Prob with x.bat and couple suspicious running program

Viruses and worms
1

Hi there… can anyone analyze this and give me some solution…

2

You are runing a vulnerable version of Java jre1.6.0_07

Go to Add/Remove Programs and un-install all Java installs.

Recommended Version 6 Update 17
http://java.com/en/download/manual.jsp

IE8 is more secure than IE7 and has a lot better performance:
http://www.microsoft.com/windows/Internet-explorer/default.aspx

Go to Secunia Online Software Inspector then run it to see what other applications are vulnerable:
http://secunia.com/vulnerability_scanning/online

3

Hi MeDIeVaL,

Fix using HJT:

O4 - HKUS\S-1-5-19..\RunOnce: [IE7_012] rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,4,N (User ‘LOCAL SERVICE’)

Unknown application could be a leftover of a Nlite installation…

O4 - HKUS\S-1-5-19..\RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%\System32\rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\custom.inf,OnceFirstLogonInstall,0 (User ‘LOCAL SERVICE’)

O4 - HKUS\S-1-5-20..\RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%\System32\rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\custom.inf,OnceFirstLogonInstall,0 (User ‘NETWORK SERVICE’)

O4 - HKUS\S-1-5-18..\RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%\System32\rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\custom.inf,NewUserFirstLogonInstall,0 (User ‘SYSTEM’)

O4 - HKUS.DEFAULT..\RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%\System32\rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\custom.inf,NewUserFirstLogonInstall,0 (User ‘Default user’)

Nasty (2.77 / 5.00)

Survey of active tasks:

smss.exe
System task

Session Manager Subsystem

winlogon.exe
System task

Microsoft Windows Logon Process

services.exe
System task

Windows Service Controller

lsass.exe
System task

Local Security Authority Service

svchost.exe
System task

Microsoft Service Host Process

svchost.exe
System task

Microsoft Service Host Process

aswUpdSv.exe
Virusscan

Avast Anti-Virus Component

ashServ.exe
Virusscan

Avast

Explorer.EXE
System task

Microsoft Windows Explorer

volume.exe check against virustotal.com

malicious task http://www.bleepingcomputer.com/startups/volume.exe-10362.html

added by Win32.RBOT

ashDisp.exe
Virusscan

Avast AntiVirus

MobileConnect.exe
Background task

MobileConnect.exe

lcacc.exe check against virustotal.com

malicious task http://www.threatexpert.com/report.aspx?md5=c67ffb8af96518dcea19c643116fc8eb

typically added by W32.Bifrose.DN

ctfmon.exe
System task

Alternative User Input Services

VistaDrv.exe
Driver

VistaDrv.exe

spoolsv.exe
System task

Microsoft Printer Spooler Service

emo.exe Version nummer

MD5 Hash van emo.exe

Risk

0.0.0.0

0802023F66C216B4571FD314ABAB0DB6
Virus

AGOBOT-AGE WORM!

VMCService.exe
Backgroud task

Vodafone Mobile Connect

ashMaiSv.exe
Virusscan

Avast Anti-Virus Component

ashWebSv.exe
Virusscan

avast! Web Scanner

firefox.exe
Application

Mozilla Firefox

HijackThis.exe
Application

Hijackthis

polonus