I have Win32: Trojan-gen. {VC} and
Win32:Adan-026 [Adw] viruses. How do i remove them. i would really appreciated the help and thanks.
Heres my hijack this log file
Logfile of HijackThis v1.99.1
Scan saved at 10:39:07 AM, on 5/7/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\New Folder\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://microsoft.com/
O2 - BHO: (no name) - {A0269420-A638-4509-889C-8FC3CC85DA7E} - C:\WINDOWS\drexinit.dll
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O15 - Trusted IP range: 63.218.226.78
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: USB Device (blargh) - Unknown owner - C:\WINDOWS\System32\win32usb.exe" -netsvcs (file missing)
Hi,
-
your Log looks incomplete: either you posted just the first & last parts, or you deleted a whole lot of benign startups…
-
please tell us the exact location of the trojan findings: full path/folder/filename, see avast report/logs
-
Is this IP known to you ?
O15 - Trusted IP range: 63.218.226.78
if not, fix it
Also fix:
O2 - BHO: (no name) - {A0269420-A638-4509-889C-8FC3CC85DA7E} - C:\WINDOWS\drexinit.dll
- fix this entry, too:
O23 - Service: USB Device (blargh) - Unknown owner - C:\WINDOWS\System32\win32usb.exe" -netsvcs (file missing)
fixing means: checkmark the relevant line(s) and then klick “Fix checked”-button below the HJT-Scan-results
- your Windows is totally out-of-date (thats why you got a BACKDOOR-infection)
please apply ServicePack2 and the other Windowsupdates/Patches after cleaning or formatting/reinstall, and change all passwords:
see below in my sig the link “VirusRemoval” → BACKDOOR section on proper procedure
Your OS and browser are way out of date, this leaves you more vulnerable to attack.
You don’t appear to have a firewall (unless you are using a hardware firewall/router).
This doesn’t appear to be a complete hijackthis log. If it is it is the shortest I have ever seen.
To me these are suspicious and should be cjhecked out. Google, etc. and on-line analysis, link below.
O2 - BHO: (no name) - {A0269420-A638-4509-889C-8FC3CC85DA7E} - C:\WINDOWS\drexinit.dll
O15 - Trusted IP range: 63.218.226.78
O23 - Service: USB Device (blargh) - Unknown owner - C:\WINDOWS\System32\win32usb.exe" -netsvcs (file missing)
For an on-line scan of your Hijackthis log file try here http://hijackthis.de/index.php
Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast), if you need any help with any of the analysis let us know.
Logfile of HijackThis v1.99.1
Scan saved at 11:14:02 AM, on 5/7/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\New Folder\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://microsoft.com/
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: USB Device (blargh) - Unknown owner - C:\WINDOWS\System32\win32usb.exe" -netsvcs (file missing)
thats the new log file that i fixed that you told me too.
Should i download microsft service pack 2 first then go to that website, or should i got to that hijack website first
This is my first time to an computer viruses
oh yeah what about the Win32:Adan-026 [Adw] virus
This is probably Adware:
install, update, scan & fix with
- Ad-Aware &
- SPYBOT
to remove it…
Links can be found in “VirusRemoval” below
Also tell us the location of the trojan file(s)
- fix O23 - USB Device
- in Hijackthis, go Config → MiscTools → Delete an NT service & follow instructions
All the above should be done AFTER disabling system RESTORE & reboot…
How-To: “VirusRemoval”-link
and you shouldn’t be going online AT ALL all with this PC, before installing SP2 or installing & configuring a firewall + changing all your passwords, PINs, onlinebanking data & other sensitive data
location of the Win32:Adan-026 [Adw] file is in C:\ProgramFiles\WebSiteViewer\128324.dlrl[UPX]
Thats what avast told me where the trojan file is, and i dont know what happened to the Win32: Trojan-gen.{VC} virus
im srry im new to all this stuff
how do i know if i have sp2 downloaded, because i went to the website and it said autoupdate but im not sure if sp2 is downloaded, Thanks
According to your HijackThis log, you are running Windows XP with NO service pack (Third line “Platform: Windows XP (WinNT 5.01.2600)”)
Mine says Platform: “Windows XP SP2 (WinNT 5.01.2600)”