[cherylchung]

Guys, I am having the same problem also. May anyone help me please? I have tried to download the HJ exe file that cybertech has given in previous post in security forum but seem like I could not link to the website.

Please help me. Thanks!

 

[cherylchung]

Thanks to cybertech and colddy. I think the message didn't appear anymore in my pc as well.

Here's my scan report. Does it look ok?

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:53:28 AM 12/26/2006

+ Scan result:

C:\WINDOWS\system32\mssnmp16.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{66DC337C-5FF2-47F2-93BC-65449CDF82A6}\RP30\A0003408.exe -> Downloader.Agent.awi : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{66DC337C-5FF2-47F2-93BC-65449CDF82A6}\RP30\A0003437.exe -> Downloader.Agent.awi : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{66DC337C-5FF2-47F2-93BC-65449CDF82A6}\RP30\A0003447.exe -> Downloader.Agent.awi : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{66DC337C-5FF2-47F2-93BC-65449CDF82A6}\RP30\A0003460.exe -> Downloader.Agent.awi : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{66DC337C-5FF2-47F2-93BC-65449CDF82A6}\RP31\A0003476.exe -> Downloader.Agent.awi : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{66DC337C-5FF2-47F2-93BC-65449CDF82A6}\RP35\A0003648.exe -> Downloader.Agent.awi : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{66DC337C-5FF2-47F2-93BC-65449CDF82A6}\RP32\A0003546.exe -> Downloader.Delf.asz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{66DC337C-5FF2-47F2-93BC-65449CDF82A6}\RP32\A0003558.exe -> Downloader.Delf.asz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{66DC337C-5FF2-47F2-93BC-65449CDF82A6}\RP32\A0003572.exe -> Downloader.Delf.asz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{66DC337C-5FF2-47F2-93BC-65449CDF82A6}\RP34\A0003601.exe -> Downloader.Delf.asz : Cleaned with backup (quarantined).
C:\WINDOWS\~tmp5940.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{66DC337C-5FF2-47F2-93BC-65449CDF82A6}\RP29\A0003381.exe -> Hijacker.Delf.fb : Cleaned with backup (quarantined).
C:\Documents and Settings\Chung^_^\Cookies\chung^_^@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\Common Files\rundll32.exe -> Trojan.Agent.o : Cleaned with backup (quarantined).
C:\B00T.EXE -> Trojan.QQRob.ec : Cleaned with backup (quarantined).
C:\Documents and Settings\Chung^_^\Local Settings\Temp\1410820152821 -> Trojan.QQRob.ec : Cleaned with backup (quarantined).
C:\Documents and Settings\Chung^_^\Local Settings\Temp\1439920572879 -> Trojan.QQRob.ec : Cleaned with backup (quarantined).
C:\Documents and Settings\Chung^_^\Local Settings\Temp\2450635004901 -> Trojan.QQRob.ec : Cleaned with backup (quarantined).
C:\Documents and Settings\Chung^_^\Local Settings\Temp\2883041185766 -> Trojan.QQRob.ec : Cleaned with backup (quarantined).
C:\Documents and Settings\Chung^_^\Local Settings\Temp\3221146016442 -> Trojan.QQRob.ec : Cleaned with backup (quarantined).
C:\Documents and Settings\Chung^_^\Local Settings\Temp\3262246606524 -> Trojan.QQRob.ec : Cleaned with backup (quarantined).
C:\Documents and Settings\Chung^_^\Local Settings\Temp\4081583816 -> Trojan.QQRob.ec : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{66DC337C-5FF2-47F2-93BC-65449CDF82A6}\RP37\A0003732.exe -> Trojan.QQRob.ec : Cleaned with backup (quarantined).
C:\Documents and Settings\Chung^_^\Templates\ldup.exe -> Trojan.ShipUp.a : Cleaned with backup (quarantined).
C:\WINDOWS\infrom.dat -> Trojan.ShipUp.a : Cleaned with backup (quarantined).
C:\WINDOWS\ldup.exe -> Trojan.ShipUp.a : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ccPrxy.exe -> Trojan.ShipUp.a : Cleaned with backup (quarantined).

::Report end

 

[cherylchung]

My laptop becomes very slow yesterday. When I switched on this morning, the McAFee Anti-Spyware showed the "CyberSnoop" and "Mouse and Key Recorder". I have chosen to remove both software. But in fact, I never install both software before.

Just now my laptop becomes very slow again suddenly. I open the task manager. The CPU usage has reached 100% and the main usage went to McShield.exe --> always hit 100. It's hard for me to do virus scan as it is really slow. I tried to print screen the task manager, thinking to post it here but too bad it's hard for me again to even open an internet explorer.

May I know what is the suspected root cause of this problem? Is it really because of virus? Anything that I should show u guys in order to get a clearer picture of my problem?

Please help me. Thanks.

 

[cybertech]

Hi Welcome to TSG!!

I've moved all of your posts into a thread of your own so please reply here.

Click here to download HJTsetup.exe
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

 

[cherylchung]

How come the link is no longer valid?

Thanks.

 

[cherylchung]

I just got another link from google search. Is this the same?

http://security-central.us/downloads/HJTsetup.exe

Thanks.

 

[cherylchung]

I have got this error while I was trying to install the HijackThis.

C:\Program Files\Hijackthis\HijackThis.exe

An error occurred while trying to rename a file in the destination directory:
MoveFile failed; code 5.
Access is denied.

Click Retry to try again, Ignore to skip this file (not recommended), or Abort to cancel installation.

Can someone tell me what should I do now?

 

[cherylchung]

This is the scan report that I have done earlier using AVG. Is it ok?

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:04:36 PM 12/31/2006

+ Scan result:



HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj.1 -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj\CLSID -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj\CurVer -> Adware.CoolWebSearch : Cleaned with backup (quarantined).


::Report end

 

[cybertech]

Can you run hijackthis?

 

[cherylchung]

Can you run hijackthis?

Cannot. I even cannot install.

I got this error while I was trying to install the HijackThis.

C:\Program Files\Hijackthis\HijackThis.exe

An error occurred while trying to rename a file in the destination directory:
MoveFile failed; code 5.
Access is denied.

Click Retry to try again, Ignore to skip this file (not recommended), or Abort to cancel installation.

Help me.

 

[cherylchung]

Hi Welcome to TSG!!

Get hijackthis: http://www.majorgeeks.com/HijackThis_d3155.html

Make sure you save the file to a permanent folder and post a log.

To create a permanent folder click My Computer, then C:\
In the menu bar click on File, New, Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder.
Put your HijackThis.exe into that folder.

When I download the hijackthis from this website and double click the exe file, it says that virus is detected in this file. Is this safe?

 

[cybertech]

Run Panda ActiveScan here

Once you are on the Panda site click the "Scan your PC" button.
A new window will open... click the "Check Now" button.
Enter your Country.
Enter your State/Province.
Enter your e-mail address.
Select either Home User or Company.
Click the big "Scan Now" button.
If it wants to install an ActiveX component allow it.
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes).
When download is complete, click on "Local Disks" to start the scan.
When the scan completes, if anything malicious is detected, click the "See Report" button; then "Save Report" and save it to a convenient location. Post the contents of the Panda scan report in your next reply.