Geekz Virus Remover V4.1 Full Release...

[creamze 0]

mcm mana nak g kat file tu ajar skit,ak ni bukan tau sgt2 pasal run2 nih

[Geekspro 0]

makin hari makin ganaz plak virus ni...tapi x pe kalau ade org yg mcm aponie...sama2 kita membantu dengan menghantar sampel virus...

[creamze 0]

mcm mana nak g kat file tu ajar skit,ak ni bukan tau sgt2 pasal run2 nih

[demonic 0]

Naper erkkk... aku dah down n dah run... tapi tekan scan tak ada apa2 berlaku pun.... dia cam malas jer...

[class_sick 3]

ais krim,ko buka My Computer,pastu ko taip C:\WINDOWS\ ...

pastu ko cari file iexplorer.exe

tp pastikan ko dah show hidden folder sbb klo virus nie kdang2 dia pandai main nyorok2...

pastu sblm ko upload file tu,ko ZIP kan dulu...

thanks

[creamze 0]

TAKDE LE...MAYBE DAH DELETE KOT...SEBAB TD NOD32 DETECT VIRUS NI TAPI DIE TULIS UNKNOWN,TAPI TAK CKP PUN DIE DAH DELETE

[class_sick 3]

kempunan aponie nnt...hehehe...

[pgc9286 0]

Bro tlg bro aku ni jahil skit dlm virus ni. Cuba tgk bro ada suspek dak kat dlm logfile ni?

TQ bro!!!!

Logfile of HijackThis v1.99.1

Scan saved at 11:25:01 PM, on 08/09/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\wgp.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Program Files\ABIT\ABIT uGuru\uGuru.exe

C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files\CursorXP\CursorXP.exe

C:\WINDOWS\system32\slserv.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\DAP\DAP.EXE

C:\DOCUME~1\MR7AC3~1.HAZ\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://sg.rd.yahoo.com/customize/ie/defaul...arch.yahoo.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearflix.com/intl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sg.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://sg.rd.yahoo.com/customize/ie/defaul...arch.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://sg.rd.yahoo.com/customize/ie/defaul...arch.yahoo.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://sg.rd.yahoo.com/customize/ie/defaul...arch.yahoo.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [WinGuard Pro] C:\WINDOWS\system32\wgp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM

O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"

O4 - HKCU\..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exe

O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://jumboplay.bluehyppo.com/class/DragonbackCtl.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{F75FD84B-1385-4740-B28E-6D654C1F087D}: NameServer = 202.188.0.133,202.188.1.5

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

[razirazo 24]

TAKDE LE...MAYBE DAH DELETE KOT...SEBAB TD NOD32 DETECT VIRUS NI TAPI DIE TULIS UNKNOWN,TAPI TAK CKP PUN DIE DAH DELETE

mcafee pun buat camtu.bersalahkah tool tu?

tp,yang aku pelik ni,mmber aku punya pc tak boleh execute tool tu, kom tu kata ada .dll missing.

korang ada kena camtu tak?

[ApoNie 0]

file dll apa hilang? spesifikkan nama dia.. kalau pc ko leh execute, pc member ko xleh, ko carik file .dll yang hilang tu kat folder system32 pahtu paste kat komputer member ko dalam system32..

[ApoNie 0]

NEW UPDATED:

skrang nie ada real time scan, klik hide untuk real time scan.. dia akan hide lebihkurang cam virus gak.. kalau ada virus dia akan kuar balik.. kalau ada maslah, beritau aku..

[Geekspro 0]

NEW UPDATED:

skrang nie ada real time scan, klik hide untuk real time scan.. dia akan hide lebihkurang cam virus gak.. kalau ada virus dia akan kuar balik.. kalau ada maslah, beritau aku..

tahniah kat aponie...nanti aku download...

[atomic98 1]

Bro ApoNie, bila v3.1 nak boleh delete autorun.inf nih,

dah tak sabar nih..hehehe

sekadar cadangan:

kalau pakai pav contohnya,

dia akan delete terus fail autorun tuh,

so boleh tak bro ApoNie buat kan GeeKz_Remover_V3.1 bg pilihan

kepada pengguna supaya nak delete terus atau sebagainya.

kenapa nak buat fungsi nih?

"sebab saya suka letak ikon kat pd atau partition saya."

*defaul set delete la..

[atomic98 1]

Bro ApoNie, kenapa bila click kill all process atau Repair Registery pastu dia akan buka my documents dan Folder.

[ApoNie 0]

cadangan tu nanti aku buat ari sabtu nie.. skrang sibukk..

yang version skrang dah leh detect autorun.inf sekali delete file yang diaktifkan oleh autorun tu..

yang bukak my documents dan Folder tu sebab aku kill explorer, jadik aku kena call explorer balik.. disebabkan ada sesetengah pc yang x auto call explorer bila process explorer tu di kill, jadik aku terpksa buat jugak untuk fungsi call explorer.. jangan risau, xder per2 pon kalau kluar benda tu..

"sebab saya suka letak ikon kat pd atau partition saya."

*defaul set delete la..

aku xfaham maksud hang.. nak suruh aku buat apa sebenarnya??

kalau ada apa2 cdangan lagi, beritau ahh.. aku leh usahakan..

[atomic98 1]

aku suka letak ikon kat pd guna autorun.inf,

so kalau GeeKz_Remover_V3.1 delete terus fail autorun.inf tuh,

hilang la ikon macho aku kat pd tuh..huhuhuhu..

tak faham maksud aku tuh ka? maksud aku tuh,

set default GeeKz_Remover_V3.1 untuk delete fail autorun.inf,

tapi kalau pengguna tak mau, depa boleh set secara menual supaya fail tuh tak di delete selepas scan.

harap faham la norkh.. banyak songeh plak aku..huhuhuhu..

a'ah, bro cakap version skrg dah boleh kesan autorun.inf,

baru je tadi aku try tak dapat kesan pun fail autorun tuh,

ke bro tak upload lagi version terbaru kat komputer bro tuh? hehehe

[ApoNie 0]

bereh.. aku leh buat..

file autorun tu autmatik scan delete, tapi x inform user yang file autorun tu dah di delete.. tp mungkin nanti aku buat tool nie lebih free user.. tp ari sabtu nie aku buat kot.. sebab minggu nie aku ada test... bahaya kalau aku start buat, sebab bila aku start coding, memang aku x ingat dunia dahh.. ohkhokhooh..

[LanoV 22]

Tahniah Aponie... cuma interface dia kasi lagi lawa.. baru best!

[ApoNie 0]

thankss.. pasal interface tu, nanti aku usahakan.. skrang nie aku lebih tumpu camner nak "kemas"kan tool nie.. masih banyak benda lagi aku xtahu pasal virus nie.. kalau ada saper2 nak syare knowledge amat dialukan...

p/s: aku bab design nie xberapa terer.. aku suka benda abstract, jadik mana2 karya aku memang susah nak 'lari' dari benda tu..

[atomic98 1]

Tahniah Aponie... cuma interface dia kasi lagi lawa.. baru best!

tak lawa tak apa, janji power..

budak it bukan gheti duk design lawa2..hahaha..

nanti suh Bro ApoNie ambik kursus 3D kat hang,

pastu Wat GeeKz_Remover_V3D.

ApoNie, kalau dah siap GeeKz_Remover_V3.1 yg boleh delete autorun.inf info kat sinih la..

..aku menunggu GeeKz_Remover hang..

[hairulfadly 27]

ko buat remover ni guna perisian ape Aponie ?

guna VB ke ?

coding dia best tak ?

[ApoNie 0]

yap.. vb6.. coding dia tu aku xtahu ahh best ke tak.. aku pakat "hentam" jer ikut ilmu yang aku ada.. kalau aku kata besh, nanti cam syok sendri plak...

[Geekspro 0]

wahhh...aponie ko boleh jadi pengganti alternator ni...

[class_sick 3]

boleh running kat vista x?

[razirazo 24]

aponie,best lar ko punya tool.boleh dapat phd ni!haha...

tapikan,boleh tak ko tambah function untuk update,maknanya ko tambah satu button yang membolehkan benda tu donlot@update version terbaru dengan one click jer?kalu buat camni,rasenye penggunaan tool berharga ni akan jadik lagi luas,tak terbatas kepada ssesiapa yang selalu on kat putera jer...

lagisatu,tool ni boleh jalan kat sistem yang dah dijangkiti virus yang deny semua fail .exe ke?

!!!!opp,tambah lagi satu,kalo boleh ko buatlar sekali function untuk upload virus baru@autorun...(kalo boleh,aku cakap je.aku tak tau sangat pasal vb nih.)

Edited September 12, 2007 by razi_90@IBM thinkcentre