View Full Version : internet virus?
I have just recently got the computer back from having it reset to factory settings (after Malware had its way with it) and i go on to Internet Explorer, my homepage is google and it redirects me to hopepagecells or something and a error box pops up. Warning! W32.Myzor.FK@yf is a virus that effects exe.extentions, and goes on to tell me how i need to update/ protect my computer. i click OK and i am redirected AGAIN to a Malware Burn site. My first instincts, Fake antispyware sofware. Great Just what i need! I havent done or downloaded anything from Malware Burn, I have only downloaded TrueSword4 to scan the computer, while i also have Kaspersky 7.0 scanning. Kaspersky hasnt found any threats so far and hasnt warned me of any threats, so i thought the mysterious Online Security Guide and Security truble shooying was very suspicious as I havent updated or downloaded anything except TrueSword.
Help is greatly apreciated! but go easy on the technical stuff! im not that good with a computer!
May you please run and post Ardiag. (http://www.tombraiderhub.com/download/ardiag.exe) And also a mere anti-virus is not sufficient, it need also a good anti-spyware. Actually there is step-by-step page to remove "w32.myzor"
here. (http://www.technibble.com/how-to-remove-syssecuritysitecom-w32myzorfk/)
Download Ad-Aware (http://www.download.com/3000-2144-10045910.html) and check If your PC has any spyware.
Also, post Ardiag results (http://www.tombraiderhub.com/download/ardiag.exe) here please. :)
Edit : Nick, you bet me ! :p :D
---------------------------------------------------------------
AutoRuns Diagnostics for TRF v 0.5 Developed by EscondeR
---------------------------------------------------------------
Program:
"Provides the interface to Apple mobile devices."
Publisher:
"(Not verified) Apple Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Apple Mobile Device
Program path & name:
"c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe"
Enabled: [V]
Program:
"Provides protection against computer viruses and spyware
Publisher:
hacker attacks cyber-crime and spam."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
AVP
Program path & name:
"(Verified) Kaspersky Lab""c:\program files\kaspersky lab\kaspersky internet security 7.0\avp.exe"
Enabled: [V]
Program:
"gusvc"
Publisher:
"(Verified) Google Inc"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
gusvc
Program path & name:
"c:\program files\google\common\google updater\googleupdaterservice.exe"
Enabled: [V]
Program:
"Device Driver"
Publisher:
"(Not verified) Sonic Solutions"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
drvmcdb
Program path & name:
"c:\windows\system32\drivers\drvmcdb.sys"
Enabled: [V]
Program:
"CD/DVD Class Filter Driver"
Publisher:
"(Verified) GEAR Software Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
GEARAspiWDM
Program path & name:
"c:\windows\system32\drivers\gearaspiwdm.sys"
Enabled: [V]
Program:
"Kl1"
Publisher:
"(Verified) Kaspersky Lab"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
kl1
Program path & name:
"c:\windows\system32\drivers\kl1.sys"
Enabled: [V]
Program:
"Klif"
Publisher:
"(Not verified) Kaspersky Lab"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
klif
Program path & name:
"c:\windows\system32\drivers\klif.sys"
Enabled: [V]
Program:
"OMCI Device Driver"
Publisher:
"(Not verified) Dell Computer Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
OMCI
Program path & name:
"c:\windows\system32\drivers\omci.sys"
Enabled: [V]
Program:
"Px Engine Device Driver for Windows 2000/XP"
Publisher:
"(Not verified) Sonic Solutions"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
PxHelp20
Program path & name:
"c:\windows\system32\drivers\pxhelp20.sys"
Enabled: [V]
Program:
"Logon Visualizer"
Publisher:
"(Verified) Kaspersky Lab"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Entry name:
klogon
Program path & name:
"c:\windows\system32\klogon.dll"
Enabled: [V]
Program:
"Microsoft® Document Imaging"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monito rs
Entry name:
Microsoft Document Imaging Writer Monitor
Program path & name:
"c:\windows\system32\mdimon.dll"
Enabled: [V]
Program:
"kldialhk"
Publisher:
"(Verified) Kaspersky Lab"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
Entry name:
C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
Program path & name:
"c:\program files\kaspersky lab\kaspersky internet security 7.0\adialhk.dll"
Enabled: [V]
Program:
"Drive Letter Access Component"
Publisher:
"(Not verified) Sonic Solutions"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
dla
Program path & name:
"c:\windows\system32\dla\tfswctrl.exe"
Enabled: [V]
Program:
"Sonic Update Manager"
Publisher:
"(Not verified) Sonic Solutions"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
StorageGuard
Program path & name:
"c:\program files\common files\sonic\update manager\sgtray.exe"
Enabled: [V]
Program:
"QuickTime Task"
Publisher:
"(Not verified) Apple Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
QuickTime Task
Program path & name:
"c:\program files\quicktime\qttask.exe"
Enabled: [V]
Program:
"iTunesHelper Module"
Publisher:
"(Verified) Apple Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
iTunesHelper
Program path & name:
"c:\program files\itunes\ituneshelper.exe"
Enabled: [V]
Program:
"SpeedTouch Statistics"
Publisher:
"(Not verified) THOMSON Telecom Belgium"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
SpeedTouch USB Diagnostics
Program path & name:
"c:\program files\thomson\speedtouch usb\dragdiag.exe"
Enabled: [V]
Program:
"Kaspersky Anti-Virus"
Publisher:
"(Verified) Kaspersky Lab"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
AVP
Program path & name:
"c:\program files\kaspersky lab\kaspersky internet security 7.0\avp.exe"
Enabled: [V]
Program:
"Adobe Photoshop Album Starter Edition 3.2 component"
Publisher:
"(Verified) Adobe Systems Incorporated"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Adobe Photo Downloader
Program path & name:
"c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
Enabled: [V]
Program:
"Adobe Acrobat SpeedLauncher"
Publisher:
"(Verified) Adobe Systems Incorporated"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Adobe Reader Speed Launcher
Program path & name:
"c:\program files\adobe\reader 8.0\reader\reader_sl.exe"
Enabled: [V]
Program:
"AutoDetector"
Publisher:
"(Not verified) Ulead Systems Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Ulead AutoDetector v2
Program path & name:
"c:\program files\common files\ulead systems\autodetector\monitor.exe"
Enabled: [V]
Program:
"Microsoft® InfoTech Storage System Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
ms-itss
Program path & name:
"c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
Enabled: [V]
Program:
N/A
Publisher:
N/A
Entry path:
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
Entry name:
0
Program path & name:
File not found: About:Home"
Enabled: [V]
Program:
"Digital Line Detection"
Publisher:
"(Not verified) BVRP Software"
Entry path:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Entry name:
Digital Line Detect.lnk
Program path & name:
"c:\program files\digital line detect\dlg.exe"
Enabled: [V]
Program:
"Google Updater"
Publisher:
"(Verified) Google Inc"
Entry path:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Entry name:
Google Updater.lnk
Program path & name:
"c:\program files\google\google updater\googleupdater.exe"
Enabled: [V]
Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run
Entry name:
some
Program path & name:
File not found: C:\Program Files\Video Add-on\icthis.exe"
Enabled: [V]
Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run
Entry name:
start
Program path & name:
c:\program files\video add-on\isfmntr.exe"
Enabled: [V]
Program:
"Apple Software Update"
Publisher:
"(Verified) Apple Computer Inc."
Entry path:
Task Scheduler
Entry name:
AppleSoftwareUpdate.job
Program path & name:
"c:\program files\apple software update\softwareupdate.exe"
Enabled: [V]
Program:
"Adobe PDF Helper for Internet Explorer"
Publisher:
"(Verified) Adobe Systems Incorporated"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Adobe PDF Reader Link Helper
Program path & name:
"c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll"
Enabled: [V]
Program:
"Drive Letter Access Component"
Publisher:
"(Not verified) Sonic Solutions"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
DriveLetterAccess
Program path & name:
"c:\windows\system32\dla\tfswshx.dll"
Enabled: [V]
Program:
"Google IE Client Toolbar"
Publisher:
"(Verified) Google Inc"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Google Toolbar Helper
Program path & name:
"c:\program files\google\googletoolbar1.dll"
Enabled: [V]
Program:
"GoogleToolbarNotifier"
Publisher:
"(Verified) Google Inc"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Google Toolbar Notifier BHO
Program path & name:
"c:\program files\google\googletoolbarnotifier\2.1.1119.1736\s wg.dll"
Enabled: [V]
Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{BA0BACB5-FC95-451E-94D2-4959AB0949D2}
Program path & name:
c:\program files\video add-on\isfmdl.dll"
Enabled: [V]
Program:
"Internet Explorer Toolba"
Publisher:
"(Verified) Velocity Services Inc"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Neopets
Program path & name:
"c:\program files\neopets\toolbar\toolbar.dll"
Enabled: [V]
Program:
"e404 Module"
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
e404mgr Class
Program path & name:
c:\program files\helper\prolooker.dll"
Enabled: [V]
Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Display Panning CPL Extension
Program path & name:
File not found: deskpan.dll"
Enabled: [V]
Program:
"Shell Extensions"
Publisher:
"(Not verified) Sonic Solutions"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
RecordNow! SendToExt
Program path & name:
"c:\program files\sonic\recordnow!\shlext.dll"
Enabled: [V]
Program:
"Drive Letter Access Component"
Publisher:
"(Not verified) Sonic Solutions"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
DriveLetterAccess
Program path & name:
"c:\windows\system32\dla\tfswshx.dll"
Enabled: [V]
Program:
"iTunes Mini Player DLL"
Publisher:
"(Verified) Apple Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
iTunes
Program path & name:
"c:\program files\itunes\itunesminiplayer.dll"
Enabled: [V]
Program:
"Script Monitor Internet Explorer plugin"
Publisher:
"(Verified) Kaspersky Lab"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Web Anti-Virus statistics
Program path & name:
"c:\program files\kaspersky lab\kaspersky internet security 7.0\scieplgn.dll"
Enabled: [V]
Program:
"PDF Shell Extension"
Publisher:
"(Not verified) Adobe Systems Inc."
Entry path:
HKLM\Software\Classes\Folder\Shellex\ColumnHandler s
Entry name:
PDF Shell Extension
Program path & name:
"c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
Enabled: [V]
Program:
"Google IE Client Toolbar"
Publisher:
"(Verified) Google Inc"
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
googletoolbar1.dll
Program path & name:
"c:\program files\google\googletoolbar1.dll"
Enabled: [V]
Program:
"Internet Explorer Toolba"
Publisher:
"(Verified) Velocity Services Inc"
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
�
Program path & name:
"c:\program files\neopets\toolbar\toolbar.dll"
Enabled: [V]
Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
ictmdl.dll
Program path & name:
c:\program files\video add-on\ictmdl.dll"
Enabled: [V]
Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Extensions
Entry name:
IE Anti-Spyware
Program path & name:
File not found: http://www.updatesgate.com/redirect.php"
Enabled: [V]
Sorry for double posting! Thanks NIck and Raiderfun:hug:! Computer now fixed! Feel Free to close this thread as it is no longer needed!
Better kill those also:
Program:
"gusvc"
Publisher:
"(Verified) Google Inc"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
gusvc
Program path & name:
"c:\program files\google\common\google updater\googleupdaterservice.exe"
Enabled: [V]
Program:
"QuickTime Task"
Publisher:
"(Not verified) Apple Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
QuickTime Task
Program path & name:
"c:\program files\quicktime\qttask.exe"
Enabled: [V]
Program:
"Google Updater"
Publisher:
"(Verified) Google Inc"
Entry path:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Entry name:
Google Updater.lnk
Program path & name:
"c:\program files\google\google updater\googleupdater.exe"
Enabled: [V]
Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run
Entry name:
some
Program path & name:
File not found: C:\Program Files\Video Add-on\icthis.exe"
Enabled: [V]
Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run
Entry name:
start
Program path & name:
c:\program files\video add-on\isfmntr.exe"
Enabled: [V]
Program:
"Google IE Client Toolbar"
Publisher:
"(Verified) Google Inc"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Google Toolbar Helper
Program path & name:
"c:\program files\google\googletoolbar1.dll"
Enabled: [V]
Program:
"GoogleToolbarNotifier"
Publisher:
"(Verified) Google Inc"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Google Toolbar Notifier BHO
Program path & name:
"c:\program files\google\googletoolbarnotifier\2.1.1119.1736\s wg.dll"
Enabled: [V]
Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
{BA0BACB5-FC95-451E-94D2-4959AB0949D2}
Program path & name:
c:\program files\video add-on\isfmdl.dll"
Enabled: [V]
Program:
"Internet Explorer Toolba"
Publisher:
"(Verified) Velocity Services Inc"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Neopets
Program path & name:
"c:\program files\neopets\toolbar\toolbar.dll"
Enabled: [V]
Program:
"e404 Module"
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
e404mgr Class
Program path & name:
c:\program files\helper\prolooker.dll"
Enabled: [V]
Program:
"Google IE Client Toolbar"
Publisher:
"(Verified) Google Inc"
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
googletoolbar1.dll
Program path & name:
"c:\program files\google\googletoolbar1.dll"
Enabled: [V]
Program:
"Internet Explorer Toolba"
Publisher:
"(Verified) Velocity Services Inc"
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
�
Program path & name:
"c:\program files\neopets\toolbar\toolbar.dll"
Enabled: [V]
Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
ictmdl.dll
Program path & name:
c:\program files\video add-on\ictmdl.dll"
Enabled: [V]
Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Extensions
Entry name:
IE Anti-Spyware
Program path & name:
File not found: http://www.updatesgate.com/redirect.php"
Enabled: [V]
vBulletin® v3.8.4, Copyright ©2000-2010, Jelsoft Enterprises Ltd.