1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

fEQCBAgM.exe and MgABCQEf.exe recreating

Discussion in 'Malware and Virus Removal Archive' started by JediNight2002, 2005/05/30.

Thread Status:
Not open for further replies.
  1. 2005/05/30
    JediNight2002

    JediNight2002 Inactive Thread Starter

    Joined:
    2005/05/30
    Messages:
    1
    Likes Received:
    0
    Fix doesn't work for me :( :confused: :eek: :mad:

    Logfile of HijackThis v1.99.1
    Scan saved at 12:24:08, on 30/05/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Executive Software\Diskeeper\DkService.exe
    C:\Program Files\FSI\F-Prot\fpavupdm.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\FSI\F-Prot\F-StopW.EXE
    C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Fujitsu\Adsl\DslDrv\dslagent.exe
    C:\Program Files\DU Meter\DUMeter.exe
    C:\PROGRA~1\wsosqxsu\fEQCBAgM.exe
    C:\PROGRA~1\wsosqxsu\MgABCQEf.exe
    C:\Program Files\Free RAM XP Pro 1.40\FreeRAM XP Pro 1.40.exe
    C:\Program Files\Eraser\eraser.exe
    C:\Program Files\Advanced SmartCheck\TrayClient\ASC_Client_Tray.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\rdpclip.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\logon.scr
    C:\Documents and Settings\Mike\Desktop\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/advanced_search?hl=en
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
    O4 - HKLM\..\Run: [Acronis True Image Monitor] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe "
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe "
    O4 - HKLM\..\Run: [dslagent] C:\Program Files\Fujitsu\Adsl\DslDrv\dslagent.exe
    O4 - HKLM\..\Run: [MIKE-DU Meter] C:\Program Files\DU Meter\DUMeter.exe
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\Free RAM XP Pro 1.40\FreeRAM XP Pro 1.40.exe" -win
    O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
    O4 - Global Startup: Tray client.lnk = C:\Program Files\Advanced SmartCheck\TrayClient\ASC_Client_Tray.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\system32\ms.exe (file missing)
    O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\system32\ms.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted IP range: 10.0.0.2
    O15 - Trusted IP range: http://10.0.0.2
    O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://ts.bink.nu/msrdp.cab
    O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
    O17 - HKLM\System\CCS\Services\Tcpip\..\{934F421E-9CAC-4C2D-BF63-56ED13133EF5}: NameServer = 62.241.160.200 158.43.240.4
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
    O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files\FSI\F-Prot\fpavupdm.exe
    O23 - Service: ManageEngine Oputils 3 (OpUtils Service) - Unknown owner - C:\Program Files\AdventNet\ME\OpUtils\Application\wrapper.exe" -s wrapper.conf (file missing)



    I have tried using the fix above, but everytime i reboot the same two files (fEQCBAgM.exe and MgABCQEf.exe) load themselves up.

    Does anyone have any ideas as to how i can PREVENT these files from loading - what is the loading them up - where is the registry entry? Thanks to anyone who can offer help.

    Who is the **** that wrote this spyware? :mad: Where is MY information being sent? :mad: Why don't the authorities crack own on this kind of data theft. :mad:
     
    JediNight2002,
    #1
  2. 2005/05/31
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS JediNight2002 :)

    I've moved your post to a thread of it's own and titled it to reflect your problem. Please post any future responses for this issue to this thread.

    Copy the quote box below, exactly as it appears, to a blank notepad. Save it to your desktop as;

    File name: wsosqxsu.bat
    Save as type: All Files

    Double click the file to run it and post the contents of the log it creates and opens.


    Download "Registry Search Tool" (RegSrch.vbs) from here
    http://www.billsway.com/vbspage/
    start it and paste in fEQCBAgM.exe, wait for it to complete the search, click ok at the prompt. Then when wordpad opens, save it to your desktop. Do another search for MgABCQEf.exe and save that log also. Post the contents of both logs.


    Also, please download MWAV. Save it to your desktop and double click to open. Check the boxes for Memory, Registry, Startup Folders, System Folders, Services, Drive, All Local Drives and Scan All Files, then click scan. When it completes, copy the lower window labled Virus Log Information and post it here. This scanner sometimes takes a VERY long time to run. Please be patient and let it complete.;)
     
    noahdfear,
    #2


  3. to hide this advert.

Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...