home hardware prices news articles forums photos user reviews
Go Back   Tech Support Forums - TechIMO.com > PC Hardware and Tech > Technical Support
Virus as a system file? Virus as a system file?
Ask a Tech Support Question (free)!

Virus as a system file?

Reply
Get bargains at  »  Dealighted.com
 
Thread Tools Search this Thread
Currently Active Users: 2623
Discussions: 200,520, Posts: 2,374,496, Members: 245,842
Old December 3rd, 2008, 06:22 PM   Digg it!   #1 (permalink)
Junior Member
 
Join Date: Dec 2008
Posts: 2
Virus as a system file?
Here is my list:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:25:18 PM, on 12/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Protector Suite QL\psqltray.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Toshiba
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Personalized Start Page
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 7.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [28c9ec18] rundll32.exe "C:\WINDOWS\system32\abhdjvpk.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O20 - AppInit_DLLs: cfberc.dll
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 6812 bytes


Any help is appreciated.
D-Ray is offline   Reply With Quote
Old December 3rd, 2008, 10:11 PM     #2 (permalink)
Junior Member
 
Join Date: Dec 2008
Posts: 2
Virus as a system file?
Are there viruses out there that mirror as system files?

Is there a way to find out which is which?

Also, can you get rid of it without harming the computer?

Reason I ask is because the Automatic Updates are turning off automatically and it shows up in the system tray, but when I go to turn them back on, they're already on.

Also, I get pop-ups when I use Internet Explorer (mainly anti-virus software sites pop up), and even certain sites when I use Firefox.

I use Trend Micro for my anti-virus, and I've tried other anti-virus and spyware programs (Spybot, Ad-Aware, AVG, etc.) and they can't find it.

Someone help.
D-Ray is offline   Reply With Quote
Old December 3rd, 2008, 11:14 PM     #3 (permalink)
Ultimate Member
 
cksboy15's Avatar
 
Join Date: Nov 2008
Location: Ohio
Posts: 1,233
Send a message via Yahoo to cksboy15
There are viruses that mirror as system files and the only way I know how to get them out is to format the C drive which has the os on it. normally the virus file will be .exe or some other (can't remember) and if it appears within your system files then you can't delete it.

Don't know about the auto update thing.

The pop ups is probably your pop up blocker not working, and Firefox (I use it too) only seems to block one pop up at a time.

Try downloading the trial version of kaspersky and scan your computer.

You can get a bunch of antiviruses here
Anti-Virus Downloads - FileHippo.com

I would avoid Mcafee and norton. But nod32 kaspersky and avira work good enough.
cksboy15 is offline   Reply With Quote
Old December 4th, 2008, 12:43 AM     #4 (permalink)
Super Stealthy Moderator
 
RicheemxX's Avatar
 
Join Date: Jan 2003
Location: Outside the box
Posts: 5,511
Blog Entries: 4
Send a message via Yahoo to RicheemxX
Running your log file through the analyzer shows a a couple nasties I'd suggest reading the hijack this tutorial and removing any bugs you see in the analyzer HijackThis Analyzer & Tutorial

I'd also suggest reading a few threads in the Security and Privacy Issues - Tech Support Forums - TechIMO.com forum, there is tons of advice for removing malware/spyware ect.
__________________
“Every question involves someone having to work for an answer, isn't it about time you did your share”
"Non-technical questions sometimes don't have an answer at all."
Linus Torvalds
RicheemxX is online now   Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
How do I change a FAT 32 File system to a NTFS filing system kozuch Applications and Operating Systems 9 October 29th, 2008 07:58 AM
can I delete this file? Has virus Naz Technical Support 4 June 10th, 2004 12:27 PM
virus? corrupted file? jerbaby78 General Tech Discussion 36 November 1st, 2002 01:06 PM
Virus Scan problem I need a file batmeat Applications and Operating Systems 1 June 17th, 2002 09:20 PM


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Most Active Discussions
Is It Just Me? (1660)
FT HOOD attack: 7 killed 12 injured (70)
HELP!!! What do you think of this s.. (25)
windows 7 retail and rtm (5)
Review My Build (6)
Looking for a graphic card that wil.. (30)
My 1st pc build (40)
PC Modern Warfare 2: it's much wors.. (12)
core i7 extreme 975, nvidia 9400gt (9)
Building my first computer (13)
Aero in Vista (7)
[F@H SPAM 11/1/09]New month . . . n.. (34)
Internet very slow since updating A.. (10)
slaving laptop drive (7)
Recent Discussions
[F@H SPAM 11/08/09] Where has all the.. (1)
nvidia geforce 9500GT 1gig DDR2 (3)
[F@H SPAM 11/1/09]New month . . . new.. (34)
Endless BSOD to Recovery Manager loop.. (0)
HELP!!! What do you think of this sys.. (25)
New Processor, Monitor will not turn .. (3)
Determining ip route and serial addre.. (8)
can u beat freecell # 1941? (11)
Dell 8300 Graphics Problems (1)
I have words with double underlines a.. (2)
Internet very slow since updating AVG.. (10)
My Pc wont start after i interupted D.. (0)
windows 7 retail and rtm (5)
New processor technical problem (0)
boot from CD-ROM in chipset via P4M80.. (2)
Powe Director v8 (0)
Windows Experience Index is screwed u.. (3)
Review My Build (6)
FAT32 to NTFS file system in Win2kpro (4)
Motherboards and my curse... (25)
2009 Build (4)
My 1st pc build (40)
Freezing During Music/Movies (1)
ext. sound card laptop to stereo syst.. (2)
Remote Desktop via SSH and error mess.. (2)


All times are GMT -4. The time now is 02:57 PM.
TechIMO Copyright 2008 All Enthusiast, Inc.

Contact Us - Tech Support Forums - TechIMO.com - Archive - Privacy Statement - Terms of Use -
Coupons and Deals and Dealighted - Store Ratings and Reviews - Web Business Blog - Top


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28