Solve : Antivirus System Pro = evil?

1.	Solve : Antivirus System Pro = evil?
Answer» I could use some help getting rid of this and what ever else the logs show. [Saving space, attachment deleted by admin]1) Have "HijackThis" fix the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and close"HijackThis".Please close any open programs before doing this fix. Quote O1 - Hosts: 91.212.127.227 winwarepro.microsoft.com O1 - Hosts: 91.212.127.227 winwarepro.com O1 - Hosts: 91.212.127.227 www.winwarepro.com O2 - BHO: (no name) - {a826543a-f73f-4a65-9989-40f3c0463448} - sivotumo.dll (FILE missing) O2 - BHO: BHO - {B6D223F6-C185-49a2-BA7E-A03E84744702} - C:\WINDOWS\system32\iehelper.dll O4 - HKLM\..\Run: [readericon] "C:\Program Files\Digital Media Reader\readericon45G.exe O4 - HKLM\..\Run: [tvhsguni] "C:\Documents and Settings\Owner.BKNY.000\Local Settings\Application Data\otedle\uimksysguard.exe" O4 - HKCU\..\Run: [Power2GoExpress] NA O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [tvhsguni] "C:\Documents and Settings\Owner.BKNY.000\Local Settings\Application Data\otedle\uimksysguard.exe" O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O21 - SSODL: vufagavaw - {52f0b50b-f3c9-44f4-8f81-0f77fc1e836d} - c:\windows\system32\hesowuza.dll (file missing) O21 - SSODL: momekijow - {c465c337-baef-4ef5-8443-27c34996e5c1} - c:\windows\system32\hesowuza.dll (file missing) O21 - SSODL: widosedaw - {a94785d7-e1b1-42b9-a011-c632aa77edf2} - c:\windows\system32\hesowuza.dll (file missing) O21 - SSODL: wokisemim - {6934f180-454b-4c9a-bb21-75b5332e9547} - c:\windows\system32\hesowuza.dll (file missing) O21 - SSODL: sumumumal - {0de47eed-8590-4834-878d-53af0351440d} - c:\windows\system32\hesowuza.dll (file missing) O21 - SSODL: goveguwev - {c73abe6a-2696-4c0f-9fb5-ebb6d25f7e52} - c:\windows\system32\wikufalu.dll (file missing) O21 - SSODL: pibiyalad - {0aa43c82-e118-4d41-a4a8-76e03633cebc} - c:\windows\system32\wikufalu.dll (file missing) O22 - SharedTaskScheduler: kupuhivus - {52f0b50b-f3c9-44f4-8f81-0f77fc1e836d} - c:\windows\system32\hesowuza.dll (file missing) O22 - SharedTaskScheduler: jugezatag - {c465c337-baef-4ef5-8443-27c34996e5c1} - c:\windows\system32\hesowuza.dll (file missing) O22 - SharedTaskScheduler: gahurihor - {a94785d7-e1b1-42b9-a011-c632aa77edf2} - c:\windows\system32\hesowuza.dll (file missing) O22 - SharedTaskScheduler: jugezatag - {6934f180-454b-4c9a-bb21-75b5332e9547} - c:\windows\system32\hesowuza.dll (file missing) O22 - SharedTaskScheduler: kupuhivus - {0de47eed-8590-4834-878d-53af0351440d} - c:\windows\system32\hesowuza.dll (file missing) O22 - SharedTaskScheduler: jugezatag - {c73abe6a-2696-4c0f-9fb5-ebb6d25f7e52} - c:\windows\system32\wikufalu.dll (file missing) O22 - SharedTaskScheduler: gahurihor - {0aa43c82-e118-4d41-a4a8-76e03633cebc} - c:\windows\system32\wikufalu.dll (file missing) 2) Please download the program HostsXpert Unzip HostsXpert.zip It will create a folder named HostsXpert in whatever folder you EXTRACT it to. Run HostsXpert.exe by double clicking on it. Click the Make Writeable? button. Click Restore Microsoft's Hosts File and then click OK. Click the X to exit the program Please copy and paste a new Hijackthis log taken after running HostsXpert in your reply 3) Next download RootRepeal.rar and unzip it to your Desktop. You'll NEED WinRAR to extract it * Double click RootRepeal.exe to start the program * Click on the Report tab at the bottom of the program window * Click the Scan button * In the Select Scan dialog, check: o Drivers o Files o Processes o SSDT o Stealth Objects o Hidden Services * Click the OK button * In the next dialog, select all drives showing * Click OK to start the scan The scan can take some time. DO NOT run any other programs while the scan is running * When the scan is complete, the SAVE Report button will become available * Click this and save the report to your Desktop as RootRepeal.txt * Go to File, then Exit to close the program Attach this log in your next post. 4) Download DDS* by sUBs to your desktop. Your antivirus software might question the file. If it does, allow it. * Double click DDS.scr to run it and wait for the scan to finish * When finished DDS.txt will open * A small while later, a prompt will open. Answer Yes * DDS will continue scanning * When done, Attach.txt will open Copy and paste the DDS.txt and attach Attach.txtHJT Log after HostsXpert was run [Saving space, attachment deleted by admin]Rootrepeal Log [Saving space, attachment deleted by admin]Griz, where are the other logs?Please include DDS.txt and attach.txt as well.

Answer»

I could use some help getting rid of this and what ever else the logs show.

[Saving space, attachment deleted by admin]1) Have "HijackThis" fix the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and close"HijackThis".Please close any open programs before doing this fix.

Quote

O1 - Hosts: 91.212.127.227 winwarepro.microsoft.com
O1 - Hosts: 91.212.127.227 winwarepro.com
O1 - Hosts: 91.212.127.227 www.winwarepro.com
O2 - BHO: (no name) - {a826543a-f73f-4a65-9989-40f3c0463448} - sivotumo.dll (FILE missing)
O2 - BHO: BHO - {B6D223F6-C185-49a2-BA7E-A03E84744702} - C:\WINDOWS\system32\iehelper.dll
O4 - HKLM\..\Run: [readericon] "C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [tvhsguni] "C:\Documents and Settings\Owner.BKNY.000\Local Settings\Application Data\otedle\uimksysguard.exe"
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [tvhsguni] "C:\Documents and Settings\Owner.BKNY.000\Local Settings\Application Data\otedle\uimksysguard.exe"
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O21 - SSODL: vufagavaw - {52f0b50b-f3c9-44f4-8f81-0f77fc1e836d} - c:\windows\system32\hesowuza.dll (file missing)
O21 - SSODL: momekijow - {c465c337-baef-4ef5-8443-27c34996e5c1} - c:\windows\system32\hesowuza.dll (file missing)
O21 - SSODL: widosedaw - {a94785d7-e1b1-42b9-a011-c632aa77edf2} - c:\windows\system32\hesowuza.dll (file missing)
O21 - SSODL: wokisemim - {6934f180-454b-4c9a-bb21-75b5332e9547} - c:\windows\system32\hesowuza.dll (file missing)
O21 - SSODL: sumumumal - {0de47eed-8590-4834-878d-53af0351440d} - c:\windows\system32\hesowuza.dll (file missing)
O21 - SSODL: goveguwev - {c73abe6a-2696-4c0f-9fb5-ebb6d25f7e52} - c:\windows\system32\wikufalu.dll (file missing)
O21 - SSODL: pibiyalad - {0aa43c82-e118-4d41-a4a8-76e03633cebc} - c:\windows\system32\wikufalu.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {52f0b50b-f3c9-44f4-8f81-0f77fc1e836d} - c:\windows\system32\hesowuza.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {c465c337-baef-4ef5-8443-27c34996e5c1} - c:\windows\system32\hesowuza.dll (file missing)
O22 - SharedTaskScheduler: gahurihor - {a94785d7-e1b1-42b9-a011-c632aa77edf2} - c:\windows\system32\hesowuza.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {6934f180-454b-4c9a-bb21-75b5332e9547} - c:\windows\system32\hesowuza.dll (file missing)
O22 - SharedTaskScheduler: kupuhivus - {0de47eed-8590-4834-878d-53af0351440d} - c:\windows\system32\hesowuza.dll (file missing)
O22 - SharedTaskScheduler: jugezatag - {c73abe6a-2696-4c0f-9fb5-ebb6d25f7e52} - c:\windows\system32\wikufalu.dll (file missing)
O22 - SharedTaskScheduler: gahurihor - {0aa43c82-e118-4d41-a4a8-76e03633cebc} - c:\windows\system32\wikufalu.dll (file missing)

2) Please download the program HostsXpert

Unzip HostsXpert.zip

It will create a folder named HostsXpert in whatever folder you EXTRACT it to.
Run HostsXpert.exe by double clicking on it.
Click the Make Writeable? button.
Click Restore Microsoft's Hosts File and then click OK.
Click the X to exit the program

Please copy and paste a new Hijackthis log taken after running HostsXpert in your reply

3) Next download RootRepeal.rar and unzip it to your Desktop. You'll NEED WinRAR to extract it

* Double click RootRepeal.exe to start the program
* Click on the Report tab at the bottom of the program window
* Click the Scan button
* In the Select Scan dialog, check:
o Drivers
o Files
o Processes
o SSDT
o Stealth Objects
o Hidden Services
* Click the OK button
* In the next dialog, select all drives showing
* Click OK to start the scan

The scan can take some time. DO NOT run any other programs while the scan is running
* When the scan is complete, the SAVE Report button will become available
* Click this and save the report to your Desktop as RootRepeal.txt
* Go to File, then Exit to close the program
*Attach this log in your next post.

4) Download DDS by sUBs to your desktop.
Your antivirus software might question the file. If it does, allow it.

* Double click DDS.scr to run it and wait for the scan to finish
* When finished DDS.txt will open
* A small while later, a prompt will open. Answer Yes
* DDS will continue scanning
* When done, Attach.txt will open

Copy and paste the DDS.txt and attach Attach.txtHJT Log after HostsXpert was run

[Saving space, attachment deleted by admin]Rootrepeal Log

[Saving space, attachment deleted by admin]Griz, where are the other logs?Please include DDS.txt and attach.txt as well.

Solve : Antivirus System Pro = evil?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment