Video ax obj - Free Antivirus Forum

Video ax obj

BullGuard Antivirus Forum > Bullguard zone > BullGuard Trial users > Video ax obj

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

hotboyz02
New Member

Date Joined May 2007
Total Posts : 2

Posted 5-3-2007 6:55 (GMT +1)

I have the video ax obj malware on my pc and have been trying to remove it all day long. finally after 12 hrs i think you all have been successful in helping me. I read a previous posting and followed the directions for the removal jumpin

I also tried the killbox method of download ing and installing and launching from my desktop but this does not work. it also can potentially kill your active desktop if you are not careful. I have never posted a thread this is my first time. after successfully completing(I think) the removal i am going to tell everyone i know about this wonderful website so we can contribute to to. After using the video ax removal instructions i however cannot restore my orginial default homepage and also could someone tell me if i have actually really removed this sypware/malware? thanks to all let's all help each other.

(PEACE)

SmitFraudFix v2.174

Scan done at 1:14:57.60, Thu 05/03/2007
Run from C:\Documents and Settings\USER\Desktop\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINNT\system32\dxovx.dll Deleted
Problem while deleting C:\Program Files\Video AX Object\

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: 3Com EtherLink PCI
DNS Server Search Order: 192.168.15.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{C08036F9-1B6D-4798-99DB-0A6C7168E888}: DhcpNameServer=192.168.15.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C08036F9-1B6D-4798-99DB-0A6C7168E888}: DhcpNameServer=192.168.15.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{C08036F9-1B6D-4798-99DB-0A6C7168E888}: DhcpNameServer=192.168.15.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.15.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.15.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.15.1

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Reboot

Problem while deleting C:\Program Files\Video AX Object

»»»»»»»»»»»»»»»»»»»»»»»» End

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13812

Posted 5-3-2007 7:01 (GMT +1)

Hi hotboyz02 smile

It looks like You still have the infection, therefore proceed as follows -

Click here - ->> Before posting a log

After You have run the scan tools -

Reboot normally

Post AVG Antispyware log along with hijackthis log

in this thread and tell how things are running

Do NOT post your problem in someone elses thread.

Start a new topic so that it may receive proper attention.

Member of - Alliance of Security Analysis Professionals

hotboyz02
New Member

Date Joined May 2007
Total Posts : 2

Posted 5-3-2007 8:15 (GMT +1)

Thanks TOUCH Ii followed your instructions and did what you said. Not sure if I still have the virus through.

Logfile of HijackThis v1.99.1
Scan saved at 3:06:40 AM, on 5/3/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\Verizon\SMARTB~1\SBHookSvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\USER\Local Settings\Temporary Internet Files\Content.IE5\WLYNCPQR\alternativ[2].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/verizon/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/verizon/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SBHookSvc - Motive Communications, Inc. - C:\PROGRA~1\Verizon\SMARTB~1\SBHookSvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13812

Posted 5-3-2007 8:26 (GMT +1)

It looks like You get rid of it smile

Run Hijackthis and place a check beside each of the following. Close all other browser windows except HJT.
Click fix checked:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

Reboot normally and tell how things are running ?

Do NOT post your problem in someone elses thread.

Start a new topic so that it may receive proper attention.

Member of - Alliance of Security Analysis Professionals

Forum Information

Currently it is Tuesday, December 02, 2008 12:59 PM (GMT +1)
There are a total of 64.501 posts in 15.908 threads.
In the last 3 days there were 18 new threads and 104 reply posts. View Active Threads