I Need Help. (spyware or virus) - Printable Version
-Shoutbox (https://shoutbox.menthix.net)
+-- Forum: MsgHelp Archive (/forumdisplay.php?fid=58)
+--- Forum: Skype & Technology (/forumdisplay.php?fid=9)
+---- Forum: Tech Talk (/forumdisplay.php?fid=17)
+----- Thread: I Need Help. (spyware or virus) (/showthread.php?tid=66780)
I Need Help. (spyware or virus) by Lourix on 09-29-2006 at 03:52 PM
Well my Anti Virus picked up 4 spyware or virus it couldn't decide and it couldn't move them into quarrintine. Also this spyware/virus has gotten too one of my accounts on the computer therefore everytime I log in on that account it freezes Do you guys have any ideas?
Here is the report:
//-----------------------------------------------------------------
//
// Product: BitDefender 9 Standard
// Version: 9.5
//
// Created on: 29/09/2006 17:50:54
//
//-----------------------------------------------------------------
Statistics
Scan path : C:\
Folders : 66
Files : 458
Archives : 27
Packed files : 3
Identified viruses : 4
Infected files : 0
Warnings : 0
Suspect files : 0
Disinfected files : 0
Deleted files : 0
Copied files : 0
Moved files : 0
Renamed files : 0
I/O errors : 1
Scan time : 00:01:09
Scan speed (files/sec) : 6
Spyware Statistics
Memory processes scanned : 16
Memory processes infected : 0
Registry keys scanned : 1643
Registry keys infected : 18
Cookies scanned : 0
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 4
Virus definitions : 486994
Scan plugins : 15
Archive plugins : 41
Unpack plugins : 6
Mail plugins : 6
System plugins : 5
Scan options
Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email
File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;
Action
Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user
Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user
Scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\Program Files\Softwin\BitDefender9\Logs\vscan_1159545054.log
Spyware scan options
[X] Memory Processes
[X] Registry keys
[X] Cookies
Summary:
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MSAGENT\PARAMETERS\ServiceExe=>C:\WINDOWS\SECURITY\MSAGENT.EXE Detected: Backdoor.Servu.AJ
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MSAGENT\PARAMETERS\ServiceExe=>C:\WINDOWS\SECURITY\MSAGENT.EXE Disinfection failed
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MSAGENT\PARAMETERS\ServiceExe=>C:\WINDOWS\SECURITY\MSAGENT.EXE Move failed
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MSAGENT\ImagePath=>C:\WINDOWS\SECURITY\FIREDAEMON.EXE Detected: Trojan.Pakes.1
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MSAGENT\ImagePath=>C:\WINDOWS\SECURITY\FIREDAEMON.EXE Disinfection failed
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MSAGENT\ImagePath=>C:\WINDOWS\SECURITY\FIREDAEMON.EXE Move failed
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NETCLIENT\PARAMETERS\ServiceExe=>C:\WINDOWS\SECURITY\NETCLIENT.EXE Detected: Application.Tool.Netcat.A
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NETCLIENT\PARAMETERS\ServiceExe=>C:\WINDOWS\SECURITY\NETCLIENT.EXE Disinfection failed
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NETCLIENT\PARAMETERS\ServiceExe=>C:\WINDOWS\SECURITY\NETCLIENT.EXE Move failed
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NETCLIENT\ImagePath=>C:\WINDOWS\SECURITY\FIREDAEMON.EXE Detected: Trojan.Pakes.1
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NETCLIENT\ImagePath=>C:\WINDOWS\SECURITY\FIREDAEMON.EXE Disinfection failed
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NETCLIENT\ImagePath=>C:\WINDOWS\SECURITY\FIREDAEMON.EXE Move failed
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSECURE\PARAMETERS\ServiceExe=>C:\WINDOWS\SECURITY\WINSECURE.EXE Detected: Backdoor.Iroffer.1227.D
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSECURE\PARAMETERS\ServiceExe=>C:\WINDOWS\SECURITY\WINSECURE.EXE Disinfection failed
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSECURE\PARAMETERS\ServiceExe=>C:\WINDOWS\SECURITY\WINSECURE.EXE Move failed
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSECURE\ImagePath=>C:\WINDOWS\SECURITY\FIREDAEMON.EXE Detected: Trojan.Pakes.1
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSECURE\ImagePath=>C:\WINDOWS\SECURITY\FIREDAEMON.EXE Disinfection failed
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSECURE\ImagePath=>C:\WINDOWS\SECURITY\FIREDAEMON.EXE Move failed
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\MSAGENT\PARAMETERS\ServiceExe=>C:\WINDOWS\SECURITY\MSAGENT.EXE Detected: Backdoor.Servu.AJ
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\MSAGENT\PARAMETERS\ServiceExe=>C:\WINDOWS\SECURITY\MSAGENT.EXE Disinfection failed
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\MSAGENT\PARAMETERS\ServiceExe=>C:\WINDOWS\SECURITY\MSAGENT.EXE Move failed
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\MSAGENT\ImagePath=>C:\WINDOWS\SECURITY\FIREDAEMON.EXE Detected: Trojan.Pakes.1
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\MSAGENT\ImagePath=>C:\WINDOWS\SECURITY\FIREDAEMON.EXE Disinfection failed
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\MSAGENT\ImagePath=>C:\WINDOWS\SECURITY\FIREDAEMON.EXE Move failed
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETCLIENT\PARAMETERS\ServiceExe=>C:\WINDOWS\SECURITY\NETCLIENT.EXE Detected: Application.Tool.Netcat.A
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETCLIENT\PARAMETERS\ServiceExe=>C:\WINDOWS\SECURITY\NETCLIENT.EXE Disinfection failed
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETCLIENT\PARAMETERS\ServiceExe=>C:\WINDOWS\SECURITY\NETCLIENT.EXE Move failed
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETCLIENT\ImagePath=>C:\WINDOWS\SECURITY\FIREDAEMON.EXE Detected: Trojan.Pakes.1
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETCLIENT\ImagePath=>C:\WINDOWS\SECURITY\FIREDAEMON.EXE Disinfection failed
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\NETCLIENT\ImagePath=>C:\WINDOWS\SECURITY\FIREDAEMON.EXE Move failed
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSECURE\PARAMETERS\ServiceExe=>C:\WINDOWS\SECURITY\WINSECURE.EXE Detected: Backdoor.Iroffer.1227.D
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSECURE\PARAMETERS\ServiceExe=>C:\WINDOWS\SECURITY\WINSECURE.EXE Disinfection failed
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSECURE\PARAMETERS\ServiceExe=>C:\WINDOWS\SECURITY\WINSECURE.EXE Move failed
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSECURE\ImagePath=>C:\WINDOWS\SECURITY\FIREDAEMON.EXE Detected: Trojan.Pakes.1
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSECURE\ImagePath=>C:\WINDOWS\SECURITY\FIREDAEMON.EXE Disinfection failed
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\WINSECURE\ImagePath=>C:\WINDOWS\SECURITY\FIREDAEMON.EXE Move failed
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\MSAGENT\PARAMETERS\ServiceExe=>C:\WINDOWS\SECURITY\MSAGENT.EXE Detected: Backdoor.Servu.AJ
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\MSAGENT\PARAMETERS\ServiceExe=>C:\WINDOWS\SECURITY\MSAGENT.EXE Disinfection failed
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\MSAGENT\PARAMETERS\ServiceExe=>C:\WINDOWS\SECURITY\MSAGENT.EXE Move failed
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\MSAGENT\ImagePath=>C:\WINDOWS\SECURITY\FIREDAEMON.EXE Detected: Trojan.Pakes.1
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\MSAGENT\ImagePath=>C:\WINDOWS\SECURITY\FIREDAEMON.EXE Disinfection failed
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\MSAGENT\ImagePath=>C:\WINDOWS\SECURITY\FIREDAEMON.EXE Move failed
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\NETCLIENT\PARAMETERS\ServiceExe=>C:\WINDOWS\SECURITY\NETCLIENT.EXE Detected: Application.Tool.Netcat.A
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\NETCLIENT\PARAMETERS\ServiceExe=>C:\WINDOWS\SECURITY\NETCLIENT.EXE Disinfection failed
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\NETCLIENT\PARAMETERS\ServiceExe=>C:\WINDOWS\SECURITY\NETCLIENT.EXE Move failed
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\NETCLIENT\ImagePath=>C:\WINDOWS\SECURITY\FIREDAEMON.EXE Detected: Trojan.Pakes.1
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\NETCLIENT\ImagePath=>C:\WINDOWS\SECURITY\FIREDAEMON.EXE Disinfection failed
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\NETCLIENT\ImagePath=>C:\WINDOWS\SECURITY\FIREDAEMON.EXE Move failed
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\WINSECURE\PARAMETERS\ServiceExe=>C:\WINDOWS\SECURITY\WINSECURE.EXE Detected: Backdoor.Iroffer.1227.D
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\WINSECURE\PARAMETERS\ServiceExe=>C:\WINDOWS\SECURITY\WINSECURE.EXE Disinfection failed
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\WINSECURE\PARAMETERS\ServiceExe=>C:\WINDOWS\SECURITY\WINSECURE.EXE Move failed
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\WINSECURE\ImagePath=>C:\WINDOWS\SECURITY\FIREDAEMON.EXE Detected: Trojan.Pakes.1
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\WINSECURE\ImagePath=>C:\WINDOWS\SECURITY\FIREDAEMON.EXE Disinfection failed
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\WINSECURE\ImagePath=>C:\WINDOWS\SECURITY\FIREDAEMON.EXE Move failed
RE: I Need Help. by MeEtc on 09-29-2006 at 03:55 PM
boot in safe mode, then redo your virus scan. It should be able to pick it up and remove it then
when booting, before the Windows logo appears, hold down the F8 key. select Safe Mode when the list comes up.
RE: I Need Help. by Lourix on 09-29-2006 at 03:57 PM
How would this make a difference?
RE: I Need Help. by MeEtc on 09-29-2006 at 04:01 PM
the scanner probably cannot remove it because it is running. booting in safe mode will only enable the most basic things that windows needs to run, not including your spyware. you will then be able to remove it.
RE: I Need Help. by Lourix on 09-29-2006 at 04:03 PM
Ok thanks I'll try it.
Edit:
Nope my Anti Virus won't load in safe mode and after I went back to normal mode My internet had to be shut down because it encountered a problem with Firedaemon.
RE: I Need Help. (spyware or virus) by Dr4g0n on 09-29-2006 at 04:43 PM
Get a better anti-virus that does. That's the best advice I can give you.
RE: I Need Help. (spyware or virus) by Lourix on 09-29-2006 at 04:53 PM
It would be good advice if my computer wouldn't stop freezing on me. Also I can't install anything without it freezing and look at this:
It keeps popping up at start up
RE: I Need Help. (spyware or virus) by MeEtc on 09-29-2006 at 05:08 PM
hmm, do a HijackThis log, and ATTACH it as a file
Get HijackThis
RE: I Need Help. (spyware or virus) by Chris4 on 09-29-2006 at 06:17 PM
On 'Infected objects', select 'delete'.
But better advise would be to get AVG Anti-virus Free, update it and then search.
As for spyware, download Ad-Aware SE Personal Edition
RE: I Need Help. (spyware or virus) by Lourix on 09-30-2006 at 06:46 AM
Well I updated AVG Anti-Virus scanned with it and it didn't pick anything so im trying that Ad-Adware thing.
RE: I Need Help. (spyware or virus) by Adeptus on 10-01-2006 at 04:45 PM
You can also try NOD32. I've heard of several times where it has saved the day after other antivirus products failed to detect and/or remove the malware. The 30-day free trial version is fully functional.
Of course, there is always the option to back up your data and format / reinstall Windows.
RE: I Need Help. (spyware or virus) by newbiesecurity on 11-21-2006 at 06:39 AM
There are a couple things you can try. If you are running Windows XP you can try rolling back to the last known good system restore point.
Start->Accessories->System Tools->System Restore
You may be able to rollback your system to a point before it was infected. You will probably lose some data that was saved between your last system restore point and today.
If that is not an option, boot into "Safe mode with networking" and download AntiVir. I have had pretty good luck with that. You might also try "Spybot: Search and Destroy" spyware remover, which is free.
Several of the for-fee vendors offer free online scanning tools. Just search for "online virus scan" or "online spyware scan" in Google. Use these tools to get the name of the malware infecting your system and then search for a free removal tool for that pest. Many of the for-fee vendors offer free removal tools for the nastier pests.
Do you have any idea how you caught the pest? If you use IE for browsing, you might consider using Firefox or Opera.
I have written an article about spyware that you might find useful.
http://www.newbiesecurity.com/spyware.html
RE: I Need Help. (spyware or virus) by Spunky on 11-22-2006 at 12:46 AM
Find the suspect files using BitDefender (I use it too and it's shit for deleting files). Then download Unlocker (haven't got a URL). remove the files and then search the registry for entries with the samne types of names (FIREDAEMON.EXE as an example).
Thats how I usually fix mine
RE: I Need Help. (spyware or virus) by MicroWay on 11-22-2006 at 01:19 AM
quote: Originally posted by newbiesecurity
Several of the for-fee vendors offer free online scanning tools.
An example of Free online scan is Panda or on Norton site, but that last one no soo certain...
Edit: If the link is in Portuguese, tell me and I will find an english version!!!
Edit 2: Good ideas of programs you gave me... I'll take note of that
RE: I Need Help. (spyware or virus) by davidpolitis on 11-22-2006 at 08:12 AM
I found this, hope it helps.
You can also try looking here.
RE: I Need Help. (spyware or virus) by Wally on 12-03-2006 at 12:21 PM
hey being a computer repairer i think i can help you go to www.iobit.com and download advanced windows care personal this will clean ur computer intil you can find an antivirus/spyware remover i highly suggest mcafee from a repaireres point of view and trust me advanced windows care is a great peice of software
|