Virus Problem Plz help me.

[MegaZonTa]

Bro rename all 'sys32_nov.exe ' to 'sys32_nov.exe.bak' and restart.. does your task manager loads up??

http://scanner.novirusthanks.org/results/de29a546fc8312183fce4a9c9a58e556/ASCII.txt

anyway it is not going to be a big prblem.but thre will be problems with IE (if i'm correct)

 

[Hayao]

Hayao uba thama combofix use kale na neda good luck

I used it. This is what I got. What shd i do now????

ComboFix 09-09-14.02 - Poorna Yap 09/16/2009 21:35.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.447.137 [GMT 6:00]
Running from: c:\documents and settings\Poorna Yap\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\vinorasomy._sy
c:\documents and settings\All Users\Documents\luvobu.vbs
c:\documents and settings\All Users\Documents\ozotohiri.vbs
c:\documents and settings\Poorna Yap\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk
c:\documents and settings\Poorna Yap\Application Data\osenapicyv.dll
c:\documents and settings\Poorna Yap\Application Data\wiaserva.log
c:\documents and settings\Poorna Yap\Application Data\ypyqy.dll
c:\documents and settings\Poorna Yap\Cookies\atuhux.inf
c:\documents and settings\Poorna Yap\Cookies\avyjofapuh.com
c:\documents and settings\Poorna Yap\Cookies\diheh.bin
c:\documents and settings\Poorna Yap\Cookies\luqed.bin
c:\documents and settings\Poorna Yap\delself.bat
c:\documents and settings\Poorna Yap\Desktop\AntivirusPro_2010.lnk
c:\documents and settings\Poorna Yap\Local Settings\Application Data\agov.inf
c:\documents and settings\Poorna Yap\Local Settings\Application Data\weqocavam.ban
c:\documents and settings\Poorna Yap\Local Settings\Temporary Internet Files\huhek.db
c:\documents and settings\Poorna Yap\Local Settings\Temporary Internet Files\idomyzucav.bat
c:\documents and settings\Poorna Yap\Start Menu\Programs\AntivirusPro_2010
c:\documents and settings\Poorna Yap\Start Menu\Programs\AntivirusPro_2010\AntivirusPro_2010.lnk
c:\documents and settings\Poorna Yap\Start Menu\Programs\AntivirusPro_2010\Uninstall.lnk
c:\documents and settings\Poorna Yap\Start Menu\Programs\Startup\ikowin32.exe
c:\documents and settings\Poorna Yap\sys32_nov.exe
c:\program files\AntivirusPro_2010
c:\program files\AntivirusPro_2010\AntivirusPro_2010.cfg
c:\program files\AntivirusPro_2010\AntivirusPro_2010.exe
c:\program files\AntivirusPro_2010\AVEngn.dll
c:\program files\AntivirusPro_2010\data\daily.cvd
c:\program files\AntivirusPro_2010\htmlayout.dll
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcm80.dll
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcp80.dll
c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcr80.dll
c:\program files\AntivirusPro_2010\pthreadVC2.dll
c:\program files\AntivirusPro_2010\Uninstall.exe
c:\program files\AntivirusPro_2010\wscui.cpl
c:\program files\Common Files\aveqekavi._dl
c:\program files\Common Files\jagador.inf
c:\program files\Common Files\kisimihovi.vbs
c:\program files\Common Files\onawopofem.dll
c:\program files\Common Files\xikoty.com
c:\windows\gykirys.reg
c:\windows\idyki.inf
c:\windows\Installer\52a69.msi
c:\windows\ivohoga.exe
c:\windows\olprosys.dll
c:\windows\system32\_scui.cpl
c:\windows\system32\braviax.exe
c:\windows\system32\sys32_nov.exe
c:\windows\system32\wisdstr.exe

.
((((((((((((((((((((((((( Files Created from 2009-08-16 to 2009-09-16 )))))))))))))))))))))))))))))))
.

2009-09-16 15:13 . 2009-09-16 15:13 -------- d-----w- c:\documents and settings\Poorna Yap\Application Data\Malwarebytes
2009-09-16 15:13 . 2009-09-10 08:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-16 15:13 . 2009-09-16 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-16 15:13 . 2009-09-10 08:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-16 15:13 . 2009-09-16 15:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-16 15:09 . 2009-09-16 15:09 17043 ----a-w- c:\windows\epop.com
2009-09-16 14:55 . 2009-09-16 14:55 28672 ----a-w- c:\windows\system32\drivers\beep.sys.vir
2009-09-16 14:53 . 2009-09-16 15:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-16 14:53 . 2006-06-19 07:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-09-16 14:53 . 2006-05-25 09:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-09-16 14:53 . 2005-08-25 19:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-09-16 14:53 . 2003-02-02 14:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-09-16 14:53 . 2002-03-05 19:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-09-16 14:53 . 2009-09-16 14:53 -------- d-----w- c:\program files\Trojan Remover
2009-09-16 14:53 . 2009-09-16 14:53 -------- d-----w- c:\documents and settings\Poorna Yap\Application Data\Simply Super Software
2009-09-16 14:53 . 2009-09-16 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-09-16 14:49 . 2009-09-16 14:49 -------- d-----w- c:\program files\Trend Micro
2009-09-16 11:26 . 2009-09-16 11:26 28672 -c--a-w- c:\windows\system32\dllcache\figaro.sys.vir
2009-09-16 06:54 . 2009-09-16 06:56 177968 ----a-w- c:\windows\system32\wisdstr.exe.vir
2009-09-16 06:54 . 2009-09-16 11:26 10752 ----a-w- c:\windows\system32\braviax.exe.vir
2009-09-16 06:51 . 2009-09-16 06:51 -------- d-----w- c:\windows\Sun
2009-09-13 13:05 . 2009-09-13 13:05 -------- d-----w- c:\windows\I386
2009-09-13 13:05 . 2005-01-16 17:47 988400 ----a-w- c:\windows\SinhalaQFE.exe
2009-09-13 13:01 . 2009-09-16 10:55 -------- d-----w- c:\documents and settings\Poorna Yap\Application Data\IObit
2009ffice\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-26 161328]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-08-26 111928]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-09-15 1069960]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-10-03 16269312]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-10-03 2879488]

c:\documents and settings\Poorna Yap\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2009-8-19 344064]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
SinhalaKit.lnk - c:\program files\SinhalaTamil Kit\SinhalaKit.exe [2009-9-12 98304]
SinhalaTamil Kit.lnk - c:\program files\SinhalaTamil Kit\TamilKit.exe [2009-9-12 94208]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\java.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_03\\bin\\java.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009

R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [7/17/2009 1:03 PM 603904]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [8/6/2004 2:48 PM 169192]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-09-16 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 10:28]

2009-09-16 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-09-16 09:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
TCP: {F5F7E0C0-D32C-4B73-9189-9B33032AAA70} = 203.115.0.46,203.115.0.47
FF - ProfilePath - c:\documents and settings\Poorna Yap\Application Data\Mozilla\Firefox\Profiles\ndy55q8c.default\
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: network.proxy.type - 4

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-16 21:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(848)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-09-16 21:41
ComboFix-quarantined-files.txt 2009-09-16 15:41

Pre-Run: 5,627,256,832 bytes free
Post-Run: 5,694,898,176 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\wubildr.mbr = "Ubuntu"

280

 

[Hayao]

Bro rename all 'sys32_nov.exe ' to 'sys32_nov.exe.bak' and restart.. does your task manager loads up??

http://scanner.novirusthanks.org/results/de29a546fc8312183fce4a9c9a58e556/ASCII.txt

anyway it is not going to be a big prblem.but thre will be problems with IE (if i'm correct)

Ok wait. Task manager eke awulak ne.

 

[Bender]

I used it. This is what I got. What shd i do now????

Restart ur pc

 

[Hayao]

Wow at last!!!!!!!!!!!

It's OK bro!!! I cured it!!!

Thanks Bender I used ComboFix and it is OK!!!! After using that everything was OK!!!!


And MegaZonTa and Malinga thanks a lot bro. You helped me a lot!!!!

 

[Bender]

akane ban mama achchara kiwwe combofix use karanna kiyala elakiri dan wade harine. hoda firewall ekak use karpan machan nathnam ayeth oya case enna puluwan

 

[Malinga]

Wow at last!!!!!!!!!!!

It's OK bro!!! I cured it!!!

Thanks Bender I used ComboFix and it is OK!!!! After using that everything was OK!!!!


And MegaZonTa and Malinga thanks a lot bro. You helped me a lot!!!!

ComboFix eka honda software ekak thamai. habai eeka run karaddi samahara pc vala yam gatalu mathuvenava. eyaage database eke thiyana list ekak virus eyaata ain karanna puluvan. oyaage thibune AntivirusPro kiyana adware eka. habai thaama vadee hariyatama ivara nae. oyaa honda virus guard ekak dan install karagena full update ekak daganna. moko aaith virus enna puluvan. mathaka athuva full system scan ekak karanna eeka daala ivara velaa mulu hard disk, removable disk adiya seerama.

 

[Hayao]

People check this.

http://www.elakiri.com/forum/showthread.php?t=242642

 

[Hayao]

akane ban mama achchara kiwwe combofix use karanna kiyala elakiri dan wade harine. hoda firewall ekak use karpan machan nathnam ayeth oya case enna puluwan

 

[janaka33]

ela ela

 

[Hayao]

ela ela