated automatically
*
* Task 'Simple user interface' used
* Started on Wednesday, January 19, 2005 12:44:37 PM
* VPS: 0503-0, 01/18/2005
*

C:\WINDOWS\system32\config\system.LOG [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\system32\config\software.LOG [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\system32\config\default.LOG [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\system32\config\SAM.LOG [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\system32\config\SECURITY.LOG [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\system32\config\DEFAULT [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\system32\config\SECURITY [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\system32\config\SOFTWARE [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\system32\config\SYSTEM [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\system32\config\SAM [E] The process cannot access the file because it is being used by another process (32)
C:\WINDOWS\system32\l3leanin.dll [L] Win32:Trojano-864 [Trj] (0)
During the file repair, error occurred: The system cannot find the path specified
During the file repair, error occurred: The system cannot find the path specified
During the file repair, error occurred: The system cannot find the path specified
File was successfully moved to chest...
C:\WINDOWS\system32\srsapi.exe\[UPX] [E] UPX archive is corrupted. (42132)
C:\WINDOWS\system32\ppheros.exe\[UPX] [E] UPX archive is corrupted. (42132)
C:\WINDOWS\system32\bookdco.dll [L] Win32:Trojano-864 [Trj] (0)
During the file repair, error occurred: The system cannot find the path specified
File was successfully moved to chest...
C:\WINDOWS\system32\ypt3dbc3.dll [L] Win32:Trojano-864 [Trj] (0)
File was successfully moved to chest...
C:\WINDOWS\system32\npgonrpr.exe\[UPX] [E] UPX archive is corrupted. (42132)
C:\WINDOWS\system32\neldsap.dll [L] Win32:Trojano-864 [Trj] (0)
File was successfully moved to chest...
C:\WINDOWS\system32\rypmhudi.dll [L] Win32:StartPage-071 [Trj] (0)
File was successfully moved to chest...
C:\WINDOWS\system32\srvclsr.exe\[UPX] [E] UPX archive is corrupted. (42132)
C:\WINDOWS\system32\ryptnpmg.exe\[UPX] [E] UPX archive is corrupted. (42132)
C:\WINDOWS\system32\kbdsae.dll [L] Win32:Trojano-864 [Trj] (0)
File was successfully moved to chest...
C:\WINDOWS\system32\inscli.dll [L] Win32:Trojano-864 [Trj] (0)
File was successfully moved to chest...
C:\WINDOWS\system32\rofmeg.dll [L] Win32:Trojano-864 [Trj] (0)
File was successfully moved to chest...
C:\WINDOWS\system32\CLUctsrv.dll [L] Win32:StartPage-071 [Trj] (0)
File was successfully moved to chest...
C:\WINDOWS\system32\TXOCleth.dll [L] Win32:Trojano-864 [Trj] (0)
File was successfully moved to chest...
C:\WINDOWS\system32\OMSVakp6.dll [L] Win32:StartPage-071 [Trj] (0)
File was successfully moved to chest...
C:\WINDOWS\system32\l3bientsc.dll [L] Win32:Trojano-864 [Trj] (0)
File was successfully moved to chest...
C:\WINDOWS\system32\tdg3srvap.dll [L] Win32:Trojano-864 [Trj] (0)
File was successfully moved to chest...
C:\WINDOWS\system32\dvapATQas.dll [L] Win32:StartPage-071 [Trj] (0)
File was successfully moved to chest...
C:\WINDOWS\system32\TXOley.dll [L] Win32:Trojano-864 [Trj] (0)
File was successfully moved to chest...
C:\WINDOWS\system32\p60apmsps.dll [L] Win32:Trojano-864 [Trj] (0)
File was successfully moved to chest...
C:\WINDOWS\system32\shlwdntps.dll [L] Win32:Trojano-864 [Trj] (0)
File was successfully moved to chest...
C:\WINDOWS\system32\srhsvcaul.dll [L] Win32:Trojano-864 [Trj] (0)
File was successfully moved to chest...
C:\WINDOWS\system32\LBeren.dll [L] Win32:Trojano-864 [Trj] (0)
File was successfully moved to chest...
C:\WINDOWS\system32\mmrxprtls.dll [L] Win32:Trojano-864 [Trj] (0)
File was successfully moved to chest...
C:\WINDOWS\system32\liocetens.dll [L] Win32:Trojano-864 [Trj] (0)
File was successfully moved to chest...
C:\WINDOWS\system32\hellpjmon.exe\[UPX] [E] UPX archive is corrupted. (42132)
C:\WINDOWS\system32\r32thk3srv.dll [L] Win32:StartPage-071 [Trj] (0)
File was successfully moved to chest...
C:\WINDOWS\system32\kdCOL.exe\[UPX] [E] UPX archive is corrupted. (42132)
C:\WINDOWS\system32\woBCAtru.dll [L] Win32:StartPage-071 [Trj] (0)
During the file repair, error occurred: The system cannot find the path specified
File was successfully moved to chest...
C:\WINDOWS\system32\i32daprenv.dll [L] Win32:Trojano-864 [Trj] (0)
File was successfully moved to chest...
C:\WINDOWS\system32\eapws2ard.dll [L] Win32:Trojano-864 [Trj] (0)
File was successfully moved to chest...
C:\WINDOWS\system32\in10b6s.dll\[UPX] [E] UPX archive is corrupted. (42132)
Infected files: 25
Total files: 5899
Total folders: 178
Total size: 849.0 M

*
* Task stopped: Wednesday, January 19, 2005 12:49:47 PM
* Run-time was 5 minute(s), 10 second(s)
*

I could really use some help. Thanks!
 
L

· Registered
Joined
·
41 Posts
Discussion Starter · #3 ·
hi this is the log of hijack
I just posted it today coz i had no internet access.
Logfile of HijackThis v1.99.0
Scan saved at 11:10:36 AM, on 1/20/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\InterVideo\WinDVD4\WinDVD.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\virus\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ PC Adware-Spyware Removal 1.2Clean] C:\Program Files\PC Adware-Spyware Removal\PCAdwareSpywareRemoval.exe /quick
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AFCF4EAF-712C-40F0-9721-C0ECB081B597}: NameServer = 10.10.10.10 10.10.11.10
O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe

can you help me?
 
1 - 5 of 5 Posts
Status
Not open for further replies.
About this Discussion
4 Replies
2 Participants
Last post:
leumas08
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Windows XP Off Topic Lounge Thread Games & Discussion
Top