Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
I´m infected with TrojanW32.looksky (I think) need help!
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > I´m infected with TrojanW32.looksky (I think) need help!  
Forum Quick Jump
 
New Topic Locked Topic Printable version of : I´m infected with TrojanW32.looksky (I think) need help!
[ << Previous Thread | Next Thread >> ]

Virus Hater
New Member


Date Joined Aug 2007
Total Posts : 5
  		   Posted 8-22-2007 9:25 (GMT +1)    Quote: I´m infected with TrojanW32.looksky (I think) need help!Alert an admin about: I´m infected with TrojanW32.looksky (I think) need help!
Loads of warnings and pop ups have taken over my desktop. Warning says that I have Trojan.W32.looksky.

AVG found about 60 tracking cookies (medium risk) My desktop is red w/ a warning and privacy logo. Spyware popups everywhere. Please help me! Here is my HiJackLOg:

Logfile of HijackThis v1.99.1
Scan saved at 22:27:41, on 2007-08-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
E:\Program\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
O2 - BHO: MSVPS System - {283A0EE3-2CC1-45AB-8207-B1D7B69C7F83} - C:\WINDOWS\duocore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll
O4 - HKLM\..\Run: [KAVPersonal50] C:\Anti Virus Kapersky\AV Temp\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: desktop(2)(2).ini
O4 - Startup: desktop(2).ini
O4 - Startup: desktop(3)(2).ini
O4 - Startup: desktop(3).ini
O4 - Startup: desktop(4).ini
O4 - Global Startup: desktop(2)(2).ini
O4 - Global Startup: desktop(2).ini
O4 - Global Startup: desktop(3)(2).ini
O4 - Global Startup: desktop(3).ini
O4 - Global Startup: desktop(4).ini
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .pdf: C:\Program\Internet Explorer\PLUGINS\nppdf32.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: wmpenv - {E988D7C9-45D1-433B-991B-127FE1CEB3A4} - C:\WINDOWS\wmpenv.dll
O21 - SSODL: wmpconf - {045864CD-B021-4CC0-99C3-CB60FBF65871} - C:\WINDOWS\wmpconf.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program\ewido anti-malware\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Anti Virus Kapersky\AV Temp\Kaspersky Anti-Virus Personal\kavsvc.exe

Now the popups won´t let me scan with my Kaspersky anti virus program. This will just get worst I´m afraid. Is this the death of my comp?
 
I was just about to buy a backup system in the way of a extern harddrive. Can I still buy one and load over everything that isn´t attatched to my C:// (system) harddrive or can the spyware/virus follow into the disc?
 
Please help me! I´m desparatecry
 
(sorry to post here and the spyware section)

Post Edited (Virus Hater) : 22-08-2007 08:28:05 GMT

Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14290
  		   Posted 8-22-2007 12:34 (GMT +1)    Quote: I´m infected with TrojanW32.looksky (I think) need help!Alert an admin about: I´m infected with TrojanW32.looksky (I think) need help!
Hello smile
 
 
Please download http://siri.urz.free.fr/Fix/SmitfraudFix.exe (by S!Ri)

If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (normally C:), and launch from there.

 
Please print out or copy this page to Notepad as you will be in Safe Mode and unable to refer to this page.


Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
Double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, normally  C:\rapport.txt

Post a fresh hijackthis log  with rapport txt, and tell how your computer are behaving

+++++++++++++++++++++++++++++++++++++++++++++++++++++++
process.exe is detected by some antivirus programs as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.


Do NOT post your problem in someone elses thread.
Start a new topic so that it may receive proper attention. 
 

Back to Top
 

Virus Hater
New Member


Date Joined Aug 2007
Total Posts : 5
  		   Posted 8-22-2007 1:19 (GMT +1)    Quote: I´m infected with TrojanW32.looksky (I think) need help!Alert an admin about: I´m infected with TrojanW32.looksky (I think) need help!
Thanx for the reply! I think I allready have a smittfraud prog on my harddrive. I will try what you have said. Once I get home from work. So you reckon that my comp might make it another day then:) I hope so. I´ll get back to you!


Thnx once again!:-)
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14290
  		   Posted 8-22-2007 1:53 (GMT +1)    Quote: I´m infected with TrojanW32.looksky (I think) need help!Alert an admin about: I´m infected with TrojanW32.looksky (I think) need help!
I just saw You have another topic, I therefore suggest You continue here:
 
 
I´ll lock this topic, otherwise will it be confusing ;-)

Do NOT post your problem in someone elses thread.
Start a new topic so that it may receive proper attention. 
 

Back to Top
 
New Topic Locked Topic Printable version of : I´m infected with TrojanW32.looksky (I think) need help!
 
Forum Information
Currently it is Tuesday, January 06, 2009 1:39 PM (GMT +1)
There are a total of 65.860 posts in 16.164 threads.
In the last 3 days there were 22 new threads and 84 reply posts. View Active Threads
Who's Online
This forum has 27758 registered members. Please welcome our newest member, Nards.
49 Guest(s), 2 Registered Member(s) are currently online.  Details
Nards, Geekguy
5 Latest Threads
How to restore missing control panel and properties (0)06-01-2009 12:30:09 (Nards)
Google Redirect Virus - Stubborn Version!!! (11)06-01-2009 12:24:11 (DaveWales)
Please help with my Hijackthis log (6)06-01-2009 12:13:33 (iwanttofly4)
Trouble accessing ColdFusion pages!? (3)06-01-2009 10:35:35 (Alin Vlad)
Virtumundo Virus HELP! (6)06-01-2009 10:14:58 (jon310)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard