Results 1 to 2 of 2

Thread: Help with viruses A0081006.exe.vir and KillWind.exe.vir and startup files

  1. #1
    bhakti Guest

    Default Help with viruses A0081006.exe.vir and KillWind.exe.vir and startup files

    I use Zone Alarm, Avast Antivirus and Spybot, but on a recent scan the following viurses showed up:also I would like to have an idea of how I got these viruses and see below concerns about my start up files.
    Detected 6/28/07
    Scanning of selected filesAction was completed successfully!Virus has been detected!
    File Name: A0081006.exe.vir
    FileID: 11
    Virus Description: Win32:Trojan-gen. {VC}
    Scanning of selected files
    ------------------------------------------------------------------------------------------
    Program will try to scan 1 selected file(s) in the ChestMove files to temporary folder: C:\DOCUME~1\Owner\LOCALS~1\Temp\_avast4_\unp238412 299.tmp
    FileID: 0000000011
    Original file name: C:\Program Files\Anti Spyware\Alwil Software\Avast4\DATA\moved\A0081006.exe.vir
    New folder: C:\DOCUME~1\Owner\LOCALS~1\Temp\_avast4_\unp238412 299.tmp\11.virScan files in the temporary folder: C:\DOCUME~1\Owner\LOCALS~1\Temp\_avast4_\unp238412 299.tmp
    C:\DOCUME~1\Owner\LOCALS~1\Temp\_avast4_\unp238412 299.tmp\11.vir
    Win32:Trojan-gen. {VC}
    ------------------------------------------------------------------------------------------
    Action was completed successfully!

    Detected 6/28/07Scanning of selected filesAction was completed successfully!Virus has been detected!
    File Name: KillWind.exe.vir
    FileID: 12
    Virus Description: Win32:Trojan-gen. {VC}
    Scanning of selected files
    ------------------------------------------------------------------------------------------
    Program will try to scan 1 selected file(s) in the ChestMove files to temporary folder: C:\DOCUME~1\Owner\LOCALS~1\Temp\_avast4_\unp473810 43.tmp
    FileID: 0000000012
    Original file name: C:\Program Files\Anti Spyware\Alwil Software\Avast4\DATA\moved\KillWind.exe.vir
    New folder: C:\DOCUME~1\Owner\LOCALS~1\Temp\_avast4_\unp473810 43.tmp\12.virScan files in the temporary folder: C:\DOCUME~1\Owner\LOCALS~1\Temp\_avast4_\unp473810 43.tmp
    C:\DOCUME~1\Owner\LOCALS~1\Temp\_avast4_\unp473810 43.tmp\12.vir
    Win32:Trojan-gen. {VC}
    ------------------------------------------------------------------------------------------
    Action was completed successfully!
    Also Spybot reports the following start up files:
    Located: HK_LM:Run, avast!
    command: C:\PROGRA~1\ANTISP~1\ALWILS~1\Avast4\ashDisp.exe


    file: C:\PROGRA~1\ANTISP~1\ALWILS~1\Avast4\ashDisp.exe


    size: 75392



    MD5: 41b88784128c1eb3a24a928ce58b2455Located: HK_LM:Run, hpsysdrv
    command: c:\windows\system\hpsysdrv.exe


    file: c:\windows\system\hpsysdrv.exe


    size: 52736



    MD5: 06a1ecb63df139ec639e084d4ab3c9d7Located: HK_LM:Run, iTunesHelper
    command: "C:\Program Files\iTunes\iTunesHelper.exe"


    file: C:\Program Files\iTunes\iTunesHelper.exe


    size: 256576



    MD5: d2ed7af383aab672cb7e135040967954Located: HK_LM:Run, KBD
    command: C:\HP\KBD\KBD.EXE


    file: C:\HP\KBD\KBD.EXE


    size: 61440



    MD5: 4a95f15b706b8fd9ec8715b6401eab7bLocated: HK_LM:Run, KernelFaultCheck
    command: %systemroot%\system32\dumprep 0 -k


    file: C:\WINDOWS\system32\dumprep.exe


    size: 10752



    MD5: 13922eb54890c77005268882629a31feLocated: HK_LM:Run, nwiz
    command: nwiz.exe /install


    file: C:\WINDOWS\system32\nwiz.exe


    size: 323584



    MD5: 5d8d50d90cbf3b5cc32100425545394aLocated: HK_LM:Run, PS2
    command: C:\WINDOWS\system32\ps2.exe


    file: C:\WINDOWS\system32\ps2.exe


    size: 81920



    MD5: c4c523e78774e05d06efe3e10017cf6dLocated: HK_LM:Run, QuickTime Task
    command: "C:\Program Files\QuickTime\qttask.exe" -atboottime


    file: C:\Program Files\QuickTime\qttask.exe


    size: 282624



    MD5: 7fbe43046efdf24fc9375024e4d02ac9Located: HK_LM:Run, Recguard
    command: C:\WINDOWS\SMINST\RECGUARD.EXE


    file: C:\WINDOWS\SMINST\RECGUARD.EXE


    size: 212992



    MD5: d3cc7a3813123e955b3a497c04b404e2Located: HK_LM:Run, SunJavaUpdateSched
    command: "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"


    file: C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe


    size: 83608



    MD5: 9c1c80bbf8e6044980890e2d2d91091cLocated: HK_LM:Run, ZoneAlarm Client
    command: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"


    file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe


    size: 919280



    MD5: 3e1731c55f77d150791d4c7e87ad4e5cLocated: HK_LM:Run, HotKeysCmds (DISABLED)
    command: C:\WINDOWS\System32\hkcmd.exe


    file: C:\WINDOWS\System32\hkcmd.exe


    size: 114688



    MD5: 4ec9b66aa45683b89d58c3b2c3e64e49Located: HK_LM:Run, iTunesHelper (DISABLED)
    command: "C:\Program Files\iTunes\iTunesHelper.exe"


    file: C:\Program Files\iTunes\iTunesHelper.exe


    size: 256576



    MD5: d2ed7af383aab672cb7e135040967954Located: HK_LM:Run, LTMSG (DISABLED)
    command: LTMSG.exe 7


    file: C:\WINDOWS\LTMSG.exe


    size: 40960



    MD5: 4d3f3641aa76a48964102856fd7b955fLocated: HK_LM:Run, QuickTime Task (DISABLED)
    command: "C:\Program Files\QuickTime\qttask.exe" -atboottime


    file: C:\Program Files\QuickTime\qttask.exe


    size: 282624



    MD5: 7fbe43046efdf24fc9375024e4d02ac9Located: HK_LM:Run, RegistryMechanic (DISABLED)
    command:


    file:Located: HK_LM:Run, CamMonitor (DISABLED)
    command: c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe


    file: c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe


    size: 90112



    MD5: c0de87745c950f2966394837c3683ae5Located: HK_LM:Run, Share-to-Web Namespace Daemon (DISABLED)
    command: c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe


    file: c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe


    size: 69632



    MD5: d5bc63d2822b8e244e53d2ff8078cc6bLocated: HK_LM:Run, StorageGuard (DISABLED)
    command: "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r


    file: C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe


    size: 155648



    MD5: 4d04efdcb8548fdb3b29ab9154480b7bLocated: HK_CU:Run, ctfmon.exe (DISABLED)









    This one was active. I just disabled it.
    command: C:\WINDOWS\system32\ctfmon.exe


    file: C:\WINDOWS\system32\ctfmon.exe


    size: 15360



    MD5: 24232996a38c0b0cf151c2140ae29fc8Located: HK_CU:Run, NVIEW
    command: rundll32.exe nview.dll,nViewLoadHook


    file: C:\WINDOWS\system32\rundll32.exe


    size: 33280



    MD5: da285490bbd8a1d0ce6623577d5ba1ffLocated: HK_CU:Run, SpybotSD TeaTimer
    command: C:\Program Files\Anti Spyware\Spybot - Search & Destroy\TeaTimer.exe


    file: C:\Program Files\Anti Spyware\Spybot - Search & Destroy\TeaTimer.exe


    size: 1415824



    MD5: 70496eee0ddbe485f658693826f44d38Located: Startup (common), hp psc 2000 Series.lnk
    command: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe


    file: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe


    size: 323646



    MD5: 76266fcb3ec2e37c7b6477d6ba1e7869Located: Startup (common), hpoddt01.exe.lnk
    command: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe


    file: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe


    size: 28672



    MD5: a564a22308a3f55235ba2478ee82992dLocated: System.ini, crypt32chain
    command: crypt32.dll


    file: crypt32.dllLocated: System.ini, cryptnet
    command: cryptnet.dll


    file: cryptnet.dllLocated: System.ini, cscdll
    command: cscdll.dll


    file: cscdll.dllLocated: System.ini, igfxcui
    command: igfxsrvc.dll


    file: igfxsrvc.dllLocated: System.ini, ScCertProp
    command: wlnotify.dll


    file: wlnotify.dllLocated: System.ini, Schedule
    command: wlnotify.dll


    file: wlnotify.dllLocated: System.ini, sclgntfy
    command: sclgntfy.dll


    file: sclgntfy.dllLocated: System.ini, SensLogn
    command: WlNotify.dll


    file: WlNotify.dllLocated: System.ini, termsrv
    command: wlnotify.dll


    file: wlnotify.dllLocated: System.ini, WgaLogon
    command: WgaLogon.dll


    file: WgaLogon.dllLocated: System.ini, wlballoon
    command: wlnotify.dll


    file: wlnotify.dll





    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm (Free)

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,287

    Default Re: Help with viruses A0081006.exe.vir and KillWind.exe.vir and startup files

    Hi!Try to get your system cleaned by malware experts.First follow these steps (link):http://wiki.castlecops.com/MRPThen post your HijackThis Log here:http://www.castlecops.com/f67-Hijack...ans_Oh_My.htmlCheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •