Nasty Virus need Help Badly!

poker_pro_at_hotmail.com
Date: 01/10/05

• Next message: poker_pro_at_hotmail.com: "Re: Registry monitor detects repetitive useless softmodem (agere)"
• Previous message: CGB: "Re: Quick review of MS AntiSpywear reputed functionality"
• Next in thread: Malke: "Re: Nasty Virus need Help Badly!"
• Reply: Malke: "Re: Nasty Virus need Help Badly!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sun, 9 Jan 2005 23:13:02 -0800

Hi Good People,

 I have had problems like never b4 on my PC, it seems that when I try to use
my "search" function it just hangs.the lil hour glass keeps turning and
turning and the page never fully loads. When I tried to enter my System
Restore its almos the same kinda thing, it wont let me access the controls to
shut it off.
 I will leave a Hijack Log and if anyone can answer or help me God Bless you!

            Virus: Trojan.Downloader.Small.VL
Status: Deletion Failed
C:\WINDOWS\system32\CISVCS.EXE=>(NSIS o)=>zlib_nsis0004

Virus: Trojan.PWS.Bispy
Status: Deletion Failed
C:\WINDOWS\system32\CISVCS.EXE=>(NSIS o)=>zlib_nsis0005
and heres my hjt....THANKS SO VERY MUCH!!!!

   the Hijack is as follows!

                             Logfile of HijackThis v1.99.0
Scan saved at 4:43:26 PM, on 1/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\DOCUME~1\Admin\LOCALS~1\Temp\A~NSISu_.exe
C:\WINDOWS\system32\cidaemon.exe
C:\DOCUME~1\Admin\LOCALS~1\Temp\B~NSISu_.exe
C:\DOCUME~1\Admin\LOCALS~1\Temp\C~NSISu_.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\hijack\HijackThis.exe

R3 - URLSearchHook: CnfSearch Class - {D7CD08F0-D691-11D8-9669-0800200C9A66}
- C:\WINDOWS\System32\ConfuSearch.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} -
C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [Ink Monitor] C:\PROGRA~1\EPSON\INKMON~1\InkMonitor.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft
Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program
Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD
Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Music Match Jukebox] MMJukebox.exe
O4 - HKLM\..\RunServices: [Music Match Jukebox] MMJukebox.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Symantec NetDriver Monitor]
C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM
Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search the Web - C:\WINDOWS\Web\Ers_src.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program
Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION -
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: IMAPI CD-Burning COM Service - Roxio Inc. -
C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

                        
             
                  

---

• Next message: poker_pro_at_hotmail.com: "Re: Registry monitor detects repetitive useless softmodem (agere)"
• Previous message: CGB: "Re: Quick review of MS AntiSpywear reputed functionality"
• Next in thread: Malke: "Re: Nasty Virus need Help Badly!"
• Reply: Malke: "Re: Nasty Virus need Help Badly!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)