Can anyone help as Avast say that my PC has a BV:Autorun-G [Wrm] virus

Posted 2/12/2009 10:13 AM
#72394
User avatar

Raj Aryan Member

Date Joined Nov 2016
Total Posts: 1
Hi,



I am having this strange problem since 3-4 days. All problems started when I plugged in a pendrive given by a close friend of mine. I am getting warnings from Avast that there is some Trojan/virus on my PC whenever I boot my PC or plugin a pendrive.



I have been through many websites and forums but never got the exact remedy.



To help with the resolution , I am attaching the report of Trend Micro HijackThis v2.0.2



Scan saved at 3:36:50 PM, on 2/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_15\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Huawei\MT882\dslagent.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_15\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_15\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Huawei\MT882\dslagent.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_15\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_15\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3BAE0A6-0852-4628-A746-D27C71738F9E}: NameServer = 218.248.240.208,218.248.255.193
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MySQL_5045 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10189 bytes


==============================================================================================================



And following is the log if Avast.



2/9/2009 9:05:14 PM SYSTEM 1804 Sign of "BV:AutoRun-G [Wrm]" has been found in "E:\autorun.inf" file.
2/9/2009 11:47:39 PM Administrator 1180 Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7.
2/9/2009 11:49:10 PM Administrator 1180 Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7.
2/10/2009 10:22:19 AM Kalpak Luniya 1716 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Kalpak Luniya\Local Settings\Temporary Internet Files\Content.IE5\6C908QHY\nadz[1].exe" file.
2/10/2009 10:23:03 AM Kalpak Luniya 1716 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Kalpak Luniya\Local Settings\Temporary Internet Files\Content.IE5\6C908QHY\nadz[2].exe" file.
2/10/2009 10:23:07 AM Kalpak Luniya 1716 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Kalpak Luniya\sound32.exe" file.
2/11/2009 1:36:35 PM Kalpak Luniya 1660 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Kalpak Luniya\Local Settings\Temporary Internet Files\Content.IE5\KP7Z9G1K\vss2[1].exe" file.
2/11/2009 2:28:36 PM Kalpak Luniya 1660 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Kalpak Luniya\Local Settings\Temporary Internet Files\Content.IE5\KP7Z9G1K\vss2[2].exe" file.
2/11/2009 2:28:44 PM Kalpak Luniya 1660 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Kalpak Luniya\Local Settings\Temporary Internet Files\Content.IE5\KP7Z9G1K\vss2[3].exe" file.
2/11/2009 2:28:48 PM Kalpak Luniya 1660 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Kalpak Luniya\cncai32.exe" file.
2/11/2009 2:28:51 PM Kalpak Luniya 1660 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Kalpak Luniya\cncai32.exe" file.
2/11/2009 2:37:46 PM Kalpak Luniya 1660 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Kalpak Luniya\Local Settings\Temporary Internet Files\Content.IE5\ANR41U7C\nadz[1].exe" file.
2/11/2009 2:37:52 PM Kalpak Luniya 1660 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Kalpak Luniya\Local Settings\Temporary Internet Files\Content.IE5\ANR41U7C\nadz[2].exe" file.
2/11/2009 2:37:55 PM Kalpak Luniya 1660 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Kalpak Luniya\sound32.exe" file.
2/11/2009 7:11:25 PM SYSTEM 1632 Sign of "BV:AutoRun-G [Wrm]" has been found in "E:\autorun.inf" file.
2/11/2009 7:13:43 PM SYSTEM 1632 Sign of "BV:AutoRun-G [Wrm]" has been found in "E:\autorun.inf" file.
2/12/2009 12:47:25 AM SYSTEM 1656 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Kalpak Luniya\Local Settings\Temporary Internet Files\Content.IE5\O09TL1DY\nadz[1].exe" file.
2/12/2009 12:47:44 AM SYSTEM 1656 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Kalpak Luniya\Local Settings\Temporary Internet Files\Content.IE5\O09TL1DY\nadz[2].exe" file.
2/12/2009 12:47:52 AM SYSTEM 1656 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Kalpak Luniya\sound32.exe" file.
2/12/2009 9:59:51 AM Kalpak Luniya 1600 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Kalpak Luniya\Local Settings\Temporary Internet Files\Content.IE5\DAJZ2MPK\nadz[1].exe" file.
2/12/2009 10:00:26 AM Kalpak Luniya 1600 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Kalpak Luniya\Local Settings\Temporary Internet Files\Content.IE5\DAJZ2MPK\nadz[2].exe" file.
2/12/2009 10:00:30 AM Kalpak Luniya 1600 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Documents and Settings\Kalpak Luniya\sound32.exe" file.
2/12/2009 3:02:25 PM Kalpak Luniya 1680 Sign of "BV:AutoRun-G [Wrm]" has been found in "E:\autorun.inf" file.
2/12/2009 3:02:38 PM Kalpak Luniya 1680 Sign of "BV:AutoRun-G [Wrm]" has been found in "E:\autorun.inf" file.
2/12/2009 3:02:51 PM Kalpak Luniya 1680 Sign of "BV:AutoRun-G [Wrm]" has been found in "E:\autorun.inf" file.


=========================================================================================================



I would be very happy to see this problem getting resolved. I request someone to help me out.



regards....



Raj
Posted 2/12/2009 11:11 AM
#72398
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hello Raj :smile:







Download this program: http://www.ctrlaltdel.dk/Fix_download.exe

and save it on the desktop. Then double click on it (Fix_download.exe).

You may have to allow the program to download files from the web!

The program download the necessary cleaning programs. Once the program
is downloaded, there will be a folder on your desktop named
Fix. – if the instructions not automatically opens, so
double-click "FIX_manual.htm" in Fix folder.

Please follow the instructions and copy the logs here, in this Topic.



Note : Fix_download.exe is detected by some antivirus programs as a "RiskTool" /infection; it is not a virus. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.







If necessary, temporarily disable your anti-virus, real-time protection before downloading


[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Tuesday, July 25, 2017, 4:33 AM (GMT +2)
There are a total of 61,305 posts in 13,482 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,066 registered members. Please welcome our newest member, tinytim4.
There are currently no users on-line.
We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.