GoldenEye: Source Forums

  • November 24, 2024, 11:42:47 am
  • Welcome, Guest
Advanced search  

News:

Pages: [1]   Go Down

Author Topic: Infected?  (Read 8674 times)

0 Members and 1 Guest are viewing this topic.

Proxie

  • 00 Agent
  • ***
  • Posts: 573
  • Reputation Power: 141
  • Proxie is awe-inspiring!Proxie is awe-inspiring!Proxie is awe-inspiring!Proxie is awe-inspiring!Proxie is awe-inspiring!Proxie is awe-inspiring!Proxie is awe-inspiring!Proxie is awe-inspiring!Proxie is awe-inspiring!Proxie is awe-inspiring!Proxie is awe-inspiring!Proxie is awe-inspiring!
  • Offline Offline
Infected?
« on: January 28, 2011, 05:40:16 am »

I think I'm infected with some sort of malicious virus, heres my HijackThis log:

Code: [Select]
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:37:53 PM, on 1/27/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Malwarebytes\mbam.exe
C:\Documents and Settings\Gary\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Foxit PDF Creator Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-21-839522115-507921405-725345543-1003\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent (User '?')
O4 - HKUS\S-1-5-21-839522115-507921405-725345543-1003\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O20 - Winlogon Notify: Antiwpa - antiwpa.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 4917 bytes

I ran a scan with both AVG Free Anti-Virus and it found 233 infected files, Malwarebytes found nothing on both the quick and thorough scan.  Nothing odd about my start up programs:
Code: [Select]
jusched
SOUNDMAN
cli
winampa
avgtray
steam
msnmsgr


« Last Edit: January 28, 2011, 05:47:56 am by Proxie »
Logged

markpeterjameslegg

  • Did I fire six shots? Or only five?
  • 00 Agent
  • ***
  • Posts: 879
  • Reputation Power: 202
  • markpeterjameslegg is awe-inspiring!markpeterjameslegg is awe-inspiring!markpeterjameslegg is awe-inspiring!markpeterjameslegg is awe-inspiring!markpeterjameslegg is awe-inspiring!markpeterjameslegg is awe-inspiring!markpeterjameslegg is awe-inspiring!markpeterjameslegg is awe-inspiring!markpeterjameslegg is awe-inspiring!markpeterjameslegg is awe-inspiring!markpeterjameslegg is awe-inspiring!markpeterjameslegg is awe-inspiring!
  • Offline Offline
Re: Infected?
« Reply #1 on: January 28, 2011, 09:55:59 am »

Oh Dear, that's a lot of infected files matey, if it was me I'd backup everything and just do a fresh install of windows, then I'd switch my anti-virus to Avast (Which I did). At the very least check out the sight for Avast, you'll find it gives much more protection than AVG, 7 different shields in total, and that's the free version, I've been much more protected since changing.
Logged

Jonathon [SSL]

  • Generalist
  • Retired Lead Developer
  • 007
  • *
  • Posts: 1,311
  • Reputation Power: 99
  • Jonathon [SSL] is awe-inspiring!Jonathon [SSL] is awe-inspiring!Jonathon [SSL] is awe-inspiring!Jonathon [SSL] is awe-inspiring!Jonathon [SSL] is awe-inspiring!Jonathon [SSL] is awe-inspiring!Jonathon [SSL] is awe-inspiring!Jonathon [SSL] is awe-inspiring!Jonathon [SSL] is awe-inspiring!Jonathon [SSL] is awe-inspiring!Jonathon [SSL] is awe-inspiring!Jonathon [SSL] is awe-inspiring!
  • Offline Offline
    • Steam Community Page
Re: Infected?
« Reply #2 on: January 28, 2011, 12:17:25 pm »

A lot of times virus scanners flag cookies that track you that you pick up every day browsing the internet as spyware/malware, leading to a huge count of "infected" files, whilst in reality there's nothing bad at all except maybe some cookies tracking you or something weird like that.

Is there any sort of weird behaviour on your computer that would lead you to this suspicion? Excessive paranoia about the security of your computer will eventually lead you to madness (after a virus attack a few years ago I stopped using my computer for a few months and only used my PS2 out of paranoia).

I also agree about using Avast!, I've used it on all 4 of my computers since 2007, and it's absolutely fantastic with great protection and low resource usage.
Logged
Quote
Luchador: I NEVER NAME MY FILES IN UPPER CASE
Luchador: I ONLY TALK IN UPPER CASE
[GE:S] killermonkey: GOOD TO KNOW

mbsurfer

  • Inactive Tester
  • 00 Agent
  • ***
  • Posts: 794
  • Reputation Power: 41
  • mbsurfer is a force to reckon with.mbsurfer is a force to reckon with.mbsurfer is a force to reckon with.mbsurfer is a force to reckon with.mbsurfer is a force to reckon with.mbsurfer is a force to reckon with.mbsurfer is a force to reckon with.mbsurfer is a force to reckon with.
  • Offline Offline
Re: Infected?
« Reply #3 on: January 28, 2011, 04:59:53 pm »

A lot of those look okay to me, but this:

Code: [Select]
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

Looks really strange.. I would definitely delete that if you haven't already.
Logged

Proxie

  • 00 Agent
  • ***
  • Posts: 573
  • Reputation Power: 141
  • Proxie is awe-inspiring!Proxie is awe-inspiring!Proxie is awe-inspiring!Proxie is awe-inspiring!Proxie is awe-inspiring!Proxie is awe-inspiring!Proxie is awe-inspiring!Proxie is awe-inspiring!Proxie is awe-inspiring!Proxie is awe-inspiring!Proxie is awe-inspiring!Proxie is awe-inspiring!
  • Offline Offline
Re: Infected?
« Reply #4 on: January 28, 2011, 09:14:15 pm »

Is there any sort of weird behaviour on your computer that would lead you to this suspicion? Excessive paranoia about the security of your computer will eventually lead you to madness (after a virus attack a few years ago I stopped using my computer for a few months and only used my PS2 out of paranoia).

Nope, nothing odd, I just don't want it to be a RAT (Remote Assist Tool) that will steal my Steam account  :(
Logged

Kratos

  • 007
  • ****
  • Posts: 1,157
  • Reputation Power: 125
  • Kratos is awe-inspiring!Kratos is awe-inspiring!Kratos is awe-inspiring!Kratos is awe-inspiring!Kratos is awe-inspiring!Kratos is awe-inspiring!Kratos is awe-inspiring!Kratos is awe-inspiring!Kratos is awe-inspiring!Kratos is awe-inspiring!Kratos is awe-inspiring!Kratos is awe-inspiring!
  • Offline Offline
Re: Infected?
« Reply #5 on: February 01, 2011, 06:18:57 pm »

Nope, nothing odd, I just don't want it to be a RAT (Remote Assist Tool) that will steal my Steam account  :(

use Microsoft Essentials

run that program, and you will not need to use any other antivirus cleaner imo.

good luck
Logged
Pages: [1]   Go Up