Scan your PC for Errors

Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Noticeboard
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » [Fixed] backtera virus

[Fixed] Hijackthis! Logs - [Fixed] backtera virus posted in the Security & Safety forums; Hi guys, think I might have this so called BACTERA VIRUS... Had a website pop up that i had it and that I should download there virus-protection... i have used ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 1 of 5 1 2 3 4 5 >
  #1  
Old 05-28-2006
Bronze Member
  
Join Date: May 2006
Location: England
Posts: 16
wolfey - See this Members User comments on their Profile page
Default [Fixed] backtera virus
Hi guys, think I might have this so called BACTERA VIRUS... Had a website pop up that i had it and that I should download there virus-protection... i have used an adware removal tool and I have AVG Anti-Virus but not sure if I've still got it...

I have followed some of your instructions and have attached the reports that i have got from ewido and hackthis...

Hope you can Help
Wolfey...
Attached Files
File Type: txt Scan report_20060528.txt.txt (5.5 KB, 8 views)
File Type: log hijackthis.log (5.8 KB, 6 views)


  #2  
Old 05-28-2006
ladygreenwitch's Avatar
HR Director
My PC
 
Join Date: Jul 2005
Location: Bay Area California
Posts: 5,769
PC Experience: PC Illiterate
ladygreenwitch - See this Members User comments on their Profile page ladygreenwitch - See this Members User comments on their Profile page ladygreenwitch - See this Members User comments on their Profile page ladygreenwitch - See this Members User comments on their Profile page ladygreenwitch - See this Members User comments on their Profile page ladygreenwitch - See this Members User comments on their Profile page ladygreenwitch - See this Members User comments on their Profile page ladygreenwitch - See this Members User comments on their Profile page ladygreenwitch - See this Members User comments on their Profile page ladygreenwitch - See this Members User comments on their Profile page ladygreenwitch - See this Members User comments on their Profile page
Default
Hey Wolfey,

Welcome to PCHF. We have a great group of techs here, can I am positive that we can help you.

Thank you for following the PreWork instructions prior to posting, it really does make it that much faster to help resolve your RLM (rotton little monster) infections.

Let me take a look at your logs, and I will be back as soon as possible.

TTFN

LGW
  #3  
Old 05-28-2006
ladygreenwitch's Avatar
HR Director
My PC
 
Join Date: Jul 2005
Location: Bay Area California
Posts: 5,769
PC Experience: PC Illiterate
ladygreenwitch - See this Members User comments on their Profile page ladygreenwitch - See this Members User comments on their Profile page ladygreenwitch - See this Members User comments on their Profile page ladygreenwitch - See this Members User comments on their Profile page ladygreenwitch - See this Members User comments on their Profile page ladygreenwitch - See this Members User comments on their Profile page ladygreenwitch - See this Members User comments on their Profile page ladygreenwitch - See this Members User comments on their Profile page ladygreenwitch - See this Members User comments on their Profile page ladygreenwitch - See this Members User comments on their Profile page ladygreenwitch - See this Members User comments on their Profile page
Default
OK Wolfey,

Here we go; Please download , Shoot the Messenger, and Spy Sweeper from my signature. Install and update Spy Sweeper, but do not run it yet.

Please make sure that your System Restore is still disabled, and boot into Safe Mode.

Please start by running CCleaner again, as in the previous instructions. Then run a full system scan with Spy Sweeper, let it fix anything that it finds, and make sure to save the log at the very end.

Then run Shoot the Messenger, very self explanatory.

Then run HijackThis and fix the following. Locate and delete the files in Bold when you are finished.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.philips.com/
O2 - BHO: XBTBPos00 - {E552EEFC-DE97-45D4-BA1A-F534A1B4A579} - C:\PROGRA~1\MORPHE~1\MORPHE~1.DLL (file missing)
- HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000106.exe


C:\Program Files\Internet Explorer\ hmmapi.exe

Now reboot your PC into normal mode, and run a new HJT log, posting it back here.

Looking forward to your reply,

TTFN

LGW
  #4  
Old 05-28-2006
Bronze Member
  
Join Date: May 2006
Location: England
Posts: 16
wolfey - See this Members User comments on their Profile page
Default
Right, I've followed all those instructions (properly), I hope and i've attached the new HJT file...
Attached Files
File Type: log hijackthis.log (5.7 KB, 6 views)


  #5  
Old 05-28-2006
joe5's Avatar
Elite Member
My PC
 
Join Date: Jun 2005
Location: Netherlands
Posts: 9,036
joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page
Default
Hya Wolfey.

Can you also post the Spysweeper log? And also please let Ewido run again and have it fix everything it finds this time.

Then boot in safemode again.


Click Start>Run and type in: services.msc
Click OK
In the Services window find: Firewall service
Select/highlight and right click the entry, and choose: Properties
On the General tab, under Service Status click the Stop button
Beside: Startup Type, in the drop menu, select: Disabled
Click Apply, then OK

Open HJT and click config > misc tools > ?delete an NT service?
Copy and past: FWSvc
Click OK.



And after that fix these with hjt if still present:

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {B5141620-C2B2-4D95-9F0F-134D99C87AB0} - (no file)
O2 - BHO: XBTBPos00 - {E552EEFC-DE97-45D4-BA1A-F534A1B4A579} - C:\PROGRA~1\MORPHE~1\MORPHE~1.DLL (file missing)
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing)

Then reboot to normal mode and then upload this file:

C:\Program Files\Movie Maker\WMM2RES2.exe

To this site:

http://www.virustotal.com/en/indexf.html

And report back the result of that scan , plus a new hjt log please.


__________________
- PCHF Team. - (NL) - Mal-ware Eradicator! -
  #6  
Old 05-28-2006
ladygreenwitch's Avatar
HR Director
My PC
 
Join Date: Jul 2005
Location: Bay Area California
Posts: 5,769
PC Experience: PC Illiterate
ladygreenwitch - See this Members User comments on their Profile page ladygreenwitch - See this Members User comments on their Profile page ladygreenwitch - See this Members User comments on their Profile page ladygreenwitch - See this Members User comments on their Profile page ladygreenwitch - See this Members User comments on their Profile page ladygreenwitch - See this Members User comments on their Profile page ladygreenwitch - See this Members User comments on their Profile page ladygreenwitch - See this Members User comments on their Profile page ladygreenwitch - See this Members User comments on their Profile page ladygreenwitch - See this Members User comments on their Profile page ladygreenwitch - See this Members User comments on their Profile page
Default
Hey Joe, thanks,

Just found out about WinAntiVirus Pro 2006 being a fake. There should be some industry policing of this kind of thing, it's rediculous.

@Wolfey, don't worry, Joe is THE BEST! We'll get you clean. BTW, did you actually purchase WinAntiVirus Pro 2006?

Looking forward to your reply,

TTFN

LGW
  #7  
Old 05-28-2006
Bronze Member
  
Join Date: May 2006
Location: England
Posts: 16
wolfey - See this Members User comments on their Profile page
Default
Hello guys, just want to a say a big thank you so far for your help... Wouldn't have a clue otherwise...

No I didn't purchase WinAntiVirus Pro 2006 , its just poped up and the next thing you I've got it...

Right, I've followed your new instructions and have attached the scan logs, including the spyweeper one from before these instructions...

Also I couldn't find WMM2RES2.exe, the nearest thing I could find is WMM2RES2.dll... I cant upload the results but they all came back with no virus found....

Thanks again guys...
Attached Files
File Type: txt Scan report_20060528.txt.txt (2.3 KB, 4 views)
File Type: log hijackthis.log (5.3 KB, 4 views)



Reply
Satellite TV on your PC - over 3000 Channels! Click Here!
Page 1 of 5 1 2 3 4 5 >

Bookmarks

« [Fixed] Pls take a look at this log | [Resolved] hijackthis »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

Con