[Problems with Trojans after Limewire download]

Ok, i DLed a program from limewire (WHICH I WILL NEVER DO AGAIN) and i scanned it with AVG, it said threats found, but my computer lock-up. i booted into safe mode, and i ran Spysweeper (which took FOREVER) and nothing turned up. i ran AVG (free) and it turned up with a ***** of troajons, etc, so i removed them all. But, during the scan, it said Boot Sector, and under result/infection, it said Reading Error, which i have never seen be4. Also, i ran booted up the Control Center, the E-mail Scanner, and the Protective Sheild (or something like that) were both in Error state. Anyways, i rebooted the computer (which, i prayed to God Almighty that it would be alright, do to AVG error while reading the Boot Sector) and God mustve made the computer boot. I am in normal mode now, but i fear that something is wrong. Everything seems normal, but could you give me some EXACT intrustions to make sure EVERYTHING is alright?



If you're wondering, yes, i am a Christian.



Thanks for actual help from anyone.

 

I didn't know christians used the language that you use. The English ones certainly don't!

However, download and run Superantispyware, here http://www.superantispyware.com/

 

im sorry, i thought it would automattically censor it. Sorry.

 

also, i ran AVG again, in normal mode, and it has three files that are infected, the name of the trojan is:
Trojan Horse Dropper.Genric.FWK
aprently, it ran read the Boot Sector of the disk now. Thank God.



P.S- Please forgive me for my foul language!

 

ok, and here is my HiJack this log:

Logfile of HijackThis v1.99.1
Scan saved at 3:51:09 PM, on 8/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe "
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe "
O4 - HKLM\..\Run: [HP Component Manager] "c:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1186965878\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0\AOL.EXE" -b
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GDM_TrayApp.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_6.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://test.catalog.update.microsof.../en/x86/MuCatalogWebControl.cab?1183059184343
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165285240483
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1171660539280
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.futuremark.com/global/msc3121.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DNADownloader - CNET Networks - C:\Program Files\GameSpot\DownloadManager_Win32.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

 

also, my machine is taking FOREVER to boot/shutdown. At shutdown, it takes forever when the icons, taskbar but not mouse disappear (after explorer.exe shutsdown, i presume) it takes forever to get to the screen that says Logging off.... or Windows is shutting down... and the Winows XP shutdwon noise. And, when i bootup, it takes forever to get off the Welcome screen (right before the Windows XP startup noise). Why is it taking so long?!!!

 

come ON people! why id you move my post?! NO ONE ever posts in the removing viruses forum...............................................................................
will i EVER get a response?!

 

At least the people that don't visit Limewire !

We should make you wait !
Proverbs 29:20
Colossians 1:11
James 1:2
Philippians 4:1

I see no signs of malware in you log.

Lets run a on-line scan.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Extended (if available otherwise Standard)
  • Scan Options:
  • Scan Archives
    Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

Geri

 

hey, sorry for being an ass. i feel bad. sorry, i was just worried, we pay bills on this computer, etc. i was just worried, sorry. i ran the super anti-spyware, and it found about 115 (!!!) "threats" which looked like Tracking Cookies. My compuyter still takes forever to stat up/shutdown. Anyway to speed it up? Ill do the scan very soon, ill post back to you ASAP. Thanks for replying.



Forgive me for this terrible thread!!

 

also, almost everything except AVG only runs in Safe Mode, otherwise, the app will just stop responding. Im thinking of dumping Limewire, and using iTunes.

 

Good idea, the sooner the better.

Geri

 

alright, i ran that scan you gave me, im dumping Limewire, and i uninstalled SUPERanti-spyware.... and everything just magically went back to normal. The scan did not find anything, but when i uninstalled SUPERanti-spyware, the slowshutdowns/bootups disapperared, my lag in my games was gone, everything is back to normal.



GOODBYE LIMEWIRE!!


And hello legal music! (iTunes)

 

Hi
OK Good to hear.

You might do the following, Your PC needs maintenance just as your car would.

To keep you clean of Internet garbage that you pick up as you surf.

Download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

• 
  Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Do these once a month. Start now if you haven't done them in a while.
They take a while to run, so schedule them when you don't plan on using your computer for a while.

1) Defragment – (Run in Safe Mode – Recommended) or Turn off virus protection and screen savers (if you have one running)

To turn off virus protection, right click on your virus protection icon down by the clock, click exit or close. click yes if asked if you want to close it.

1. Click Start, Double click My Computer.
2. Right-click the local disk volume that you want to defragment, (C: Drive) and then click Properties.
3. On the Tools tab, click Defragment Now.
4. Click Defragment.


2) CheckDisk

1.Double-click My Computer, and then right-click the local disk that you want to check. (C Drive)

2.Click Properties, and then click Tools.

3.Under Error-checking, click Check Now.

4.Under Check disk options, select the Scan for and attempt recovery of bad sectors check both boxes.

5.Click Start.

A window will open saying that it can not do chkdisk, will ask if you want to run it the next time you restart your computer.
Select "Yes "

Click on "Start" click on Turn off computer, Click Restart and let it run.

Geri

 

well, i have bad news... (yes, i am rather annoyed)

IE just crashed. Thats NEVER good. I was not going to any bad sites, havent used Limewire since my huge headache. I was watching a video (War of the Servers, to be exact) and i needed to install DivX codec (this is a repubtable site BTW), and in the middle of the video, the sound skipped and it crashed. Does that mean im infected? Whenever IE crashes, i always that im infected
. ill do the rounds today (spyware check, virus, etc, etc)

 

also, im thinking of dumping IE and my admin account, then going to a limited account, installing firefox. is this OK?

Also, i alrdy have CCleaner, should i keep that, or use the program you gave me?

 

im also getting extreme lag in my games........................ again............

even though i just played a game (like 2 hours ago) and it was perfectly fine with no lag..................................... is it my internet? or my computer?running scan again.........

 

Hi

What do you mean crashed? Just what did it do?

Really? and what site would that be?

Let me know what if anything is found.

Sure, But if you're out looking for something for nothing, you're gonna get nailed with something sooner or later no matter what.
Lets face it, the internet is not always a safe place.

CCleaner is fine.
Did you run Defrag and checkdisk?

Geri

 

i was watching a video, and in the middle, the sound started to skip (while i was IMing someone over AIM, which i suspect is the culprit, but i dunno) and it said:

We're sorry for any inconviece, but Internet Explorer needs to close... blah blah blah

im running the Kaspersky scanner right now.

As for the site, if you ever played GMOD, (which i highly doubt you did) (GMOD is a game by team garry, endorsed by VALVe Corpation, the makers of the bestest game evarrr!!! (Half-Life) anyway, the movie was linked on garrysmod.com, and ive asked people about it, and they say they lal watched it (on VALVe's forums BTW). the website is:

www.litfusefilms.com

Its just a bunch of GMOD movies and stuff, pretty funny.