|
|
 |
|
|
Pages: 1
virus!!!!!
(Click here to view the original thread with full colors/images)
Posted by: pepperami
hi all any one help me with the removal of a virus called win32/hidrag.a avg picks it up but as usual cant get rid of it. i tried googleing it but not a lot of info,any help suggestions would be helpfull.cheers all
Posted by: C-Money
Please post your Hijack This! log.
Posted by: redwench
avg generally has removal instructions for whatever it finds. start there. try to find the aliases of the virus so you can get instructions from symantec if you need them.
Posted by: pepperami
cheers for the reply,just one thing how do i post my hijack this log?also how and where do i find the alias name of the virus?when i scan with avg it doesnt pick up the virus,just every now and again,i get a pop up from avg saying i got a virus?any ideas cheers in advance!
Posted by: C-Money
Copy and paste the Hijack This log into your next post.
Search the grisoft virus database to find the alias names.
Posted by: pepperami
Logfile of HijackThis v1.97.7
Scan saved at 10:07:25 AM, on 8/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\gsicon.exe
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\OutLaster\shhost.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC07.EXE
C:\Documents and Settings\gazza-b\Desktop\HijackThis.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\Ares\My Shared Folder\Clone DVD + Any DVD+ crack+serial\Elby Clone Dvd V1.3.10.1 Anydvd 2.0.0.4 Ger Key\Anydvd V2.0.0.4\AnyDVD.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [shhost] C:\Program Files\OutLaster\shhost.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O10 - Broken Internet access because of LSP provider 'imon.dll' missing
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/gam...ts/y/pote_x.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/...director/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.c...8213.6063425926
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab
thanks for the reply,i checked grisoft and no info,i spent a lot of time looking online,mayb you can understand this lot!!!!!!!!
Posted by: Shalome
Hidrag.a is called Jeefo by antivirus companies Symantec and TrendMicro.
To remove it, do this:
1. If you are using Windows XP or ME, disable System Restore.
- Disabling and Enabling System Restore in Windows XP
- Disabling and Enabling System Restore in Windows ME
2. Go to TrendMicro Housecall or Symantec Security Response and run the free online virus scan. This will find and remove the virus.
3. Make sure the registry entry created by the virus is gone:
- 3.1. Click Start, and then click Run. (The Run dialog box appears.)
- 3.2. Type regedit Then click OK. (The Registry Editor opens.)
- 3.3. Navigate to the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- 3.4. In the right pane, delete the value: "PowerManager"="%windir%\svchost.exe"
- 3.5. Exit the Registry Editor.
4. Reboot your computer
5. Reenable System Restore.
Posted by: pepperami
as simple as that ?hmm i av a go.did the hijack this log give anyideas?
Posted by: pepperami
i dunno if i doing summit wrong,but i went into registry like you said,found the folder and all i got was default reg_sz (value not set),i dunno mayb im just thick
Posted by: Shalome
Did you do the TrendMicro Housecall or the Symantec Security Check first?
Posted by: pepperami
yep i did trendmico and it said no virus found,i dunno i cant see it just going away!!!!
Posted by: redwench
if trendmicro doesnt see it, and its in their database, its a glitch in avg, or as sometimes happens, its picking up a normal program with similar coding. try uninstalling and reinstalling avg.
Posted by: pepperami
thanks again redwench for your speedy reply!!!!
|
|
|
|
|
