home hardware prices news articles forums photos user reviews
Go Back   Tech Support Forums - TechIMO.com > PC Hardware and Tech > Technical Support
Virus as a system file? Virus as a system file?
Ask a Tech Support Question (free)!

Virus as a system file?

Reply
Get bargains at  »  Dealighted.com
 
Thread Tools Search this Thread
Currently Active Users: 1534
Discussions: 200,906, Posts: 2,378,904, Members: 246,276
Old December 3rd, 2008, 06:22 PM   Digg it!   #1 (permalink)
Junior Member
 
Join Date: Dec 2008
Posts: 2
Virus as a system file?
Here is my list:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:25:18 PM, on 12/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Protector Suite QL\psqltray.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Toshiba
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Personalized Start Page
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 7.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [28c9ec18] rundll32.exe "C:\WINDOWS\system32\abhdjvpk.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O20 - AppInit_DLLs: cfberc.dll
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 6812 bytes


Any help is appreciated.
D-Ray is offline   Reply With Quote
Old December 3rd, 2008, 10:11 PM     #2 (permalink)
Junior Member
 
Join Date: Dec 2008
Posts: 2
Virus as a system file?
Are there viruses out there that mirror as system files?

Is there a way to find out which is which?

Also, can you get rid of it without harming the computer?

Reason I ask is because the Automatic Updates are turning off automatically and it shows up in the system tray, but when I go to turn them back on, they're already on.

Also, I get pop-ups when I use Internet Explorer (mainly anti-virus software sites pop up), and even certain sites when I use Firefox.

I use Trend Micro for my anti-virus, and I've tried other anti-virus and spyware programs (Spybot, Ad-Aware, AVG, etc.) and they can't find it.

Someone help.
D-Ray is offline   Reply With Quote
Old December 3rd, 2008, 11:14 PM     #3 (permalink)
Ultimate Member
 
cksboy15's Avatar
 
Join Date: Nov 2008
Location: Ohio
Posts: 1,272
Send a message via Yahoo to cksboy15
There are viruses that mirror as system files and the only way I know how to get them out is to format the C drive which has the os on it. normally the virus file will be .exe or some other (can't remember) and if it appears within your system files then you can't delete it.

Don't know about the auto update thing.

The pop ups is probably your pop up blocker not working, and Firefox (I use it too) only seems to block one pop up at a time.

Try downloading the trial version of kaspersky and scan your computer.

You can get a bunch of antiviruses here
Anti-Virus Downloads - FileHippo.com

I would avoid Mcafee and norton. But nod32 kaspersky and avira work good enough.
cksboy15 is offline   Reply With Quote
Old December 4th, 2008, 12:43 AM     #4 (permalink)
Super Stealthy Moderator
 
RicheemxX's Avatar
 
Join Date: Jan 2003
Location: Outside the box
Posts: 5,551
Blog Entries: 4
Send a message via Yahoo to RicheemxX
Running your log file through the analyzer shows a a couple nasties I'd suggest reading the hijack this tutorial and removing any bugs you see in the analyzer HijackThis Analyzer & Tutorial

I'd also suggest reading a few threads in the Security and Privacy Issues - Tech Support Forums - TechIMO.com forum, there is tons of advice for removing malware/spyware ect.
__________________
“Every question involves someone having to work for an answer, isn't it about time you did your share”
"Non-technical questions sometimes don't have an answer at all."
Linus Torvalds
RicheemxX is offline   Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
How do I change a FAT 32 File system to a NTFS filing system kozuch Applications and Operating Systems 9 October 29th, 2008 07:58 AM
can I delete this file? Has virus Naz Technical Support 4 June 10th, 2004 12:27 PM
virus? corrupted file? jerbaby78 General Tech Discussion 36 November 1st, 2002 01:06 PM
Virus Scan problem I need a file batmeat Applications and Operating Systems 1 June 17th, 2002 09:20 PM


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Most Active Discussions
Is It Just Me? (2809)
Is the PSU I received dead? (10)
California Passes Anti-Flat-HDTV Le.. (38)
Install XP pro and a Vista laptop ?.. (8)
Fox uses old news clips to inflate .. (33)
A good PSU? (10)
HIS HD5770 graphic card question (14)
Foreign voltage (6)
New Computer wont recognize XP disc (7)
Dept. of HS: NSA 'Helped' Develop V.. (12)
Ideal cheap graph card for PC-Gamin.. (15)
Print spooler problem (5)
EVGA 9800 gtx help with finding a g.. (6)
Mysterious Boot manager (9)
Recent Discussions
What OS for a home server? (other tha.. (1)
Boot Problem? (0)
Logitech G9 laser gaming mouse $59.95.. (2)
$5 off any item with the purchase of .. (1)
Foreign voltage (6)
Ideal cheap graph card for PC-Gaming? (15)
HIS HD5770 graphic card question (14)
Install XP pro and a Vista laptop ?? (8)
Need hard disk drivers (3)
Cloning old drive to new drive (6)
Asus P4G8X Mobo (0)
Amptron monitor G17FP-Black (0)
windows vista security holes (0)
EVGA 9800 gtx help with finding a goo.. (6)
A good PSU? (10)
Is the PSU I received dead? (10)
HP Pavillion Laptop ze4220 won't turn.. (7)
Dept. of HS: NSA 'Helped' Develop Vis.. (12)
Convert 5 pin Keyboard to USB (11)
Print spooler problem (5)
hybernate option (2)
Steam ID's, Gamertags etc... (1)
New Computer wont recognize XP disc (7)
World's largest Monopoly Game using G.. (328)
Modern Warfare 2: Who Bought It? (60)


All times are GMT -4. The time now is 07:55 AM.
TechIMO Copyright 2009 All Enthusiast, Inc.

Contact Us - Tech Support Forums - TechIMO.com - Archive - Privacy Statement - Terms of Use -
Coupons and Deals and Dealighted - Store Ratings, Avoid Scam Businesses - Geek News - Tech News for the Geek In You- Web Business Blog - Top


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28