Hi,
a couple of days ago when I was surfing I was greeted by a popup advising me to install winerrorfixer 2007 - I clicked cancel whenever it came up (which was about 4 times) and since then it hasn't appeared again. I'm worried that my system might be infected with what appears to be a new version of the winfixer/vundo malware as it does seem a bit sluggish since this happened.
I ran Spybot S&D, Ad-Aware and a full NOD32 system scan and nothing was picked up so I hope I'm just imagining the slow performance.
If someone could take a look at this log for me I'd appreciate it:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:04:59, on 12/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
E:\Apps\NOD32\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
E:\Apps\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe
E:\Apps\PerfectDisk\PDEngine.exe
C:\WINDOWS\Explorer.EXE
E:\Apps\NOD32\nod32kui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
E:\Apps\Emule\emule.exe
E:\Apps\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
E:\Apps\HiJackThis\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\bin\ssv.dll
O4 - HKLM\..\Run: [nod32kui] "E:\Apps\NOD32\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundFusion] RunDll32 hercplgs.cpl,BootEntryPoint
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "E:\Apps\RivaTuner\RivaTuner.exe" /S
O4 - HKLM\..\Run: [muBlinder] E:\Apps\muBlinder\muBlinder.exe -startup
O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163710238968
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163710233421
O17 - HKLM\System\CCS\Services\Tcpip\..\{544441B1-434D-4C90-9570-23449D1448AC}: NameServer = 192.168.1.254
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - E:\Apps\NOD32\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - E:\Apps\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - E:\Apps\PerfectDisk\PDEngine.exe
Any need for alarm?
Thanks.
v0id
a couple of days ago when I was surfing I was greeted by a popup advising me to install winerrorfixer 2007 - I clicked cancel whenever it came up (which was about 4 times) and since then it hasn't appeared again. I'm worried that my system might be infected with what appears to be a new version of the winfixer/vundo malware as it does seem a bit sluggish since this happened.
I ran Spybot S&D, Ad-Aware and a full NOD32 system scan and nothing was picked up so I hope I'm just imagining the slow performance.
If someone could take a look at this log for me I'd appreciate it:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:04:59, on 12/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
E:\Apps\NOD32\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
E:\Apps\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe
E:\Apps\PerfectDisk\PDEngine.exe
C:\WINDOWS\Explorer.EXE
E:\Apps\NOD32\nod32kui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
E:\Apps\Emule\emule.exe
E:\Apps\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
E:\Apps\HiJackThis\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\bin\ssv.dll
O4 - HKLM\..\Run: [nod32kui] "E:\Apps\NOD32\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundFusion] RunDll32 hercplgs.cpl,BootEntryPoint
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "E:\Apps\RivaTuner\RivaTuner.exe" /S
O4 - HKLM\..\Run: [muBlinder] E:\Apps\muBlinder\muBlinder.exe -startup
O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163710238968
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163710233421
O17 - HKLM\System\CCS\Services\Tcpip\..\{544441B1-434D-4C90-9570-23449D1448AC}: NameServer = 192.168.1.254
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - E:\Apps\NOD32\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - E:\Apps\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - E:\Apps\PerfectDisk\PDEngine.exe
Any need for alarm?
Thanks.
v0id