Virus Heat Rogue Anti-Spyware.
pca_Jamie - 12 February 2008 - 8:27pm
<p>I downloaded and opened, or so I thought, an add on for Media Player. It turned out to be Virus Heat. The Quick start icon was still there. </p>
<p>I've reloaded IE7 due to another problem and it has now gone. I think I have cleaned it out, but on another forum have been advised to post a Hijack this file.</p>
<p>Can someone just make sure as AVG picked up 5 virus threats tonight.</p>
<p>Or anything else that should be removed!!</p>
<p>Thanks.</p>
<p>Logfile of Trend Micro HijackThis v2.0.2<br />
Scan saved at 20:10:23, on 12/02/2008<br />
Platform: Windows XP SP2 (WinNT 5.01.2600)<br />
MSIE: Internet Explorer v7.00 (7.00.6000.16574)<br />
Boot mode: Normal</p>
<p>Running processes:<br />
C:\WINDOWS\System32\smss.exe<br />
C:\WINDOWS\system32\winlogon.exe<br />
C:\WINDOWS\system32\services.exe<br />
C:\WINDOWS\system32\lsass.exe<br />
C:\WINDOWS\system32\svchost.exe<br />
C:\WINDOWS\System32\svchost.exe<br />
C:\WINDOWS\system32\ZoneLabs\vsmon.exe<br />
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe<br />
C:\WINDOWS\Explorer.EXE<br />
C:\WINDOWS\system32\spoolsv.exe<br />
C:\Program Files\Apoint2K\Apoint.exe<br />
C:\WINDOWS\AGRSMMSG.exe<br />
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe<br />
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe<br />
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe<br />
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe<br />
C:\WINDOWS\system32\hphmon05.exe<br />
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe<br />
C:\Program Files\QuickTime\QTTask.exe<br />
C:\WINDOWS\system32\bcmwltry.exe<br />
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe<br />
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe<br />
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe<br />
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe<br />
C:\Program Files\iTunes\iTunesHelper.exe<br />
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe<br />
C:\Program Files\Common Files\Real\Update_OB\realsched.exe<br />
C:\WINDOWS\system32\ctfmon.exe<br />
C:\Program Files\Messenger\msmsgs.exe<br />
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe<br />
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe<br />
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe<br />
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe<br />
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe<br />
C:\Program Files\Bonjour\mDNSResponder.exe<br />
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe<br />
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe<br />
C:\WINDOWS\system32\lxdicoms.exe<br />
C:\WINDOWS\system32\nvsvc32.exe<br />
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe<br />
C:\WINDOWS\system32\svchost.exe<br />
C:\Program Files\Apoint2K\Apntex.exe<br />
C:\Program Files\iPod\bin\iPodService.exe<br />
C:\WINDOWS\System32\svchost.exe<br />
C:\WINDOWS\system32\wuauclt.exe<br />
C:\Program Files\Mozilla Firefox\firefox.exe<br />
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe</p>
<p>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = <a href="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q304&bd=presario&pf=laptop">http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q304&bd=presario&pf=laptop</a><br />
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.google.co.uk/">http://www.google.co.uk/</a><br />
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://go.microsoft.com/fwlink/?LinkId=69157">http://go.microsoft.com/fwlink/?LinkId=69157</a><br />
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = <a href="http://go.microsoft.com/fwlink/?LinkId=54896">http://go.microsoft.com/fwlink/?LinkId=54896</a><br />
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = <a href="http://go.microsoft.com/fwlink/?LinkId=54896">http://go.microsoft.com/fwlink/?LinkId=54896</a><br />
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://go.microsoft.com/fwlink/?LinkId=69157">http://go.microsoft.com/fwlink/?LinkId=69157</a><br />
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = <a href="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q304&bd=presario&pf=laptop">http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q304&bd=presario&pf=laptop</a><br />
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local<br />
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll<br />
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll<br />
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll<br />
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll<br />
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll<br />
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)<br />
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll (file missing)<br />
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL<br />
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL<br />
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll<br />
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32<br />
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC<br />
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName<br />
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe<br />
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe<br />
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install<br />
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe<br />
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start<br />
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r<br />
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"<br />
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe<br />
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"<br />
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe<br />
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime<br />
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe<br />
O4 - HKLM\..\Run: [RemoveCpl] RemoveCpl.exe<br />
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP<br />
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"<br />
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"<br />
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"<br />
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s<br />
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"<br />
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe<br />
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot<br />
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe<br />
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background<br />
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe<br />
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe<br />
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe<br />
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')<br />
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')<br />
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')<br />
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')<br />
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')<br />
O4 - Global Startup: BTTray.lnk = ?<br />
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000<br />
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm<br />
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll<br />
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll<br />
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll<br />
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll<br />
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL<br />
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll<br />
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll<br />
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe<br />
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe<br />
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe<br />
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe<br />
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll<br />
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe<br />
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe<br />
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe<br />
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe<br />
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe<br />
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe<br />
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe<br />
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe<br />
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe<br />
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe<br />
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe<br />
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe<br />
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe<br />
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe<br />
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe<br />
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe</p>
<p>--<br />
End of file - 11018 bytes</p>
Log in to PCAnswers
How to...
Setup a WiFi Network
Christian Hall - 26 September 2008 - 2:13pm
Christian shows you how to install and setup a new router and broadband connection. He covers the basics from what each connection on your router is to how to secure your network in the administration panel. ... read more »
Latest PC news from TechRadar
- Exclusive: Virgin & ITV: Internet details not yet finalised
- Ballmer's CES keynote - all the details
- Virgin Media seals on-demand deal with ITV
- AMD rolls out much improved Phenom II CPU
- In Depth: Is 45nm silicon enough to save AMD?
- Windows 7 Beta available worldwide Friday
- Sony launches world's lightest 8-inch netbook
- Skype officially launches standalone videophone
Copyright 2006 - 2008 Future Publishing Limited(company registered number 2008885), a company registered in England and Wales
whose registered office is at Beauford Court, 30 Monmouth Street, Bath, BA1 2BW, UK
Virus Heat Rogue Anti-Spyware.
Glamdring - 12 February 2008 - 10:15pm<p>Unless you're certain this is okay then delete this item:</p>
<p>O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe</p>
<p>and these two are redundant:</p>
<p> O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll (file missing)<br />
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)</p>
Virus Heat Rogue Anti-Spyware.
pca_Jamie - 13 February 2008 - 5:01pm<p>Thank you for your help, much appreciated. I wouldn't know what to look for.</p>
Virus Heat Rogue Anti-Spyware.
Vino Rosso - 25 February 2008 - 12:45pm<p>Might want to make sure you've got all the infection...</p>
<p><span style="color:blue"><span style="font-weight:bold"><span style="text-decoration:underline">1 - SmitfraudFix</span></span></span><br />
Delete any version of SmitfraudFix you may already have - this is important as SmitfraudFix is updated very frequently<br />
Download <span style="font-weight:bold">SmitfraudFix (by S!Ri)</span> to your Desktop from <a href="http://siri.urz.free.fr/Fix/SmitfraudFix.exe" class="bb-url"><span style="color:red"><span style="font-weight:bold">>here<</span></span></a> <br />
Double-click <span style="font-weight:bold">smitfraudfix.exe</span> <br />
Select option <span style="font-weight:bold">#1 - Search</span> by typing <span style="font-weight:bold">1</span> and press <span style="font-weight:bold">Enter</span> <br />
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named <span style="font-weight:bold">rapport.txt</span> in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply. </p>
<p><span style="color:red">IMPORTANT: Do NOT run any other options until you are asked to do so!</span> </p>
<p><span style="font-size:10px"><span style="font-weight:bold"><span style="color:#3366FF">Note</span></span>: <span style="color:#FF0000"><span style="font-weight:bold">process.exe</span></span> <span style="color:#3366FF">is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.</span> </span></p>
<p><span style="color:blue"><span style="font-weight:bold"><span style="text-decoration:underline">2 - Uninstall List</span></span></span><br />
Run HijackThis then click on <span style="font-weight:bold">Open the Misc Tools section</span><br />
<span style="font-style:italic">If HijackThis is still open, click on <span style="font-weight:bold">Config</span> > <span style="font-weight:bold">Misc Tools</span></span> <br />
Click on <span style="font-weight:bold">Open Uninstall Manager...</span><br />
Click on <span style="font-weight:bold">Save list...</span><br />
Leave the default filename as <span style="font-weight:bold">uninstall_list.txt</span> and save the file, noting where it has been saved<br />
Close HijackThis.</p>
<p><span style="color:blue"><span style="font-weight:bold"><span style="text-decoration:underline">3 - Check on status</span></span></span><br />
After you have completed the above, please reboot and post:<ul class="bb-list" style="list-style-type:circle;"><li>the SmitfraudFix output file <span style="font-weight:bold">rapport.txt</span></li><li>the <span style="font-weight:bold">uninstall_list.txt</span></li></ul></li><span style="color:#990033"><span style="font-weight:bold">Vino</span></span></p>[/]