Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
I have a "file secure" virus. Please help?
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > I have a "file secure" virus. Please help?  
Forum Quick Jump
 
New Topic Post reply to : I have a "file secure" virus. Please help? Printable version of : I have a "file secure" virus. Please help?
[ << Previous Thread | Next Thread >> ]

rhonda489
New Member


Date Joined Mar 2008
Total Posts : 2
  		   Posted 3-2-2008 2:28 (GMT +1)    Quote: I have a "file secure" virus. Please help?Alert an admin about: I have a "file secure" virus. Please help?
I followed all the instructions on how to get rid of this virus but i'm not sure I did it right or tht it even worked. I am sending all the logs that were requested in another forum. Dr. Web, superantispy, and hijackthis log. When I completed dr. web scan a pop up came up when i tried to close it and requested I do something with the items found. I didn't do anything. Can someone please help me figure this out? I don't understand what any of it means. I have two superspy logs. a before and after.
 
First superantispy:
 
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 02/29/2008 at 03:59 PM
Application Version : 4.0.1152
Core Rules Database Version : 3412
Trace Rules Database Version: 1404
Scan type       : Complete Scan
Total Scan Time : 00:28:36
Memory items scanned      : 820
Memory threats detected   : 1
Registry items scanned    : 7974
Registry threats detected : 11
File items scanned        : 22546
File threats detected     : 12
Rogue.IEDefender/Component
 C:\WINDOWS\MSVIDC32.DLL
 C:\WINDOWS\MSVIDC32.DLL
Rogue.Files-Secure
 HKU\S-1-5-21-1508142058-1346943214-3481656060-1000\Software\FilesSecure
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Files Secure
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Files Secure#UninstallString
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Files Secure#InstallLocation
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Files Secure#DisplayName
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Files Secure#DisplayIcon
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Files Secure#DisplayVersion
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Files Secure#VersionMajor
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Files Secure#VersionMinor
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Files Secure#NoModify
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Files Secure#NoRepair
 C:\Program Files\Files-Secure\secure.db1
 C:\Program Files\Files-Secure\secure.db2
 C:\Program Files\Files-Secure\secure.db3
 C:\Program Files\Files-Secure\secure.db4
 C:\Program Files\Files-Secure\secure.db5
 C:\Program Files\Files-Secure\secure.exe
 C:\Program Files\Files-Secure\Uninstall.exe
 C:\Program Files\Files-Secure
 C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\FILES SECURE 2.1.LNK
 C:\Windows\Prefetch\UNINSTALL.EXE-D6441E86.pf
Adware.Tracking Cookie
 C:\Users\Rhonda\AppData\Roaming\Microsoft\Windows\Cookies\Low\rhonda@indextools[2].txt
Second superantispy:
 
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 03/01/2008 at 06:46 PM
Application Version : 4.0.1152
Core Rules Database Version : 3412
Trace Rules Database Version: 1404
Scan type       : Complete Scan
Total Scan Time : 00:27:26
Memory items scanned      : 730
Memory threats detected   : 0
Registry items scanned    : 7974
Registry threats detected : 0
File items scanned        : 22793
File threats detected     : 6
Adware.Tracking Cookie
 C:\Users\Rhonda\AppData\Roaming\Microsoft\Windows\Cookies\Low\rhonda@msnportal.112.2o7[1].txt
 C:\Users\Rhonda\AppData\Roaming\Microsoft\Windows\Cookies\Low\rhonda@specificclick[1].txt
 C:\Users\Rhonda\AppData\Roaming\Microsoft\Windows\Cookies\Low\rhonda@indextools[2].txt
 C:\Users\Rhonda\AppData\Roaming\Microsoft\Windows\Cookies\Low\rhonda@atdmt[1].txt
 C:\Users\Rhonda\AppData\Roaming\Microsoft\Windows\Cookies\Low\rhonda@doubleclick[1].txt
 C:\Users\Rhonda\AppData\Roaming\Microsoft\Windows\Cookies\Low\rhonda@msnlivefavorites.112.2o7[1].txt
 
Hijackthis log:
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46, on 2008-03-01
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
C:\Program Files\Lexmark 7100 Series\ezprint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live Favorites\wlfsync.exe
C:\Users\Rhonda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O8TQRFE5\HiJackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: MS Video Control 1.0 - {708F8B95-4012-4A3A-9494-5EEE5F8CC89E} - C:\Windows\msvidc32.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: (no name) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [P1370Cfg.exe] P1370Cfg.exe /d:2
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbx_device -   - C:\Windows\system32\lxbxcoms.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10556 bytes
 
Dr. web log:
 
C.bat;C:\327882R2FWJFW;Probably BATCH.Virus;;
FIND3M.bat;C:\327882R2FWJFW;Probably SCRIPT.Virus;;
ListDlls.cfexe;C:\327882R2FWJFW;Trojan.Proxy.2804;Deleted.;
psexec.cfexe;C:\327882R2FWJFW;Program.PsExec.171;Renamed.;
C.bat;C:\ComboFix;Probably BATCH.Virus;;
FIND3M.bat;C:\ComboFix;Probably SCRIPT.Virus;;
ListDlls.cfexe;C:\ComboFix;Trojan.Proxy.2804;Deleted.;
psexec.cfexe;C:\ComboFix;Program.PsExec.171;Renamed.;
C.bat;C:\ComboFix[1];Probably BATCH.Virus;;
FIND3M.bat;C:\ComboFix[1];Probably SCRIPT.Virus;;
ListDlls.cfexe;C:\ComboFix[1];Trojan.Proxy.2804;Deleted.;
psexec.cfexe;C:\ComboFix[1];Program.PsExec.171;Renamed.;
flyout_fav.js;C:\Documents and Settings\Rhonda\AppData\Local\Application Data\Microsoft\Windows Sidebar\Gadgets\AppLauncherV3.3.4.3[1].gadget;Probably SCRIPT.Virus;;
gadget.html\vbscript.1;C:\Documents and Settings\Rhonda\AppData\Local\Application Data\Microsoft\Windows Sidebar\Gadgets\SD%20Sidebar%20Clock%203.04[1;Modification of Trojan.DownLoader.13879;;
gadget.html;C:\Documents and Settings\Rhonda\AppData\Local\Application Data\Microsoft\Windows Sidebar\Gadgets\SD%20Sidebar%20Clock%203.04[1;Archive contains infected objects;Moved.;
flyout_fav.js;C:\Documents and Settings\Rhonda\AppData\Local\Microsoft\Windows Sidebar\Gadgets\AppLauncherV3.3.4.3[1].gadget\js;Probably SCRIPT.Virus;;
gadget.html\vbscript.1;C:\Documents and Settings\Rhonda\DoctorWeb\Quarantine\gadget.html;Modification of Trojan.DownLoader.13879;;
gadget.html;C:\Documents and Settings\Rhonda\DoctorWeb\Quarantine;Archive contains infected objects;Moved.;
flyout_fav.js;C:\Documents and Settings\Rhonda\Local Settings\Microsoft\Windows Sidebar\Gadgets\AppLauncherV3.3.4.3[1].gadget\js;Probably SCRIPT.Virus;;
flyout_fav.js;C:\Users\Rhonda\AppData\Local\Microsoft\Windows Sidebar\Gadgets\AppLauncherV3.3.4.3[1].gadget\js;Probably SCRIPT.Virus;;
flyout_fav.js;C:\Users\Rhonda\Local Settings\Microsoft\Windows Sidebar\Gadgets\AppLauncherV3.3.4.3[1].gadget\js;Probably SCRIPT.Virus;;
 
 
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14295
  		   Posted 3-2-2008 11:27 (GMT +1)    Quote: I have a "file secure" virus. Please help?Alert an admin about: I have a "file secure" virus. Please help?
Hello scool


Please download Combofix:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
 
and save to the desktop.

Close all other browser windows.
 
 
 
Important-> Temporarily disable your anti-virus, real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
 
Right click on the AVG icon  in system tray
Open the AVG Control Center program -> double-click on the "AVG Resident Shield" component -> deselect the "Turn on AVG Resident Shield" checkmark and save the setting.