Can somebody please help me as my computer is being attacked by a worm - the worm is called Intrusion.win.mssql.worm.helkern
I did start a thread a few days ago about this same problem but my thread has mysteriously disappeared from the PCHF forum boards (Not sure if this was due to the virus??) The first instance of the virus was found thursday the 21st Feb and i've just (Saturday 23rd) had 2 more of the same named worm try and attack me AGAIN!! - the virus was found and blocked by kaspersky internet security v7.Can any of the PCHF security experts help me??They've helped me before and i found them to be genius's - keep up the great work guys!!Also if any of the other members have any ideas all help and advice will be taken up and be very much appreciated and ---> i've also posted a superantispywarePRO log and AVG Anti-spyware log both in safe mode and a HJT log Ran in normal mode and followed all the pre-work after thursday's attack - I know this is a long complaint but i am worried about what the worm will do to my pc - THANK YOU in Advance -R@zZ@

Also i forgot to mention in the above post a few more technical details which i dont know anything about -

SOURCE
202.103.11.41 and 218.98.194.2 (One attack from the first I.P and Two from the second)

PROTOCOL
UDP

LOCAL
1434

these are the details given by kaspersky internet security as well as the virus name which ive left out as its in the above post

THANKS AGAIN - R@zZ@

Edit: Moved to Hijackthis Logs Forum

Attached Files

	AVG_Report-Scan-20080222-190208_safe_mode.txt (788 Bytes, 1 views)
	SUPERAntiSpyware Scan Log - 02-22-2008 - 19-54-48.log (1.6 KB, 1 views)
	hijackthis_22_2_08.txt (8.4 KB, 1 views)

Well, while you wait for a Security member to reply to you, you could do an online virus scan (free) via TREND MICRO HouseCall 6.5

Yeah thanx a lot for the link Bro; - im also getting spyware from this website :- http://searchportal.information.com/...BaDQpQE1QNCFZe
Z1xdQhVZVRtnTBdfCRZHFU1RCgseFlsUWwcbWBMGE0dZVl8MVw
( | )
This website URL ( | )Goes all the way down here!!! >>>>>>>>>
Move the blue bar across @ the bottom

This must be one of the longest URL's i've ever seen and if anybody at all can help that would be great!! I'm also starting to get huge LAG in my computer when opening apps....
Thanx for the help i WILL donate soon as my pc is CLEAN and i can put my credit card details on the internet SAFELY without being made bankrupt because of it lol - Thanx again...Razza

I just did an online scan with trend micro house call 6.5 (thanx for the link dark lord!!) and it came up with the following infections :-

ADWARE
1) Xlocater
2) 180 solutions
3) Best Offers

AND!!

DIALER_85

Hope this helps the security team as i havent had a reply yet but did speak 2 somebody on my other thread about the worm infection as mentioned in my first post at top of this screen - Razza

Please download SDFix from here and save it to your desktop

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Post that log in your next reply.

=========================================

Please download Combofix from any of the links below, and save it to your desktop. For further information regarding this download you can see this on this Information Page

Combofix Link 1
Combofix Link 2
Combofix Link 3

**Note: It is important that it is saved directly to your desktop**
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Double click on combofix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Caution...Never run and remove files using ComboFix without being supervised by a security analyst.

Hey Pancake,
Just ran the SDFix and Combo-Fix scans and i think it came up with some trojan and other infected files!!Here are the logs and if you could take a look at them that would be great.....
Thank you for your help Pancake, Razza

Attached Files

	Combo-Fix-log.txt (14.8 KB, 1 views)
	SD-FIX-report-27-2-08.txt (2.5 KB, 1 views)
	hijackthis-27-2-08.txt (8.4 KB, 1 views)

Please will you copy and paste logs,not attatch them..thanks.

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the text in the quotebox below into it:
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.


Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*