home hardware prices news articles forums photos user reviews
Go Back   Tech Support Forums - TechIMO.com > PC Hardware and Tech > Technical Support
Virus as a system file? Virus as a system file?
Ask a Tech Support Question (free)!

Virus as a system file?

Reply Get bargains at  »  Dealighted.com
 
Thread Tools Search this Thread
Currently Active Users: 1469
Discussions: 195,859, Posts: 2,328,009, Members: 241,383
Old December 3rd, 2008, 05:22 PM   Digg it!   #1 (permalink)
Junior Member
 
Join Date: Dec 2008
Posts: 2
Virus as a system file?
Here is my list:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:25:18 PM, on 12/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Protector Suite QL\psqltray.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Toshiba
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Personalized Start Page
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 7.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [28c9ec18] rundll32.exe "C:\WINDOWS\system32\abhdjvpk.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O20 - AppInit_DLLs: cfberc.dll
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 6812 bytes


Any help is appreciated.
D-Ray is offline   Reply With Quote
Old December 3rd, 2008, 09:11 PM     #2 (permalink)
Junior Member
 
Join Date: Dec 2008
Posts: 2
Virus as a system file?
Are there viruses out there that mirror as system files?

Is there a way to find out which is which?

Also, can you get rid of it without harming the computer?

Reason I ask is because the Automatic Updates are turning off automatically and it shows up in the system tray, but when I go to turn them back on, they're already on.

Also, I get pop-ups when I use Internet Explorer (mainly anti-virus software sites pop up), and even certain sites when I use Firefox.

I use Trend Micro for my anti-virus, and I've tried other anti-virus and spyware programs (Spybot, Ad-Aware, AVG, etc.) and they can't find it.

Someone help.
D-Ray is offline   Reply With Quote
Old December 3rd, 2008, 10:14 PM     #3 (permalink)
Ultimate Member
 
cksboy15's Avatar
 
Join Date: Nov 2008
Location: Ohio
Posts: 1,004
Send a message via Yahoo to cksboy15
There are viruses that mirror as system files and the only way I know how to get them out is to format the C drive which has the os on it. normally the virus file will be .exe or some other (can't remember) and if it appears within your system files then you can't delete it.

Don't know about the auto update thing.

The pop ups is probably your pop up blocker not working, and Firefox (I use it too) only seems to block one pop up at a time.

Try downloading the trial version of kaspersky and scan your computer.

You can get a bunch of antiviruses here
Anti-Virus Downloads - FileHippo.com

I would avoid Mcafee and norton. But nod32 kaspersky and avira work good enough.
cksboy15 is offline   Reply With Quote
Old December 3rd, 2008, 11:43 PM     #4 (permalink)
Super Stealthy Moderator
 
RicheemxX's Avatar
 
Join Date: Jan 2003
Location: Outside the box
Posts: 5,199
Blog Entries: 4
Send a message via Yahoo to RicheemxX
Running your log file through the analyzer shows a a couple nasties I'd suggest reading the hijack this tutorial and removing any bugs you see in the analyzer HijackThis Analyzer & Tutorial

I'd also suggest reading a few threads in the Security and Privacy Issues - Tech Support Forums - TechIMO.com forum, there is tons of advice for removing malware/spyware ect.
__________________
“Every question involves someone having to work for an answer, isn't it about time you did your share”
"Whatever you want to do, do it now. There are only so many tomorrows."
RicheemxX is online now   Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
How do I change a FAT 32 File system to a NTFS filing system kozuch Applications and Operating Systems 9 October 29th, 2008 06:58 AM
can I delete this file? Has virus Naz Technical Support 4 June 10th, 2004 11:27 AM
virus? corrupted file? jerbaby78 General Tech Discussion 36 November 1st, 2002 12:06 PM
Virus Scan problem I need a file batmeat Applications and Operating Systems 1 June 17th, 2002 08:20 PM


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Most Active Discussions
Is It Just Me? (1447)
Palin Resigning as Governor (45)
Budget PC Build, first time - Need .. (14)
[F@H SPAM 28 JUN 09] Today's the da.. (138)
Looking for Some good PC games. (9)
build advice (20)
Worth upgrading GFX card? (36)
You guys might like this one (22)
Crap, my graphics have gone to hell (17)
4gb RAM (7)
Is this a decent gaming system??? (25)
Gigabyte 770 vs 790GX (cant decide) (8)
Need Technical Expierience (77)
need a laptop (5)
Recent Discussions
Gigabyte 770 vs 790GX (cant decide) (8)
build advice (20)
Worth upgrading GFX card? (36)
Desktop Computer on Laptop Screen (1)
Windows 7 Beta won't install (6)
[F@H SPAM 28 JUN 09] Today's the day... (138)
Gaming Laptop (2)
[Seriously need help] External hard d.. (0)
Not enough RAM... (1)
wifes laptop (1)
Apple no longer using nVidia? (0)
internet connection is breaking (10)
please help (1)
What salary can I expect once I gradu.. (0)
Windows Product Key (5)
Looking for Some good PC games. (9)
Weird Battlefield 2 errors (3)
ps3 connection- no video signal (1)
firefox 3.5 is slow to start (10)
Apple iPhone 3G S 32GB Unlocked (0)
Explorer page shuts down...HELP.. (0)
video card (2)
need a laptop (5)
Need Technical Expierience (77)
6 Quad/S SeriesMotherboard (0)


All times are GMT -4. The time now is 08:34 PM.
TechIMO Copyright 2008 All Enthusiast, Inc.

Contact Us - Tech Support Forums - TechIMO.com - Archive - Privacy Statement - Terms of Use -
Coupons and Deals and Dealighted - Store Ratings and Reviews - Web Business Blog - Top


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28