Create a boot disk, then A: Format C: Virus gone! :D Me, I just have a free, never ending subscription to Nortan anti virus 10, corporate edition. >_> Nyuk nyuk.
Do you intentionally try to offend me or something? If so, I find it laughable. I know how that trick is done, and it is a usability/debugging feature (and a great way to prank someone). I'm sure the same thing can be done in Linux (and if not, then I pity people debugging apps on Linux. Wait, I already pity them, having done it myself...)
I for one am not a big fan of linux, i am happy its there to break total monopoly of anyone who tries it (because its free and all) but besides that i don't like it as a os...
I likes Kaspersky. It's one of the strongest utilities. Not sure if it will remove viruses in the free demo though.
Give me one example where having a DLL force-loaded into every application automatically as they start could be productive.
You're gonna have to be more specific than that. Last time I checked, Visual Studio doesn't shove a DLL into every running application to debug one program.
I won't be more specific, as it can be exploited. It is designed to allow you to redirect an application's output to be redirected to the jit debugger for example. The side effect is that you can redirect the application to start some other app...for example, I can make opening hl2.exe always start up calc.exe. Can be abused, but is also very useful when working on debugging apps in Windows - especially if you cannot start those apps from the debugger. And yes, debugging an app using VS will cause extra DLLs to load.
I did a run with hijack this, since the spybot didn't remove the trojan it seems.. Or I've got a new somehow. Anyway, log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1489, on 2009-02-28 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program\Bonjour\mDNSResponder.exe C:\Program\Cepstral\bin\CepstralLicSrv.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program\F-Secure\Anti-Virus\fsgk32st.exe C:\Program\F-Secure\Common\FSMA32.EXE C:\Program\F-Secure\Anti-Virus\FSGK32.EXE C:\Program\F-Secure\Common\FSMB32.EXE C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program\F-Secure\Common\FCH32.EXE C:\Program\F-Secure\Common\FAMEH32.EXE C:\Program\F-Secure\Anti-Virus\fsqh.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe c:\Program\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\Program\F-Secure\Common\FNRB32.EXE C:\Program\F-Secure\Anti-Virus\fssm32.exe C:\Program\F-Secure\Common\FIH32.EXE C:\Program\F-Secure\FSAUA\program\fsaua.exe C:\Program\F-Secure\Anti-Virus\fsav32.exe C:\WINDOWS\Explorer.EXE C:\Program\TortoiseSVN\bin\TSVNCache.exe C:\Program\F-Secure\Common\FSM32.EXE C:\Program\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE C:\Program\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program\Logitech\Video\LogiTray.exe C:\WINDOWS\CTHELPER.EXE C:\Program\FarStone\GameDrive\GDP\GDTask.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program\F-Secure\FSGUI\fsguidll.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\DAEMON Tools\daemon.exe C:\Program\Spybot - Search & Destroy\TeaTimer.exe C:\Program\PC Connectivity Solution\ServiceLayer.exe C:\FRAPS\FRAPS.EXE C:\Program\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaUI.exe C:\Program\Logitech\Video\FxSvr2.exe C:\WINDOWS\system32\imapi.exe C:\WINDOWS\system32\rundll32.exe C:\Program\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe C:\Program\Java\jre1.6.0_02\bin\jucheck.exe C:\Program\MSN Messenger\msnmsgr.exe C:\Program\MSN Messenger\usnsvc.exe C:\Program\Steam\Steam.exe C:\Program\Internet Explorer\iexplore.exe C:\Program\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [CTDVDDET] C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [DVDLauncher] "C:\Program\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [GameDrive] "C:\Program\FarStone\GameDrive\GDP\GDTask.exe" /AutoRestore O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [804f4c97] rundll32.exe "C:\WINDOWS\system32\rpiwdfvo.dll",b O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Program\Logitech\Video\ManifestEngine.exe boot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program\DAEMON Tools\daemon.exe" -autorun O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [uTorrent] "C:\Program\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: GN-WP01GS Utility.lnk = C:\Program\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaUI.exe O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaUI.exe O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: vjhpgj.dll splmgp.dll lwocgu.dll yddszt.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program\Bonjour\mDNSResponder.exe O23 - Service: Cepstral License Server - Cepstral, LLC - C:\Program\Cepstral\bin\CepstralLicSrv.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program\F-Secure\Common\FNRB32.EXE O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program\F-Secure\FSAUA\program\fsaua.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\F-Secure\Common\FSMA32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe -- End of file - 9933 bytes Anyone know what to fix?
DAMNIT!!! DID YOU TRY MALWAREBYTES YET? MALWAREBYTES EXCELS AT REMOVING THIS KIND OF STUFF. WHY WONT YOU LISTEN TO ME!!!
Cause everyone is saying that their anti-virus is better than X while another guy says that X is worse than Y?
And people keep saying norton sucks without explaining why. Symantec has made some bad products (and I mean REALLY bad) but if you just get a plain AV scanner, it works great.
http://hijackthis.de/en I would fix the following entries: O4 - HKLM\..\Run: [804f4c97] rundll32.exe "C:\WINDOWS\system32\rpiwdfvo.dll",b O20 - AppInit_DLLs: vjhpgj.dll splmgp.dll lwocgu.dll yddszt.dll
Those AppInit_DLLs are exactly what I was talking about earlier. It's just so easily abusable, and I still dont see a point to it. I can see why someone might want to make 1 program force-load a dll, but why every program running on the system? Oh, and good luck removing those if the malware continually refreshes the registry entries, like the one I dealt with
Spybot Serch and Destroy. Hands down, if there is a virus on ur pc it will find it. Its free as well and superb :D http://www.safer-networking.org/index2.html