Topic: Virus Infected! PC check

[Intellisense]

mga kuya pa check aman po ng PC ko nawawala po folder options ko.. tpos sa folder ex. C:\PS ng crecreate po xa ng exe file na hitsurang folder pero exe xa na ang filename ay C:\PS\PS.exe gngya nya un folder kung nasan xa.. pg klik pu2nta sa my Doc.. e2 po HijackThis log file:


Logfile of HijackThis v1.99.1
Scan saved at 1:17:55 hapon na, on 08/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\DOCUME~1\ENGR~1.ARJ\LOCALS~1\Temp\200686203856_mcinfo.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\Other Users\Local Settings\Application Data\winlogon.exe
C:\Documents and Settings\Other Users\Local Settings\Application Data\services.exe
C:\Documents and Settings\Other Users\Local Settings\Application Data\lsass.exe
A:\hijackthis\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\eksplorasi.exe"
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ShellNew\bronstab.exe"
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\ENGR~1.ARJ\LOCALS~1\Temp\200686203856_mcinfo.exe /insfin
O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\Other Users\Local Settings\Application Data\smss.exe"
O4 - Startup: Empty.pif = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\wbsrv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe

[bodieph]

masyado na atang magulo ang system mo

first off, yung mga winlogon.exe, services.exe, and lsass.exe supposed to be sa windows yan na folder not documents and settings

pangalawa, etong msci, mcafee anti virus to pero nagtataka ako bakit nasa temp folder sya

all of which, seems to confirm there are indeed viruses in your pc

try to run an online scan, then run ewido anti malware AND/OR dr alex anti spyware (this is freeware). dr alex has a very high detection rate that it will even detect txt and pdf files containing malicious info within the document (which in the plain sense should be harmless since document lang yan)

then post a new log. lets see kung may improvement

----------
to be honest, im not sure if we will really be able to remove all the virus infection but lets try anyway. it might be better if we just save all necessary files then format the drive, start clean. that might be more convenient

also, try this. this might be easier for you. remove your hard drive and connect to to another pc that has updated protection (anti virus, anti spyware, etc)

scan the entire hard drive. anti virus first, remove all infections. then, anti spyware. after that, i suggest you backup necessary files by copying them to the other pc's hard drive.

insert the hard drive into your pc again and see if there is any improvement

[Intellisense]

tnx po try ko po toh

[Intellisense]

try ko n lng po magreformat sa ibng araw =( salamat po bossing

[xXPrinceXx]

Suggest ko lang bro kung need mo na talaga gamitin pc mo and kumpleto ka naman ng tools and easy na lang sayo  mag format I suggest format ur pc na para di ka na mahirapan mag alis ng mano mano or kalikutin pa ang pc mo which is taking too much time and nakakatorete ng isip na akala mo eh ok na tapos babalik na naman kasi nga nag execute na ang virus. Matitindi kasi mga hackers and programmers ngayon mas nagawa sila ng mahirap na virus para lalo silang machallenge at mapatunayan sa sarili nila na malupit talaga sila. Mas mahirap mag alis ng virus kesa gumawa ng virus para saking opinyon. Saglit lang naman magformat wala pang 1 hour tapos na yun nga lang talagang back to zero ka pero kung kumpleto naman lahat ng cd mo at may mga driver ka naman sa lahat easy lang yan bro pero kung san ka mas comfortable go for it. Suportahan taka ^_^ hope nakatulong din to la lang share lang lagi ako

[yakuini]

mga bosing bka matulungan nyo ako , meron ba kayang alam na anti virus na pang network , yng bang ma sscan ko yng PC nya kahit wala ako doon sa work station na gamit  , nya  saka bka meron din kayong alam na pam proxy server n pwdng i limit ang mga site


maraming salamat po.....

[ButtGravy]

pano po ba magpost ng new topic? may virus po kc PC ko.. or ipost ko nlng agd dito ung hijackthis logfile ko?

[KinG SaYoTe ©]

naku natamaan ka ng brontok virus, hirap tanggaling yan

[mc arthur]

medyo masakit ang virus na yan..
startup pa lng dini disable nya kagad ang antivirus mo pati ctrl alt del tanggal nya.
brontok nga naman oh.