PPRuNe Forums - View Single Post - Virus problem - HJT attached
Thread: Virus problem - HJT attached
View Single Post
Old 15th February 2005 | 16:23
  #1 (permalink)  
mutt
100 Countries Visited
25 Anniversary
 
Joined: Sep 1999
Posts: 5,552
Likes: 25
From: ME
Virus problem - HJT attached
I noticed that my girlfriends laptop was continuously uploading data when connected to our ISP. The rate of upload was approx 1meg per 5 mins (28k dial up line). This was happening even when connected without any web/mail/messenger programs running.

She had an anti-virus program without updating it. So I installed and ran AVG7.0. this found 7 viruses and deleted them.

I loaded ZoneAlarm 5.5 to stop the access, it identified mcafee32.exe. Stopping access to that program, stopped the uploads. This worked once or twice, then I got a blue screen every time we connected to the internet.

I’ve checked the Symantec and Mcafee sites and googled the name. Following various links found in this forum and google, I’ve downloaded. Spybot / sysclean and adaware. I’ve also turned off system restore, started in Help mode and used Hijack this.

Regardless of what I’ve done, I cant

A: Find c\windows\system\mcafee32.exe (Ive selected view all files)
B: Delete this file either through Hijack this, sysclean or manually finding it and deleting it in the regedit.

The following is the Hijack this log. I would appreciate some help with this.

Mutt.

C:\\Program Files\\iPod\\bin\\iPodService.exe
C:\\Program Files\\QuickTime\\qttask.exe
C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe
C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe
C:\\WINDOWS\\System32\\realplay.exe
C:\\WINDOWS\\System32\\mcafee32.exe
C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe
C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe
C:\\Program Files\\Messenger\\msmsgs.exe
C:\\WINDOWS\\System32\\LVComS.exe
C:\\Program Files\\Billionton\\Bluetooth Software\\BTTray.exe
C:\\Program Files\\WinZip\\WZQKPICK.EXE
C:\\WINDOWS\\System32\\wuauclt.exe
C:\\WINDOWS\\explorer.exe
C:\\Downloaded Programs\\HijackThis.exe

O4 - HKLM\\..\\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\\..\\Run: [NAV Auto Protect] mcafee32.exe
O4 - HKLM\\..\\RunServices: [Realplayer One] realplay.exe
O4 - HKLM\\..\\RunServices: [NAV Auto Protect] mcafee32.exe
O4 - HKLM\\..\\RunOnce: [SpybotSnD] "C:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe" /autocheck
O4 - HKCU\\..\\Run: [Yahoo! Pager] C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet
O4 - HKCU\\..\\Run: [MSMSGS] "C:\\Program Files\\Messenger\\msmsgs.exe" /background
O4 - HKCU\\..\\Run: [NAV Auto Protect] mcafee32.exe
O4 - HKCU\\..\\RunServices: [Security Agent Manager] mssams.exe
O4 - Global Startup: BTTray.lnk = ?
Last edited by Evo; 16th February 2005 at 10:03.
mutt is offline