Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Help me plzzz...my pc is infected with win32/hidrag virus...all my .exe files have been infected
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > Help me plzzz...my pc is infected with win32/hidrag virus...all my .exe files have been infected  
Forum Quick Jump
 
New Topic Post reply to : Help me plzzz...my pc is infected with win32/hidrag virus...all my .exe files have been infected Printable version of : Help me plzzz...my pc is infected with win32/hidrag virus...all my .exe files have been infected
[ << Previous Thread | Next Thread >> ]

brainevil
New Member


Date Joined Aug 2006
Total Posts : 6
  		   Posted 1-19-2007 8:24 (GMT +1)    Quote: Help me plzzz...my pc is infected with win32/hidrag virus...all my .exe files have been infectedAlert an admin about: Help me plzzz...my pc is infected with win32/hidrag virus...all my .exe files have been infected
hop  >>>helpppp me plzzz<<<<<<hop ..my pc is infected with win32/hidrag virus...all my .exe files have been infected. I have ran the AVG antivirus...it has detected about 400-450 infected files...but it cant heal the files....i dont wont to delete any of the files...is there any way i can heal them or remove them????
        i have read some of the other users problem....everyone has posted there hijackthis log....so i am doing the same....hop >>>PLSSS HELP<<<<<>>>>THANKS IN ADVANCE<<<<hop
 
 
Logfile of HijackThis v1.99.1
Scan saved at 1:15:43 AM, on 1/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
F:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\Winamp\Winampa.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\unzipped\hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
 
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14290
  		   Posted 1-19-2007 8:58 (GMT +1)    Quote: Help me plzzz...my pc is infected with win32/hidrag virus...all my .exe files have been infectedAlert an admin about: Help me plzzz...my pc is infected with win32/hidrag virus...all my .exe files have been infected
Hi brainevil
 
 
Click Start > Run,  type services.msc > OK
In the list of services find:
Power Manager (PowerManager)
Rightclick that line and choose Properties.
On the General tab Stop and set the service to disabled.

 
 
    Re-start your PC in Safe mode, by holding down the F8 button during the initial start up procedure. Use the up and down arrow keys to select Start PC in safe mode and hit the enter key.
This will start your PC with only essential Windows programmes running.
 
 
Please set your system to show all files.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.


Delete the following files or folders (delete item in bold). Please do not be concerned if
any of the items are not found as they may have been automatically removed by actions I had
you take earlier in the cleaning process.
 
Delete-
 
Files:
C:\WINDOWS\svchost.exe
 
 
Reboot normally
 
Click Start | Run and type cleanmgr in the run box
Checkmark these: Temporary Files | Temporary Internet Files | Recycle Bin
Click OK to start the cleanup and wait for it to finish.

Go to Start | Control Panel | Internet Options
In the General tab, Temporary Internet Files, click: Delete Files
When prompted, check: Delete all offline content
You can also check: Delete Cookies
Run <!--coloro:blue--><!--/coloro-->Panda's online virus scan<!--colorc--><!--/colorc--> and perform a full system scan.
Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan <!--coloro:blue--><!--/coloro-->(Note: It may take a couple of minutes)<!--colorc--><!--/colorc-->
  • When download is complete, click on Local Disks to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Reboot normally
Please post Panda Report and tell how things are running

Do NOT post your problem in someone elses thread.
Start a new topic so that it may receive proper attention. 
 

Back to Top
 

brainevil
New Member


Date Joined Aug 2006
Total Posts : 6
  		   Posted 1-24-2007 9:56 (GMT +1)    Quote: Help me plzzz...my pc is infected with win32/hidrag virus...all my .exe files have been infectedAlert an admin about: Help me plzzz...my pc is infected with win32/hidrag virus...all my .exe files have been infected
THanks a lot !!!!!! i didnt have a internet connecction on the infected pc so i couldnt scan it with the online panda scanner....but i scanned it with Panda Titanium antivirus plus instead.....it disinfected the viruses...i hope that did the job.....anyways....... u have been a great help.....really appreciate ur help!!!!!!!!!!!! :)))))))....take care
Back to Top
 
New Topic Post reply to : Help me plzzz...my pc is infected with win32/hidrag virus...all my .exe files have been infected Printable version of : Help me plzzz...my pc is infected with win32/hidrag virus...all my .exe files have been infected
 
Forum Information
Currently it is Tuesday, January 06, 2009 2:25 PM (GMT +1)
There are a total of 65.863 posts in 16.165 threads.
In the last 3 days there were 22 new threads and 86 reply posts. View Active Threads
Who's Online
This forum has 27758 registered members. Please welcome our newest member, Nards.
47 Guest(s), 1 Registered Member(s) are currently online.  Details
tariq1
5 Latest Threads
Error message (0)06-01-2009 13:24:43 (tariq1)
Cannot remove malware (4)06-01-2009 13:13:30 (phill)
Have I a machine infection? (8)06-01-2009 12:42:25 (Geekguy)
How to restore missing control panel and properties (0)06-01-2009 12:30:09 (Nards)
Google Redirect Virus - Stubborn Version!!! (11)06-01-2009 12:24:11 (DaveWales)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard