Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

downloader.exploit.64 virus

Status
Not open for further replies.
kayaboy

kayaboy

IS-IT--Management
Joined
Jan 8, 2003
Messages
49
Location
US
I'm having trouble removing a "Downloader.Exploit.64" virus...I've tried using Norton Anti-Virus, Ad-Aware, Spybot, AVG Anti-Spyware, XoftSpySE, Spyware Doctor, & Spyware Terminator---all to no avail. I've tried all of these in Safe Mode as well, still with no luck.
Pop-ups and more pop-ups...
Does anybody have any ideas on how to get rid of this pest?
any ideas would be greatly appreciated!!! :)
 
Sort by date Sort by votes
Removal


Also download hijackthis from the link below. Open it up, choose do a system scan and save a logfile and post it on here. Do not attempt to fix anything on it unless you know what your doing as not everything hijackthis shows is bad.


There is a point in wisdom and knowledge that when you reach it, you exceed what is considered possible - Jason Schoon
 
Upvote 0 Downvote
Here you go:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:15 PM, on 7/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ms053250882492007.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\M-Audio Audiophile USB\Dmn\ma003dmn.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Annette B. Garcia\Desktop\HiJackThis(2).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0C00F8C3-FC35-4CDA-AD9F-73CF14BDC96B} - C:\Program Files\Windows NT\vihylir83122.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: 0 - {F36E06E4-946C-47AC-9E90-C1C9808D6D27} - C:\Program Files\Outlook Express\zysifysin.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ms053250882492007] C:\WINDOWS\ms053250882492007
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Startup: TA_Start.lnk = C:\WINDOWS\sys018249325082007.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MA003DMN.LNK = C:\Program Files\M-Audio Audiophile USB\Dmn\ma003dmn.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} (QuickBooks Online Edition Utilities Class v9) - O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~2\SYMANT~1\Rtvscan.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O24 - Desktop Component 0: (no name) -
--
End of file - 7898 bytes
 
Upvote 0 Downvote
O2 - BHO: (no name) - {0C00F8C3-FC35-4CDA-AD9F-73CF14BDC96B} - C:\Program Files\Windows NT\vihylir83122.dll (file missing)

O2 - BHO: 0 - {F36E06E4-946C-47AC-9E90-C1C9808D6D27} - C:\Program Files\Outlook Express\zysifysin.dll (file missing)

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O24 - Desktop Component 0: (no name) -

Check these and click fix checked.

Then run a scan here

Also download ccleaner here and run it.


Also run this registry cleaner

Let us know the results.

There is a point in wisdom and knowledge that when you reach it, you exceed what is considered possible - Jason Schoon
 
Upvote 0 Downvote
Also think there's a Spyware forum intended for this kind of questions.

Cheers,
Dian
 
Upvote 0 Downvote
I would also suggest disabling system restore, reboot into safe mode and re-run your scans from there, on reboot, go into normal windows and re-run again to ensure they are gone. re-enable system restore when clean.

Examples of good antispyware apps are AVG Antispyware(Ewido), Prevx; they are quite aggressive.

Hope this helps.

"Windows: Just another pane in the glass.
 
Upvote 0 Downvote
Back your registry up before disabling Sys Restore to be safe. You can export it to your desktop & once your sure all is right, then delete the backup. Grisoft (aka Ewido) has excellent Anti-Virus/Spyware/Rootkit apps for free download @ Also, Lavasoft has recently come out with it's 2007 version of AdAware which includes a rootkit as well as a malware removal tool.
Bob
 
Upvote 0 Downvote
thanks for your help, everybody...unfortunately, i'm still having problems here. deleted the items, as instructed, in HijackThis, then when I ran the TrendMico virus scan all of the pop-ups came back...what to do?? I've tried running all of these apps in safe mode, to no avail...what to do???
 
Upvote 0 Downvote
go to tools, then folder options, click the view tab, click the circle to show hidden files and folders. Then uncheck the box to show windows system files, it will give you a warning just tell it yes.

Now restart in safe mode and run every program you have. Then disable and renable system restore.

There is a point in wisdom and knowledge that when you reach it, you exceed what is considered possible - Jason Schoon
 
Upvote 0 Downvote
See the detailed procedure mentioned at the end of this thread, you may be able to adapt and make use of it in your specific case.

problems with IE and explorer
thread779-1049037

More of the same here.

Special Spyware Removal Instructions

Download links.

Alternatively, back up your valuable data, format the drive and re-install XP.
 
Upvote 0 Downvote
Hey everybody----no more virus!!!!
Thanks for your time & assistance, it's greatly appreciated!!!
 
Upvote 0 Downvote
Great that you solved your problem. The next person who comes this way might like to know what finally got rid of the pest. As it is you've left us all wondering?
 
Upvote 0 Downvote
kayaboy...which method worked?--- pls let me know-- i have the same problem!!! thanks!
 
Upvote 0 Downvote
sorry smoothie681--i haven't been checking this site for awhile...as far as WHICH method worked, i don't actually remember to be quite honest--although i do remember that it was a combination of a.) running Hijack this, posting it, and deleting whatever Electronicsfreak told me to--which helped...and b.)one of the links in which Linney posted--not sure which, but there's a tool that cleaned up the rest of the mess. i would suggest running Hijackthis, posting it here, and go from there. sorry again for the delay, as i'm pretty sure you may have fixed it by now! :)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

dik
  • Locked
  • Question Question
Virus
Replies
15
Views
1K
dik
dik
Firebird Scrambler
  • Locked
  • Question Question
64 bit Windows 10 problems with the Procomm Plus tool
Replies
0
Views
739
Firebird Scrambler
Firebird Scrambler
kjv1611
  • Locked
  • Question Question
Downgrade Rights? Windows 10 64 bit to Windows 7 32 bit?
Replies
16
Views
740
xwb
xwb
cjbrown815
  • Locked
  • Question Question
Windows 7 32 bit or 64?
Replies
11
Views
451
cdogg
cdogg
moveit
  • Locked
  • Question Question
SAME SERIAL NUMBER FOR 32 & 64 BIT
Replies
10
Views
539
rclarke250
rclarke250

Part and Inventory Search

Sponsor

Back
Top