Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Join the Team

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Pending] HJT Logs » Ahsan Manan Virus

[Pending] HJT Logs - Ahsan Manan Virus posted in the Security & Safety forums; My Pc got this virus that had changed my IE title to "Ahsan Manan ...", also changed "My Computer" to "Ahsan's Computer", My documents" to "Ahsan's Documents", Recycle Bin" to ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 1 of 2 1 2 >
  #1  
Old 07-14-2008
Bronze Member
  
Join Date: Jul 2008
Posts: 6
PC Experience: Experienced
dearsir - See this Members User comments on their Profile page
Default Ahsan Manan Virus
My Pc got this virus that had changed my IE title to "Ahsan Manan ...", also changed "My Computer" to "Ahsan's Computer", My documents" to "Ahsan's Documents", Recycle Bin" to "GW Bush". Also I am unable to start "Command Prompt", "RegEdit". Can not show Hidden Files, can not unhide the file extensions for known file types, have no "Run" option in the start menu etc. I had read another topic with the same issue and there the technical person had suggested to run Hijeck this and one other program and then have to paste the results. I am attaching the same results for my PC here. Please advice me what I need to do.

Thanks in Advance.

=============

Deckard's System Scanner v20071014.68
Run by HP_Owner on 2008-07-14 19:18:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
System Restore is disabled; attempting to re-enable...success.

-- Last 1 Restore Point(s) --
1: 2008-07-14 14:18:59 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-14 19:20:12
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\System.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\symwsc.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\hp\KBD\kbd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\regedit.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\HP_Owner\Desktop\dss.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://amkbpk.110mb.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://amkbpk.110mb.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Ahsan Manan Khan Bhutta * Internet Explorer *
F0 - system.ini: Shell=explorer.exe, System.exe
F2 - REG:system.ini: Shell=explorer.exe, System.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NAVShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: (no name) - - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NAVShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [IcoSet] c:\hp\bin\cloaker.exe c:\hp\bin\IcoSet\adjust.bat seticon
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd
O4 - HKLM\..\Run: [RRT-Auto] C:\Documents and Settings\HP_Owner\Desktop\RRT\RRT.exe auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Runonce] C:\WINDOWS\CSRSS.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: winlogon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{B9156090-E59A-412C-922F-94987A0294B5}: NameServer = 192.168.1.20
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPWDSVC.EXE
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\symwsc.exe

--
End of file - 6822 bytes
-- File Associations -----------------------------------------------------------
.bat - txtfile - DefaultIcon - %SystemRoot%\system32\shell32.dll,-152
.bat - txtfile - shell\open\command - %SystemRoot%\system32\NOTEPAD.EXE %1
.bat - txtfile - shell\edit\command - unable to read value
.cmd - txtfile - DefaultIcon - %SystemRoot%\system32\shell32.dll,-152
.cmd - txtfile - shell\open\command - %SystemRoot%\system32\NOTEPAD.EXE %1
.cmd - txtfile - shell\edit\command - unable to read value
.com - txtfile - DefaultIcon - %SystemRoot%\system32\shell32.dll,-152
.com - txtfile - shell\open\command - %SystemRoot%\system32\NOTEPAD.EXE %1
.reg - txtfile - DefaultIcon - %SystemRoot%\system32\shell32.dll,-152
.reg - txtfile - shell\open\command - %SystemRoot%\system32\NOTEPAD.EXE %1
.reg - txtfile - shell\edit\command - unable to read value
.vbs - exefile - DefaultIcon - %1
.vbs - exefile - shell\open\command - "%1" %*
.vbs - exefile - shell\edit\command - unable to read value

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
All services whitelisted.

-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------
2008-07-15 04:52:12 412 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-07-15 04:52:11 536 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - HP_Owner.job

-- Files created between 2008-06-14 and 2008-07-14 -----------------------------
2008-07-15 04:48:54 261351 -rahs---- C:\WINDOWS\System.exe
2008-07-15 04:48:54 261351 --a------ C:\WINDOWS\Home Video.exe
2008-07-15 04:48:54 261351 -rahs---- C:\WINDOWS\CSRSS.exe
2008-07-15 04:48:05 0 dr-h----- C:\Documents and Settings\HP_Owner\Recent
2008-07-15 04:47:25 0 dr------- C:\Documents and Settings\HP_Owner\Favorites
2008-07-15 04:47:25 0 d-------- C:\Documents and Settings\HP_Owner\Desktop
2008-07-15 04:47:25 0 d---s---- C:\Documents and Settings\HP_Owner\Cookies
2008-07-15 04:47:25 0 dr-h----- C:\Documents and Settings\HP_Owner\Application Data
2008-07-15 04:47:25 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Symantec
2008-07-15 04:47:25 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Sun
2008-07-15 04:47:25 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\SampleView
2008-07-15 04:47:25 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Real
2008-07-15 04:47:25 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Identities
2008-07-15 04:47:25 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Apple Computer
2008-07-15 04:47:24 0 d-------- C:\Documents and Settings\HP_Owner\WINDOWS
2008-07-15 04:47:24 0 d--h----- C:\Documents and Settings\HP_Owner\Templates
2008-07-15 04:47:24 0 dr------- C:\Documents and Settings\HP_Owner\Start Menu
2008-07-15 04:47:24 0 dr-h----- C:\Documents and Settings\HP_Owner\SendTo
2008-07-15 04:47:24 0 d--h----- C:\Documents and Settings\HP_Owner\PrintHood
2008-07-15 04:47:24 1310720 --ah----- C:\Documents and Settings\HP_Owner\NTUSER.DAT
2008-07-15 04:47:24 0 d--h----- C:\Documents and Settings\HP_Owner\NetHood
2008-07-15 04:47:24 0 dr------- C:\Documents and Settings\HP_Owner\My Documents
2008-07-15 04:47:24 0 d--h----- C:\Documents and Settings\HP_Owner\Local Settings
2008-07-15 04:47:09 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2008-07-15 04:46:32 10368 -----n--- C:\WINDOWS\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
2008-07-15 04:46:32 21060 -----n--- C:\WINDOWS\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
2008-07-15 04:45:36 204800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2008-07-15 04:45:36 188416 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2008-07-15 04:45:36 192512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2008-07-15 04:45:36 192512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2008-07-15 04:45:36 200704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2008-07-15 04:45:36 20480 --a------ C:\WINDOWS\system32\IVIresize.dll
2008-07-15 04:45:30 0 d-------- C:\Program Files\InterVideo
2008-07-15 04:44:59 1040 --a------ C:\WINDOWS\system32\drivers\alcxinit.dat
2008-07-15 04:43:36 0 d-------- C:\Documents and Settings\Default User\WINDOWS
2008-07-15 04:43:36 0 d-------- C:\Documents and Settings\Default User\Application Data\Symantec
2008-07-15 04:43:36 0 d-------- C:\Documents and Settings\Default User\Application Data\Sun
2008-07-15 04:43:36 0 d-------- C:\Documents and Settings\Default User\Application Data\SampleView
2008-07-15 04:43:36 0 d-------- C:\Documents and Settings\Default User\Application Data\Real
2008-07-15 04:43:36 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2008-07-15 04:42:02 0 d-------- C:\WINDOWS\Prefetch
2008-07-15 04:32:33 0 d--hs---- C:\System Volume Information
2008-07-15 04:30:53 248 --a------ C:\WINDOWS\system\hpsysdrv.dat
2008-07-15 04:29:19 0 d-------- C:\WINDOWS\I386
2008-07-15 04:21:38 0 dr------- C:\Program Files
2008-07-15 04:21:13 0 dr-h----- C:\MSOCache
2008-07-15 04:21:10 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-07-15 04:21:09 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-07-15 04:21:09 0 d--h----- C:\Documents and Settings\Default User\Local Settings
2008-07-15 04:21:09 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-07-15 04:21:09 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-07-15 04:21:09 0 dr------- C:\Documents and Settings\All Users\Documents
2008-07-15 04:21:04 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-07-15 04:20:44 0 dr------- C:\WINDOWS\Offline Web Pages
2008-07-15 04:19:34 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-07-14 18:22:40 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Adobe
2008-07-14 18:13:41 261351 -rahs---- C:\CSRSS.exe
2008-07-14 18:13:40 0 d-------- C:\log
2008-07-14 17:19:48 0 d-------- C:\Documents and Settings\Owner\Application Data
2008-07-14 17:19:48 0 d-------- C:\Documents and Settings\Owner\Application Data\Symantec
2008-07-14 17:09:16 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-07-14 17:09:16 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-14 17:09:16 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-14 17:09:16 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-14 17:09:16 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-07-14 17:09:16 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-14 17:09:16 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-14 17:09:16 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-07-14 17:09:16 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-14 17:09:16 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-07-14 17:09:16 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-14 17:09:16 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-07-14 17:09:16 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-14 17:09:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-07-14 17:09:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-07-14 17:09:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-07-14 17:09:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-07-14 17:09:16 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-14 17:09:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-07-14 17:09:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-07-14 17:09:15 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-14 16:18:36 0 d-------- C:\Documents and Settings\HP_Owner\Application Data\Macromedia
2008-07-14 16:09:23 0 d-------- C:\WINDOWS\Sun
2008-07-14 16:00:46 0 d-------- C:\Program Files\SymNetDrv
2008-07-14 15:57:56 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-07-14 15:57:30 0 d---s---- C:\Documents and Settings\HP_Owner\UserData

-- Find3M Report ---------------------------------------------------------------
2008-07-15 04:45:55 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-15 04:29:12 0 d-------- C:\Program Files\Windows NT
2008-07-14 18:14:00 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-14 16:51:50 0 d-------- C:\Program Files\Norton AntiVirus

-- Registry Dump ---------------------------------------------------------------

The command prompt has been disabled by your administrator.
Press any key to continue . . .

-- End of Deckard's System Scanner: finished at 2008-07-14 19:20:49 ------------


=============
  #2  
Old 07-15-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,087
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Ahsan Manan Virus
Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for downloading and instructions for running the tool:

Go here ======> A guide and tutorial on using ComboFix <====== Go here

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use SP2

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should get a prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

============================

Please download SDFix from here and save it to your desktop

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Please copy and paste that log in your next reply.


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #3  
Old 07-15-2008
Bronze Member
  
Join Date: Jul 2008
Posts: 6
PC Experience: Experienced
dearsir - See this Members User comments on their Profile page
Default Re: Ahsan Manan Virus
Hello sir, thanks for your help in my problem. I had tried to follow the instructions and I was trying to read the ComboFix page of instructions and I had read there about the Recovery Console and its download and instructions page. When I tried to load that page then it is continuosly closing and it is due to the virus that I have with the name "Ahsan". Well I had got the text from that page with great difficulty. I got the link but it was the link of not the recovery console but the Boot Disk making file. Well I had downloaded and followed the instructions to drag this file onto the ComboFix.exe file. When I done that then it had started the ComboFix loader and as it finished, it opened a garbage text in notepad. What I will do now. Please Help.
  #4  
Old 07-15-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,087
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Ahsan Manan Virus
Can you just run the Combofix and do a scan with it.If so,do that and post the log.


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #5  
Old 07-15-2008
Bronze Member
  
Join Date: Jul 2008
Posts: 6
PC Experience: Experienced
dearsir - See this Members User comments on their Profile page
Default Re: Ahsan Manan Virus
ok Sir I will do that and will post you in some minutes.

Thanks
  #6  
Old 07-15-2008
Bronze Member
  
Join Date: Jul 2008
Posts: 6
PC Experience: Experienced
dearsir - See this Members User comments on their Profile page
Default Re: Ahsan Manan Virus
Sir I had just run it and it again finished in just 2-3 seconds and open the garbage in a notepad and it looks the same as I got when I drag and dropped the Windows Recovery Console Installation File on ComboFix.exe . I am running it in normal mode and not in safe mode. Do I have to run anything prior to ComboFix or may I have to change to Safe Mode first. Please advice.

Thanks
  #7  
Old 07-15-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,087
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Ahsan Manan Virus
Do not bother with the Recovery Console.Get Combofix from here and just run it...

http://www.forospyware.com/sUBs/ComboFix.exe


__________________
  • An Australian Member of
  • and
My real name is Eddy

Reply
Satellite TV on your PC - over 3000 Channels! Click Here!
Page 1 of 2 1 2 >

Bookmarks

Tags
ahsan , manan , virus

« Port blocking virus, I need log analysis | please help me as soon as possible! »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

Contact Us - PC Help Forum - Site Map - Privacy Statement - Top

All times are GMT +1. The time now is 05:06 AM.
Powered by vBulletin
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 RC7
All Graphics & Content Copyright © 2004-2008 - PC Help Forum.com


Back to Top
Ringtones
Ringtones are an important revenue stream for all major record companies since illegal downloads became popular.

Haifa Wehbe
A site about top model and singer Haifa Wehbe, including photos, magazine scans, albums, videos, mp3s, wallpapers and news.

Problem Mortgage
Problem mortgage information and advice from the experts at Ocean Finance.