Jump to content
Sign in to follow this  
Tuan Mazwan Misbah

What Is This?

Recommended Posts

Bro....saya ada masalah ngan pc sy r....setiap kali kalau klik my computer...desktop ngan otomatik nya x kuar...senang cite desktop tu mcm lumpuh r.....bila check guna tune up utilities process manager...saya ada terjumpa beberapa file yg mencurigakan lah dgn extension .dll...ianya opened by mljii.ape benda ni r...n one more...masa guna process manager tu juga..saya jumpa satu folder ngan nama burn.virus ke r.....mintak tolong puteranian sume...saya akan cuba untuk upload kat korang folder ni k

Share this post


Link to post
Share on other sites

ni link untuk folder burn...xtau r jd atau x aku upload ni. www.zeronetwork.110mb.com/upload/Burn.zip ..johnburn...sebentar ye...nk install hijackthis jap.jap lagi aku paste log

ok john...ni log...tlg check kan

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 11:38:37 AM, on 12/24/2007

Platform: Windows Vista (WinNT 6.00.1904)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\cFosSpeed\cfosspeed.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Aztech WL635USB Wireless B+G\TIWLANCu.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Windows\explorer.exe

C:\PROGRA~1\Mozilla Firefox\firefox.exe

C:\Program Files\TuneUp Utilities 2007\Integrator.exe

C:\Program Files\TuneUp Utilities 2007\ProcessManager.exe

C:\Windows\system32\Taskmgr.exe

C:\Windows\system32\NOTEPAD.EXE

F:\Setup\Other Software and Utilities\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\KILL_S~1\AppData\Local\Temp\hgdda.dll,#1

O4 - HKCU\..\Run: [accecb76] rundll32.exe "C:\Users\KILL_S~1\AppData\Local\Temp\tnmppjqs.dll",b

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\KILL_S~1\AppData\Local\Temp\mljii.dll,c

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Aztech WL635USB Wireless B+G Utility.lnk = C:\Program Files\Aztech WL635USB Wireless B+G\TIWLANCu.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O13 - Gopher Prefix:

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe

O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)

O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)

--

End of file - 4434 bytes

Share this post


Link to post
Share on other sites

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\KILL_S~1\AppData\Local\Temp\hgdda.dll,#1

O4 - HKCU\..\Run: [accecb76] rundll32.exe "C:\Users\KILL_S~1\AppData\Local\Temp\tnmppjqs.dll",b

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\KILL_S~1\AppData\Local\Temp\mljii.dll,c

O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)

O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)

--

End of file - 4434 bytes

untuk prob tu, fix yang nie dulu..

Share this post


Link to post
Share on other sites

aku dh fix n aku dh restart pc aku....ni log yg baru

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 12:00:51 PM, on 12/24/2007

Platform: Windows Vista (WinNT 6.00.1904)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\cFosSpeed\cfosspeed.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Aztech WL635USB Wireless B+G\TIWLANCu.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Windows\System32\rundll32.exe

C:\PROGRA~1\Mozilla Firefox\firefox.exe

F:\Setup\Other Software and Utilities\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\KILL_S~1\AppData\Local\Temp\mljii.dll,c

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Aztech WL635USB Wireless B+G Utility.lnk = C:\Program Files\Aztech WL635USB Wireless B+G\TIWLANCu.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O13 - Gopher Prefix:

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe

O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)

O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)

--

End of file - 4121 bytes

Share this post


Link to post
Share on other sites
  • Download Vundo Fix dan savekan ke desktop.
  • Double-click VundoFix.exe untuk menjalankannya.
  • Click butang Scan for Vundo.
  • Selepas selesai proses scanning, click butang Remove Vundo.
  • Ikuti arahan yg keluar.
  • Sila paste C:\vundofix.txt dan log hijackthis yg baru.

Share this post


Link to post
Share on other sites

  • Download Vundo Fix dan savekan ke desktop.
  • Double-click VundoFix.exe untuk menjalankannya.
  • Click butang Scan for Vundo.
  • Selepas selesai proses scanning, click butang Remove Vundo.
  • Ikuti arahan yg keluar.
  • Sila paste C:\vundofix.txt dan log hijackthis yg baru.

bro...utiliti ni bleh pakai ke kat vista r...

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...