Question

  • Creator
    Topic
  • #2151557

    Cleaning the SMSS Virus?

    Locked

    by sageauk ·

    How do I clean the smss virus. It is like it has deleted th association of windows and the Registry, msconfig and task manager
    Heres a copy of hijack this log
    ******************
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:09:54 PM, on 18/Jul/08
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Spyware Nuker\swnxt.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    D:\utorrent.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AccessDeny.exe
    C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
    C:\Program Files\ProxyPlus\ProxyPlus.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wdfmgr.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    d:\PROGRA~1\FREEDO~1\fdm.exe
    C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe
    C:\DOCUME~1\Server1\LOCALS~1\Temp\~e5d141.tmp
    C:\DOCUME~1\Server1\LOCALS~1\Temp\~e5d141.tmp
    C:\Program Files\AVG\AVG8\avgscanx.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
    R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.17.1:3128
    R1 – HKCU\Software\Microsoft\Windows\CuarrentVersion\Internet Settings,ProxyOverride = *.local
    O2 – BHO: AcroIEHlprObj Class – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 – BHO: WormRadar.com IESiteBlocker.NavFilter – {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} – C:\Program Files\AVG\AVG8\avgssie.dll
    O2 – BHO: SSVHelper Class – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 – BHO: FDMIECookiesBHO Class – {CC59E0F9-7E43-44FA-9FAA-8377850BF205} – D:\Program Files\Free Download Manager\iefdm2.dll
    O2 – BHO: (no name) – {CF9EC760-F79F-4C74-B17B-EDC8794E922E} – C:\WINDOWS\system32\wvUmMETl.dll (file missing)
    O4 – HKLM\..\Run: [EPSON Stylus Photo R220 Series (from BASE)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P42 “EPSON Stylus Photo R220 Series (from BASE)” /O5 “TS001” /M “Stylus Photo R220”
    O4 – HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 – HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h
    O4 – HKLM\..\Run: [ISTray] “C:\Program Files\Spyware Doctor\pctsTray.exe”
    O4 – HKCU\..\Run: [uTorrent] “D:\utorrent.exe”
    O4 – HKCU\..\Run: [Messenger (Yahoo!)] “C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” -quiet
    O4 – Global Startup: AccessDeny.exe
    O8 – Extra context menu item: Add to AMV Converter… – C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html
    O8 – Extra context menu item: Add to Media Manager… – C:\Program Files\MP3 Player Utilities 4.05\MediaManager\grab.html
    O8 – Extra context menu item: Download all with Free Download Manager – file://d:\Program Files\Free Download Manager\dlall.htm
    O8 – Extra context menu item: Download selected with Free Download Manager – file://d:\Program Files\Free Download Manager\dlselected.htm
    O8 – Extra context menu item: Download video with Free Download Manager – file://d:\Program Files\Free Download Manager\dlfvideo.htm
    O8 – Extra context menu item: Download with Free Download Manager – file://d:\Program Files\Free Download Manager\dllink.htm
    O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 – Extra button: (no name) – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 – Extra ‘Tools’ menuitem: Sun Java Console – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
    O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
    O16 – DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) – C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O17 – HKLM\System\CCS\Services\Tcpip\..\{28FF3796-C27F-4165-AF49-2395F9C396A6}: NameServer = 212.165.0.0,216.55.0.0
    O17 – HKLM\System\CCS\Services\Tcpip\..\{EF7B894D-8C1C-4A92-B7E2-695EC7FB445B}: NameServer = 192.168.0.0
    O18 – Protocol: intu-help-qb1 – {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} – D:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
    O18 – Protocol: linkscanner – {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} – C:\Program Files\AVG\AVG8\avgpp.dll
    O18 – Protocol: qbwc – {FC598A64-626C-4447-85B8-53150405FD57} – mscoree.dll (file missing)
    O20 – AppInit_DLLs: avgrsstx.dll
    O20 – Winlogon Notify: ljJASJax – ljJASJax.dll (file missing)
    O23 – Service: Apache2 – Apache Software Foundation – C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
    O23 – Service: AVG8 E-mail Scanner (avg8emc) – AVG Technologies CZ, s.r.o. – C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 – Service: AVG8 WatchDog (avg8wd) – AVG Technologies CZ, s.r.o. – C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 – Service: Fortech Proxy+ (ProxyPlus) – FORTECH Ltd. – C:\Program Files\ProxyPlus\ProxyPlus.exe
    O23 – Service: PC Tools Auxiliary Service (sdAuxService) – PC Tools – C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 – Service: PC Tools Security Service (sdCoreService) – PC Tools – C:\Program Files\Spyware Doctor\pctsSvc.exe


    End of file – 6327 bytes
    *********************************************
    Please help

All Answers

Viewing 1 reply thread