ozmagic

Members
  • Content Count

    3
  • Joined

  • Last visited

Community Reputation

0 Neutral

About ozmagic

  • Rank
    Newbie
  1. Oh ok. I found this thread doing a search on Google so didn't know. Anyway I am still virus free today so the method I used worked. AVG indentifies the file as a red file that it cannot read and Hijack This will list the file name as the same as the unreadable red file in AVG.
  2. I think I have fixed this so anyone who was going to help thanks but I nailed it. I have AVG which shows you the files and viruses but only removes the viruses and not the file generating the viruses. That file shows up on AVG first when you do a scan as a red coloured exe file that AVG cannot read but identifies. This file changes it's name everytime you start up your computer. I downloaded Hijack This and did a scan......I then compared the file names in Hijack This to the red unreadable file that AVG shows you in the first seconds of it's scan and viola there was a match. I used Hijack This to fix that file. Prior to this I disabled the system restore box in the Control Panel in "System". After scanning and fixing the file I re-enabled the system restore box, shut the computer down, restarted and AVG did not come up with the unreadable red file. I think that did the trick. You should only check the matching file shown in both AVG and Hijack This though and no other box.
  3. Hi, my computer is infected so I came looking for a fix. Have downloaded and run the program and have this log file to post but computer is still infected. Can anyone help me to get rid of this please. Many thanks in advance. Fixwareout ver 1.003 Last edited 07/1/2006 Post this report in the forums please Reg Entries that were deleted HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8A99A25D7DC3-994A-FAB4-18CB-BE774382{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6A422AC692CA-A0BB-0DB4-C825-F416DAA5{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0EA8A4B42B80-E1FB-7CC4-ECCE-D7F22134{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DA39BAE12690-AEE9-C594-F52E-88AE31D5{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A5D8232F8D45-08FA-7274-FFE4-8DBF682A{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4FA960B57581-9E2B-1184-9F05-E3FE2BCC{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\sjlmd HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3C446AC6F932-A45B-E174-7CB2-6DE05B5D{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D3DB14E7B1A6-4D5A-49D4-E4A4-D53BD9F3{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\swen HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ogol HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eno HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eerht HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ruof HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\evif ... Microsoft ® Windows Script Host Version 5.6 Random Runs removed from HKLM "dmljs.exe"=- ... PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. Example ipsec6.exe is legitimate »»»»» Search by size and names... * csr.exe C:\WINDOWS\System32\CSLWA.EXE * csr.exe C:\WINDOWS\System32\CSGJC.EXE * csr.exe C:\WINDOWS\System32\CSARQ.EXE * csr.exe C:\WINDOWS\System32\CSPKQ.EXE * csr.exe C:\WINDOWS\System32\CSGZJ.EXE »»»»» Misc files * thequicklink C:\WINDOWS\System32\{FB172~1.DLL * thequicklink C:\WINDOWS\System32\{D2BB1~1.DLL * thequicklink C:\WINDOWS\System32\{71EBE~1.DLL * thequicklink C:\WINDOWS\System32\{679E8~1.DLL »»»»» Checking for older varients covered by the Rem3 tool »»»»» Search five digit cs, dm and jb files This WILL/CAN also list Legit Files, Submit them at Virustotal C:\WINDOWS\SYSTEM32\CSLWA.EXE 51,251 2006-07-08 C:\WINDOWS\SYSTEM32\CSGJC.EXE 51,251 2006-07-08 C:\WINDOWS\SYSTEM32\CSARQ.EXE 51,251 2006-07-01 C:\WINDOWS\SYSTEM32\CSPKQ.EXE 51,251 2006-07-08 C:\WINDOWS\SYSTEM32\CSGZJ.EXE 51,251 2006-07-08 C:\WINDOWS\SYSTEM32\DMMGJ.EXE 44,127 2001-08-23 C:\WINDOWS\SYSTEM32\DMKEQ.EXE 44,127 2001-08-23 C:\WINDOWS\SYSTEM32\DMAQV.EXE 44,127 2001-08-23 C:\WINDOWS\SYSTEM32\DMFUE.EXE 44,127 2001-08-23 C:\WINDOWS\SYSTEM32\DMLJS.EXE 44,127 2001-08-23 C:\WINDOWS\SYSTEM32\DMRHL.EXE 44,130 2001-08-23 Other suspects Directory of C:\WINDOWS\system32 {679E86A9-FFF7-406A-B7D9-F1D00ECAE3E0}.dll {71EBE794-CFE1-4AF8-AFF6-6CE78711C4C8}.dll {D2BB1710-B8CA-48D9-A083-2053E4115718}.dll {FB172EBB-69A6-447D-8EFB-63646DB8985C}.dll {3F9DB35D-4A4E-4D94-A5D4-6A1B7E41BD3D}.exe {D5B50ED6-2BC7-471E-B54A-239F6CA644C3}.exe {CCB2EF3E-50F9-4811-B2E9-18575B069AF4}.exe {A286FBD8-4EFF-4727-AF80-54D8F2328D5A}.exe {5D13EA88-E25F-495C-9EEA-09621EAB93AD}.exe {43122F7D-ECCE-4CC7-BF1E-08B24B4A8AE0}.exe {5AAD614F-528C-4BD0-BB0A-AC296CA224A6}.exe {ABBC9624-47AE-4661-8C79-6543D25E6D8C}.exe {4D8C35E9-A490-411F-A413-8F7B082A22A3}.exe {73CB3942-C607-4E42-A55D-9FEFEFE3A6BF}.exe {DDEF6FFC-9F05-4640-A9FB-3D2611FA45B8}.exe {61C24DEF-D7D8-4204-9943-477B1D469F4F}.exe {63D8140A-33A5-4107-85B0-9A49F6C0CA5F}.exe {9AB9F6E2-9BFD-4F4B-9F28-8415942F505C}.exe {CA196E04-86A1-465F-A11E-4E701660F5AD}.exe {313B9332-1FB9-4DBB-97BD-542D8D8006BC}.exe {46992D1C-D2C7-432A-BBB7-95526C6163DB}.exe {8427B787-EAE1-4894-B02F-1E057C6DFA76}.exe {8ECF2976-0A83-4838-B4AB-D90C455B12F6}.exe {5193A5F3-0DC1-4522-85F2-59A241F743DF}.exe {F75F173B-9CB0-4B93-9D3A-1EA74CF636B4}.exe {F3EB3F68-C5E7-480A-A6CF-BE7B0AE6BB0C}.exe {8AC26F93-F38C-4F84-BF05-A6A0C2477BAC}.exe {592C729A-F037-43EE-AF2A-25234FA3F832}.exe {18920E20-70BA-4DD3-B7B5-B94695CF5445}.exe