 Win32:Murlo-CH [Trj] |
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive HijackThis Logs  |
 Nov 18 2008, 09:41 AM
Post
#1
|
|
|
Newbie  Group: Members Posts: 1 Joined: 18-November 08 Member No.: 64,271  |
hi,
this problem appears only when i connect to the internet.i get 4 warnings by avast! saying wmsetup.dll is infected with Win32:Murlo-CH [Trj].it asks me to delete the file, i delete it .then my internet conn goes off saying "system cannot open the phone book file".then i find that i cannot playback any music,songs. then i am forced to restart the pc only to find these problems again!! please help me!!! hjtlog: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:44:09 PM, on 11/18/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Bandwidth Reporter\traffic.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\BANDWI~1\BANDWI~1.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe D:\ad aware 07\aawservice.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe C:\WINDOWS\system32\oodag.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe c:\program files\mozilla firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O1 - Hosts: 127.1 localhost O1 - Hosts: 127.1 fffff8888fsgfbghj88.cn O1 - Hosts: 127.1 61.134.37.12 O1 - Hosts: 127.1 ko.ssa387.cn O1 - Hosts: 127.1 www.ndxrr.cn O1 - Hosts: 127.1 12345.ssa387.cn O1 - Hosts: 127.1 lihai88.com O1 - Hosts: 127.1 wwwwhf.cn O1 - Hosts: 127.1 a89369093.sq.u9idc.com O1 - Hosts: 127.1 www.mmd178.cn O1 - Hosts: 127.1 www.178mmd.cn O1 - Hosts: 127.1 www.wenzhuoyyy.cn O1 - Hosts: 127.1 tw.lovechina.tw.cn O1 - Hosts: 127.1 222.189.238.151 O1 - Hosts: 127.1 222.179.185.78 O1 - Hosts: 127.1 www.wq9q.cn O1 - Hosts: 127.1 593ffcey.cn O1 - Hosts: 127.1 set.yay520.cn O1 - Hosts: 127.1 tenmoc999.cn O1 - Hosts: 127.1 lihai88.com O1 - Hosts: 127.1 121.kcuf-01.com O1 - Hosts: 127.1 www.ew1q.cn O1 - Hosts: 127.1 www.b3sk.cn O1 - Hosts: 127.1 up.bizmd.cn O1 - Hosts: 127.1 www.ms2a.cn O1 - Hosts: 127.1 www.wo9188.cn O1 - Hosts: 127.1 www.fgetchr.cn O1 - Hosts: 127.1 www.e6zx.cn O1 - Hosts: 127.1 hai067.com O1 - Hosts: 127.1 hai088.com O1 - Hosts: 127.1 778899.jd8j.cn O1 - Hosts: 127.1 sql.78-11.net O1 - Hosts: 127.1 www.bbbirdy.com O1 - Hosts: 127.1 www.s1na1.com.cn O1 - Hosts: 127.1 www.dianyinjzd.cn O1 - Hosts: 127.1 www.dj5201314dj.com O1 - Hosts: 127.1 max-2.cn O1 - Hosts: 127.1 a.asp-o.cn O1 - Hosts: 127.1 b.asp-o.cn O1 - Hosts: 127.1 c.asp-o.cn O1 - Hosts: 127.1 x.kprobb.cn O1 - Hosts: 127.1 js.php-k.cn O1 - Hosts: 127.1 max-1.cn O1 - Hosts: 127.1 max-3.cn O1 - Hosts: 127.1 max-4.cn O1 - Hosts: 127.1 max-5.cn O1 - Hosts: 127.1 max-6.cn O1 - Hosts: 127.1 max-7.cn O1 - Hosts: 127.1 max-8.cn O1 - Hosts: 127.1 max-9.cn O1 - Hosts: 127.1 max-10.cn O1 - Hosts: 127.1 max-11.cn O1 - Hosts: 127.1 max-12.cn O1 - Hosts: 127.1 twocannon250.com.cn O1 - Hosts: 127.1 www.133mm.cn O1 - Hosts: 127.1 www.51vmm.cn O1 - Hosts: 127.1 www.7mmoo.cn O1 - Hosts: 127.1 www.99mmm.org.cn O1 - Hosts: 127.1 www.hdec.cn O1 - Hosts: 127.1 www.picc18.com O1 - Hosts: 127.1 www.kissdh.com O1 - Hosts: 127.1 www.x7v.cn O1 - Hosts: 127.1 biqulu.cn O1 - Hosts: 127.1 2008.qq2006.com.cn O1 - Hosts: 127.1 giaitrisex.com O1 - Hosts: 127.1 www.giaitrisex.com O1 - Hosts: 127.1 www.giaitrituoitre.net O1 - Hosts: 127.1 mekiep.com O1 - Hosts: 127.1 www.1sex1day.com O1 - Hosts: 127.1 a.9ymm.com O1 - Hosts: 127.1 bobo.7wyt.com O1 - Hosts: 127.1 www.591caobi.cn O1 - Hosts: 127.1 www.hrz008.cn O1 - Hosts: 127.1 asp-15.cn O1 - Hosts: 127.1 asp-12.cn O1 - Hosts: 127.1 www.jb88.net O1 - Hosts: 127.1 6.a88a.com O1 - Hosts: 127.1 w.b2c3.cn O1 - Hosts: 127.1 m.c5x8.com O1 - Hosts: 127.1 www.518sfw.cn O1 - Hosts: 127.1 www.jjyyzmj.cn O1 - Hosts: 127.1 u.cnmrx.net O1 - Hosts: 127.1 duowan.czm.cn O1 - Hosts: 127.1 xccxcxcxcxcx.cn O1 - Hosts: 127.1 google-yahoo.org.cn O1 - Hosts: 127.1 tudou-net.org.cn O1 - Hosts: 127.1 downloads.zango.com O1 - Hosts: 127.1 ftp.surfnet.nl O1 - Hosts: 127.1 bis.180solutions.com O1 - Hosts: 127.1 installs.hotbar.com O1 - Hosts: 127.1 www.hbdownloads.com O1 - Hosts: 127.1 static.zangocash.com O1 - Hosts: 127.1 www.qq-songli.cn O1 - Hosts: 127.1 aa.9234.net O1 - Hosts: 127.1 www.97love.info O1 - Hosts: 127.1 97love.info O1 - Hosts: 127.1 www.zyzhuiku.cn O1 - Hosts: 127.1 zyzhuiku.cn O1 - Hosts: 127.1 www.lang18.com O1 - Hosts: 127.1 lang18.com O1 - Hosts: 127.1 sao6666.com O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [BandwidthReporter] C:\Program Files\Bandwidth Reporter\traffic.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Download all links with IDM - C:\Documents and Settings\Faiz\Desktop\Exe Files\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Documents and Settings\Faiz\Desktop\Exe Files\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Documents and Settings\Faiz\Desktop\Exe Files\IEExt.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1186238036171 O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\ad aware 07\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O24 - Desktop Component 0: (no name) - http://www.allpspgames.com/img/listado.jpg -- End of file - 9403 bytes |
 |
 
|
|
Nov 21 2008, 09:39 AM
Post
#2
|
|
 Advanced Member Group: Volunteer Security Advisor Posts: 4,595 Joined: 6-July 07 From: Finland Member No.: 31,774 |
Hi
Please visit this webpage for download links, and instructions for running ComboFix tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix Please ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Once installed, you should see a blue screen prompt that says: The Recovery Console was successfully installed. Please continue as follows:
When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system: C:\ComboFix.txt New HijackThis log. A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use. --------------------  Microsoft MVP Consumer Security 2008 2009ASAP & UNITE member since 2006 I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please. Don't post your log into other user's topic, create a new one. Provided removal instructions are meant to be used in the correspondent user's case only. Please use  button while replying |
|
|
|
|
Dec 14 2008, 09:21 AM
Post
#3
|
|
|
Advanced Member Group: Volunteer Security Advisor Posts: 4,595 Joined: 6-July 07 From: Finland Member No.: 31,774 |
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic. Thank You ! -------------------- Microsoft MVP Consumer Security 2008 2009ASAP & UNITE member since 2006 I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please. Don't post your log into other user's topic, create a new one. Provided removal instructions are meant to be used in the correspondent user's case only. Please use button while replying |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
|
Lo-Fi Version | Time is now: 21st November 2009 - 04:54 AM |