i hve tried a few things and cant get rid of this virus i hve tried a few scanners and they all hve diff names for it or them im not really sure but i got a hijackthis log file and would be greatful for some help thanks

Logfile of HijackThis v1.99.1
Scan saved at 6:34:54 PM, on 26/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\paul\My Documents\hijackthis\hijackthis\HijackThis.exe

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM..\Run: [SSBkgdUpdate] “C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” -Embedding -boot
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..\Run: [!ewido] “C:\Program Files\ewido anti-spyware 4.0\ewido.exe” /minimized
O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [msnmsgr] “C:\Program Files\MSN Messenger\msnmsgr.exe” /background
O4 - Global Startup: MSCOMM32.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153896615390
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Documents and Settings\bin\iPodService.exe

ne help would be great thanks

can you relate some of the problems you are having .
can you tell us what scans you have done and who detected what and where it was located?
these are important questions . scan again if you forgot or ignored the responses.

i hve tried a few things and cant get rid of this virus

Here is an on-line analysis of your log file http://hijackthis.de/logfiles/060bca3e8ae0f0b2e7d8aab7f5c58ea7.html

   O4 - Global Startup: MSCOMM32.EXE is listed as unknown, what do you know about it

A google search for this indicates a trojan backdoor (MSCOMM32.EXE is Trojan/Backdoor BBQ, AKA TROJ SMALL.BBQ) and considering you don’t appear to have an active firewall present you will be fighting an uphill battle to get clean. So you should tick fix in HJT.

See Troj_Small.BBQ info

Hi Paul :

 HijackThis logs are best analyzed by Experts on 
 antiSPYWARE forums; however, since you do not appear
 to have an antispyware program ( Ewido is antiTROJAN ),
 I recommend the Experts at www.landzdown.com .
 By the way, your Sun Java program is 4 Updates behind;
 therefore, it is a serious security risk . It should be
 uninstalled, then go to www.java.com & get their latest .

Yawn, sending Paul to landzdown isn’t going to answer the questions we have asked to try and help him also, what questions or advice have we offered Paul that is sooooo wrong.

This is the problem MSCOMM32.EXE
See here http://www.greatis.com/appdata/d/m/mscomm32.exe_Removal.htm

That removal link isn’t a removal tool but an invitation to buy RegRun. I don’t like that tactic, give the person a headache (tell them whats wrong) and then sell them an asprin.

thanks for ur help every1 so far the infected file is C:\windows\system32\iedld.dll says it is infected with trojan.gen (other) this is using avast

some of the symptoms r the computer doesnt like to open a lot of programs it just crashes freezes up a bit is pretty slow now to

um i hve tried just bout every free malware removal program i can find used some of the online scanners they found this virus and others but cannot remember the names of the viruses

i ran another scan with hijackthis and i cannot find mscomm32.exe ne more

once again thanks very much for ur help so far

the latest is avast resident scanner is no longer workin

try running a boot time scan . check your help files for how .
move anything detected to chest , post back if you have any problems.
have you tried digging down to system32 file and deleting the dll file manually?

you can scan the file with multiple scanners to get a broader opinion at http://virusscan.jotti.org/ good luck

What is the error message?
Why does avast stop working?

hve run boot scan a few times and keep either deleting or moving to the chest but still comes back cannot find the file to delete it manually

the avast msg is “The AAVM subsystem detected a RPC error.”

as u can prob tell im not that cluey bout this sort of stuff so what ever u reccomend to do try dumb it down a bit so i can understand thanks for ur help

It should be enough using the boot time scanner.
Anyway, if a virus is replicant (coming and coming again), you should, besides scheduling a boot time scanning with avast,

1. Disable System Restore on Windows XP: http://support.microsoft.com/default.aspx?scid=kb;[LN];310405
2. Clean your temporary files.
3. Use a-squared or ewido (trojan removers).

Do you have any other antivirus in this computer?

i am not the administrator on the comp but when i run disk clean up does it clean every1s temp files or just mine if so how do i clean them and where do i find a-squared thanks

AAVM subsytem detected and RPC error. http://www.avast.com/eng/faq-other-questions.html#idt_1539

No that was just a link to describe the problem

What I referred to was this ‘greatis.com/appdata/d/m/mscomm32.exe_Removal.htm’ it makes it look like a removal link when there is very little information about the problem:

Dangerous MSCOMM32.EXE - Dangerous mscomm32.exe MSCOMM32.EXE is Trojan/Backdoor BBQ. Kill the process MSCOMM32.EXE and remove MSCOMM32.EXE from Windows startup using RegRun Reanimator.

So there is virtually no information and is really trying to get you to buy RegRun to resolve the problem.

Oops wrong link, I was looking at 3 or 4 at the time http://www.trendmicro.com.au/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&vNav=1&VName=TROJ_SMALL.BBQ that was the one I meant to drop sorry

Which was the one I gave in reply #2 but with a meaningful name Troj_Small.BBQ info ;D ;D

hey guys i got rid of the trojan thanks every1 for ur help but now im hvin other issues i tried to update java as some1 said but it said the computer is runnin in safe mode when i had to download activex components i hve also had the same error tryin to update windows i got an error code and had a look round and it also said the computer is runnin in safe mode and avast still wont work am gettin the same error msg

scanning with ewido now says i am infected wih downloader.small.cjv in these files
c:\w.exe
c:\windows\lb.exe

and also infected with backdoor.shbot.b in these files
c:\windows\system\svchostw.exe
c:\windows\system\svchostw.dll
c:\windows\system\svchctrl.exe
c:\windows\system\regserv.exe
c:\windows\system\regserv.dll

what do i do with these files can i just delete them i removed some of the last ones from startup with hijackthis thanks guys