camacho_marco
asked on
VIRUS W32/VB.PC WORM
ANY ONE KNOWS HOW TO REMOVE THIS VIRUS????? W32/VB.PC WORM
I CAN NOT FIND NOTHING ON THE NET
I CAN NOT FIND NOTHING ON THE NET
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
camacho, run the other virus and spyware removers I posted above.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Naser72,
I was addressing camacho, not you. I meant the post I made 09/09/2006 01:20PM PDT
I was addressing camacho, not you. I meant the post I made 09/09/2006 01:20PM PDT
Let him choose by him self the right answer, but don't try to make him ignore other posts, that's what i mean when i ask you "what you mean"
Let's respect each other, it's an open forum not for you and not for me, it's for every one my friend.
Let's respect each other, it's an open forum not for you and not for me, it's for every one my friend.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
None of the above worked, any other hints??? the virus is GETZAC, how do i know whats the virus name, on the file infected i rigth clicked and on the file and it says GETZAC on the Version Tab Comany Info. It's not GEDZAC it's GEDZAC.
If you know the location of the virus file, delete it. You may need to boot to Safe Mode to delete the file.
Use Killbox or Unlocker in Safe Mode to remove hard to remove file.
Killbox to remove stuborn files
http://www.scancomplete.com/download/killbox/
OR
Unlocker
http://www.majorgeeks.com/download4660.html
If you cannot delete the file, disable it. Right click on the file and select Properties > Security > Advanced. Uncheck "Inherent from parent" and remove other permissions. If you are using Windows XP Home, you need to access the Security tab from Safe Mode. If using Windows XP Pro and security tab is not available, go to any folder and select Tools > Folder Options > View. Uncheck "Use simple file sharing".
Use Killbox or Unlocker in Safe Mode to remove hard to remove file.
Killbox to remove stuborn files
http://www.scancomplete.com/download/killbox/
OR
Unlocker
http://www.majorgeeks.com/download4660.html
If you cannot delete the file, disable it. Right click on the file and select Properties > Security > Advanced. Uncheck "Inherent from parent" and remove other permissions. If you are using Windows XP Home, you need to access the Security tab from Safe Mode. If using Windows XP Pro and security tab is not available, go to any folder and select Tools > Folder Options > View. Uncheck "Use simple file sharing".
ASKER
The same result, i will try an scan with panda and leave it there, there is nothing in the web about this one
Where is the location of the virus file? Does it cause your computer any problem? it could be a false positive. Running a couple virus scanners will tell you whether you have a false positive.
ASKER
The location is everywere that i have an excel or word document.
It only duplicates files but with an exe extension
The only one that detects the virus is PANDA none of all the above has detected the problem.
It only duplicates files but with an exe extension
The only one that detects the virus is PANDA none of all the above has detected the problem.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Logfile of HijackThis v1.99.1
Scan saved at 3:21:28 PM, on 9/13/2006
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\csrss. exe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\Program Files\Panda Software\AVNT\PavFnSvr.exe
C:\Program Files\Panda Software\AVNT\TPSrv.exe
C:\Program Files\Panda Software\AVNT\WebProxy.exe
C:\WINDOWS\system32\svchos t.exe
C:\Program Files\Panda Software\AVNT\PavSrv51.exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\Program Files\Panda Software\AVNT\PNMSRV.EXE
C:\WINDOWS\system32\spools v.exe
C:\WINDOWS\system32\msdtc. exe
C:\Program Files\Panda Software\Panda Administrator 3\AdminServer\AdminServer. exe
C:\Program Files\Compacw\Servidor de Licencias\ContPAQ\AppKeyLi censeServe rContPAQ.e xe
C:\hp\hpsmh\data\cgi-bin\v cagent\vca gent.exe
C:\WINDOWS\System32\svchos t.exe
E:\Tress\Firebird_1_5\bin\ fbguard.ex e
C:\Program Files\Microsoft SQL Server\MSSQL$PADMINISTRATO R\Binn\sql servr.exe
C:\Program Files\Panda Software\Panda Administrator 3\Distribution Server\PadFSvr.exe
C:\Program Files\Panda Software\AVNT\PSCTRLS.EXE
C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe
C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\pagentwd.exe
C:\Program Files\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv. exe
C:\Program Files\Panda Software\AVNT\PsImSvc.exe
C:\WINDOWS\system32\svchos t.exe
E:\Tress\GRUPOT~1\SENTIN~1 .EXE
C:\Program Files\Kyocera Mita\FileUtility\SFUSVC.ex e
C:\WINDOWS\System32\snmp.e xe
C:\Program Files\Kyocera Mita\FileUtility\nsCatCom. exe
C:\hp\hpsmh\bin\smhstart.e xe
E:\Tress\Grupo Tress\Servidor\AstaServerL auncherNTS .exe
C:\hp\hpsmh\bin\hpsmhd.exe
C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
C:\Program Files\Panda Software\AVNT\CPntSrv.exe
C:\WINDOWS\system32\CPQNiM gt\cpqnimg t.exe
C:\WINDOWS\system32\CpqRcm c.exe
C:\WINDOWS\system32\CPQMgm t\CqMgServ \cqmgserv. exe
C:\WINDOWS\system32\CPQMgm t\CqMgStor \cqmgstor. exe
C:\WINDOWS\system32\sysdow n.exe
C:\hp\hpsmh\bin\hpsmhd.exe
C:\WINDOWS\system32\CPQMgm t\CqMgHost \cqmghost. exe
C:\WINDOWS\system32\wbem\w miprvse.ex e
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
E:\Tress\Firebird_1_5\bin\ fbserver.e xe
C:\WINDOWS\System32\alg.ex e
C:\WINDOWS\system32\wbem\w miprvse.ex e
C:\Program Files\Panda Software\Panda Administrator 3\PavReport\PavReport.exe
C:\Program Files\Panda Software\AVNT\AVENGINE.EXE
E:\Tress\Grupo Tress\Servidor\Cafetera.ex e
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cpqtea m.exe
C:\Program Files\Java\jre1.5.0_06\bin \jusched.e xe
C:\Program Files\Panda Software\Panda Administrator 3\Console\PASystemTray.exe
C:\Program Files\Panda Software\AVNT\PSCtrlC.exe
C:\Program Files\Panda Software\AVNT\CpIcnMng.exe
C:\Program Files\Kyocera Mita\FileUtility\NsCatCom. exe
C:\WINDOWS\System32\cmd.ex e
C:\Program Files\Panda Software\AVNT\avciman.exe
C:\Program Files\Panda Software\AVNT\psimreal.exe
E:\Tress\Grupo Tress\L5Poll\L5Poll.exe
C:\Program Files\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = res://shdoclc.dll/softAdmi n.htm
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Start Page = res://shdoclc.dll/softAdmi n.htm
R1 - HKCU\Software\Microsoft\In ternet Connection Wizard,ShellNext = http://update.microsoft.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D 4DAF1D92D4 3} - C:\Program Files\Java\jre1.5.0_06\bin \ssv.dll
O4 - HKLM\..\Run: [CPQTEAM] cpqteam.exe
O4 - HKLM\..\Run: [DetectaFirewallContPAQ] "C:\Program Files\Compacw\Servidor de Licencias\ContPAQ\DetectaF irewall.ex e" /boot
O4 - HKLM\..\Run: [TaskManager] c:\windows\enya.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin \jusched.e xe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Common Files\Softwin\Console\bdco nsole.exe"
O4 - HKLM\..\Run: [PASystemTray] "C:\Program Files\Panda Software\Panda Administrator 3\Console\PASystemTray.exe "
O4 - HKLM\..\Run: [Panda Controller Client] "C:\Program Files\Panda Software\AVNT\PSCtrlC.exe"
O4 - HKLM\..\Run: [CpnIconMng] C:\Program Files\Panda Software\AVNT\CpIcnMng.exe
O4 - Global Startup: Scanner File Utility.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\Program Files\Java\jre1.5.0_06\bin \ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0 0401C60850 1} - C:\Program Files\Java\jre1.5.0_06\bin \ssv.dll
O16 - DPF: {EF791A6B-FC12-4C68-99EF-F B9E207A39E 6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4846/mcfscan.cab
O17 - HKLM\System\CCS\Services\T cpip\Param eters: Domain = REYNOSA.AD.ARCAUTOMOTIVE.C OM
O17 - HKLM\Software\..\Telephony : DomainName = REYNOSA.AD.ARCAUTOMOTIVE.C OM
O17 - HKLM\System\CCS\Services\T cpip\..\{6 2FBD353-6F 9B-49D9-81 B9-1DBED20 3F252}: Domain = arcautomotive.com
O17 - HKLM\System\CCS\Services\T cpip\..\{6 2FBD353-6F 9B-49D9-81 B9-1DBED20 3F252}: NameServer = 10.53.1.8,10.53.1.9
O17 - HKLM\System\CS1\Services\T cpip\Param eters: Domain = REYNOSA.AD.ARCAUTOMOTIVE.C OM
O17 - HKLM\System\CS1\Services\T cpip\Param eters: SearchList = arcautomotive.com
O17 - HKLM\System\CCS\Services\T cpip\Param eters: SearchList = arcautomotive.com
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr. dll
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsnt fy.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: TPLogon - TPLogon.dll (file missing)
O23 - Service: Panda AdminSecure Administration Server (AdminServer) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\AdminServer\AdminServer. exe
O23 - Service: Servidor de Licencias Compac - ContPAQ (AppKeyLicenseServer_ContP AQ) - Unknown owner - C:\Program Files\Compacw\Servidor de Licencias\ContPAQ\AppKeyLi censeServe rContPAQ.e xe
O23 - Service: AstaAppManager - Grupo Tress Internacional S.A. de C.V. - E:\Tress\Grupo Tress\Servidor\AstaServerL auncherNTS .exe
O23 - Service: Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerato r) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
O23 - Service: Panda NetworkSecure Service (CPntSrv) - Panda Software International - C:\Program Files\Panda Software\AVNT\CPntSrv.exe
O23 - Service: HP Insight NIC Agent (CpqNicMgmt) - Hewlett-Packard Company - C:\WINDOWS\system32\CPQNiM gt\cpqnimg t.exe
O23 - Service: HP ProLiant Remote Monitor Service (CpqRcmc) - Hewlett-Packard Company - C:\WINDOWS\system32\CpqRcm c.exe
O23 - Service: HP Version Control Agent (cpqvcagent) - Hewlett-Packard Company - C:\hp\hpsmh\data\cgi-bin\v cagent\vca gent.exe
O23 - Service: HP Insight Foundation Agents (CqMgHost) - Hewlett-Packard Company - C:\WINDOWS\system32\CPQMgm t\CqMgHost \cqmghost. exe
O23 - Service: HP Insight Server Agents (CqMgServ) - Hewlett-Packard Company - C:\WINDOWS\system32\CPQMgm t\CqMgServ \cqmgserv. exe
O23 - Service: HP Insight Storage Agents (CqMgStor) - Hewlett-Packard Company - C:\WINDOWS\system32\CPQMgm t\CqMgStor \cqmgstor. exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultIn stance) - The Firebird Project - E:\Tress\Firebird_1_5\bin\ fbguard.ex e
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInst ance) - The Firebird Project - E:\Tress\Firebird_1_5\bin\ fbserver.e xe
O23 - Service: Panda AdminSecure Distribution Server (PadFSvr) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\Distribution Server\PadFSvr.exe
O23 - Service: Panda Software Controller - Panda Software - C:\Program Files\Panda Software\AVNT\PSCTRLS.EXE
O23 - Service: Panda AdminSecure Communications Agent (PAVAGENTE) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe
O23 - Service: Panda AdminSecure Scheduler (PavAtScheduler) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe
O23 - Service: Panda Function Service (PavFnSvr) - Panda Software - C:\Program Files\Panda Software\AVNT\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv. exe
O23 - Service: Panda Antivirus Report Service (PavReport) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\PavReport\PavReport.exe
O23 - Service: Panda Antivirus Service (PavSrv) - Panda Software International - C:\Program Files\Panda Software\AVNT\PavSrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - C:\Program Files\Panda Software\AVNT\PNMSRV.EXE
O23 - Service: Panda IManager Service (PsImSvc) - Panda Software Internacional - C:\Program Files\Panda Software\AVNT\PsImSvc.exe
O23 - Service: Sentinel3s (Sentinel3Service) - Grupo Tress Internacional, S.A. de C.V. - E:\Tress\GRUPOT~1\SENTIN~1 .EXE
O23 - Service: SFUSVC - KYOCERA MITA CORPORATION - C:\Program Files\Kyocera Mita\FileUtility\SFUSVC.ex e
O23 - Service: HP ProLiant System Shutdown Service (sysdown) - Compaq Computer Corporation - C:\WINDOWS\system32\sysdow n.exe
O23 - Service: HP System Management Homepage (SysMgmtHP) - Hewlett-Packard Company - C:\hp\hpsmh/bin/smhstart.e xe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\AVNT\TPSrv.exe
Scan saved at 3:21:28 PM, on 9/13/2006
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\csrss.
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\Program Files\Panda Software\AVNT\PavFnSvr.exe
C:\Program Files\Panda Software\AVNT\TPSrv.exe
C:\Program Files\Panda Software\AVNT\WebProxy.exe
C:\WINDOWS\system32\svchos
C:\Program Files\Panda Software\AVNT\PavSrv51.exe
C:\WINDOWS\system32\svchos
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\Program Files\Panda Software\AVNT\PNMSRV.EXE
C:\WINDOWS\system32\spools
C:\WINDOWS\system32\msdtc.
C:\Program Files\Panda Software\Panda Administrator 3\AdminServer\AdminServer.
C:\Program Files\Compacw\Servidor de Licencias\ContPAQ\AppKeyLi
C:\hp\hpsmh\data\cgi-bin\v
C:\WINDOWS\System32\svchos
E:\Tress\Firebird_1_5\bin\
C:\Program Files\Microsoft SQL Server\MSSQL$PADMINISTRATO
C:\Program Files\Panda Software\Panda Administrator 3\Distribution Server\PadFSvr.exe
C:\Program Files\Panda Software\AVNT\PSCTRLS.EXE
C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe
C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\pagentwd.exe
C:\Program Files\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.
C:\Program Files\Panda Software\AVNT\PsImSvc.exe
C:\WINDOWS\system32\svchos
E:\Tress\GRUPOT~1\SENTIN~1
C:\Program Files\Kyocera Mita\FileUtility\SFUSVC.ex
C:\WINDOWS\System32\snmp.e
C:\Program Files\Kyocera Mita\FileUtility\nsCatCom.
C:\hp\hpsmh\bin\smhstart.e
E:\Tress\Grupo Tress\Servidor\AstaServerL
C:\hp\hpsmh\bin\hpsmhd.exe
C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
C:\Program Files\Panda Software\AVNT\CPntSrv.exe
C:\WINDOWS\system32\CPQNiM
C:\WINDOWS\system32\CpqRcm
C:\WINDOWS\system32\CPQMgm
C:\WINDOWS\system32\CPQMgm
C:\WINDOWS\system32\sysdow
C:\hp\hpsmh\bin\hpsmhd.exe
C:\WINDOWS\system32\CPQMgm
C:\WINDOWS\system32\wbem\w
C:\WINDOWS\System32\svchos
C:\WINDOWS\System32\svchos
E:\Tress\Firebird_1_5\bin\
C:\WINDOWS\System32\alg.ex
C:\WINDOWS\system32\wbem\w
C:\Program Files\Panda Software\Panda Administrator 3\PavReport\PavReport.exe
C:\Program Files\Panda Software\AVNT\AVENGINE.EXE
E:\Tress\Grupo Tress\Servidor\Cafetera.ex
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cpqtea
C:\Program Files\Java\jre1.5.0_06\bin
C:\Program Files\Panda Software\Panda Administrator 3\Console\PASystemTray.exe
C:\Program Files\Panda Software\AVNT\PSCtrlC.exe
C:\Program Files\Panda Software\AVNT\CpIcnMng.exe
C:\Program Files\Kyocera Mita\FileUtility\NsCatCom.
C:\WINDOWS\System32\cmd.ex
C:\Program Files\Panda Software\AVNT\avciman.exe
C:\Program Files\Panda Software\AVNT\psimreal.exe
E:\Tress\Grupo Tress\L5Poll\L5Poll.exe
C:\Program Files\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D
O4 - HKLM\..\Run: [CPQTEAM] cpqteam.exe
O4 - HKLM\..\Run: [DetectaFirewallContPAQ] "C:\Program Files\Compacw\Servidor de Licencias\ContPAQ\DetectaF
O4 - HKLM\..\Run: [TaskManager] c:\windows\enya.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Common Files\Softwin\Console\bdco
O4 - HKLM\..\Run: [PASystemTray] "C:\Program Files\Panda Software\Panda Administrator 3\Console\PASystemTray.exe
O4 - HKLM\..\Run: [Panda Controller Client] "C:\Program Files\Panda Software\AVNT\PSCtrlC.exe"
O4 - HKLM\..\Run: [CpnIconMng] C:\Program Files\Panda Software\AVNT\CpIcnMng.exe
O4 - Global Startup: Scanner File Utility.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O16 - DPF: {EF791A6B-FC12-4C68-99EF-F
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\Software\..\Telephony
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\System\CS1\Services\T
O17 - HKLM\System\CS1\Services\T
O17 - HKLM\System\CCS\Services\T
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsnt
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: TPLogon - TPLogon.dll (file missing)
O23 - Service: Panda AdminSecure Administration Server (AdminServer) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\AdminServer\AdminServer.
O23 - Service: Servidor de Licencias Compac - ContPAQ (AppKeyLicenseServer_ContP
O23 - Service: AstaAppManager - Grupo Tress Internacional S.A. de C.V. - E:\Tress\Grupo Tress\Servidor\AstaServerL
O23 - Service: Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerato
O23 - Service: Panda NetworkSecure Service (CPntSrv) - Panda Software International - C:\Program Files\Panda Software\AVNT\CPntSrv.exe
O23 - Service: HP Insight NIC Agent (CpqNicMgmt) - Hewlett-Packard Company - C:\WINDOWS\system32\CPQNiM
O23 - Service: HP ProLiant Remote Monitor Service (CpqRcmc) - Hewlett-Packard Company - C:\WINDOWS\system32\CpqRcm
O23 - Service: HP Version Control Agent (cpqvcagent) - Hewlett-Packard Company - C:\hp\hpsmh\data\cgi-bin\v
O23 - Service: HP Insight Foundation Agents (CqMgHost) - Hewlett-Packard Company - C:\WINDOWS\system32\CPQMgm
O23 - Service: HP Insight Server Agents (CqMgServ) - Hewlett-Packard Company - C:\WINDOWS\system32\CPQMgm
O23 - Service: HP Insight Storage Agents (CqMgStor) - Hewlett-Packard Company - C:\WINDOWS\system32\CPQMgm
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultIn
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInst
O23 - Service: Panda AdminSecure Distribution Server (PadFSvr) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\Distribution Server\PadFSvr.exe
O23 - Service: Panda Software Controller - Panda Software - C:\Program Files\Panda Software\AVNT\PSCTRLS.EXE
O23 - Service: Panda AdminSecure Communications Agent (PAVAGENTE) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe
O23 - Service: Panda AdminSecure Scheduler (PavAtScheduler) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe
O23 - Service: Panda Function Service (PavFnSvr) - Panda Software - C:\Program Files\Panda Software\AVNT\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.
O23 - Service: Panda Antivirus Report Service (PavReport) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\PavReport\PavReport.exe
O23 - Service: Panda Antivirus Service (PavSrv) - Panda Software International - C:\Program Files\Panda Software\AVNT\PavSrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - C:\Program Files\Panda Software\AVNT\PNMSRV.EXE
O23 - Service: Panda IManager Service (PsImSvc) - Panda Software Internacional - C:\Program Files\Panda Software\AVNT\PsImSvc.exe
O23 - Service: Sentinel3s (Sentinel3Service) - Grupo Tress Internacional, S.A. de C.V. - E:\Tress\GRUPOT~1\SENTIN~1
O23 - Service: SFUSVC - KYOCERA MITA CORPORATION - C:\Program Files\Kyocera Mita\FileUtility\SFUSVC.ex
O23 - Service: HP ProLiant System Shutdown Service (sysdown) - Compaq Computer Corporation - C:\WINDOWS\system32\sysdow
O23 - Service: HP System Management Homepage (SysMgmtHP) - Hewlett-Packard Company - C:\hp\hpsmh/bin/smhstart.e
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\AVNT\TPSrv.exe
ASKER
Here is the log can you find something???
And sorry for the late reponse i was out of the city.
Thanks Amigo war1
And sorry for the late reponse i was out of the city.
Thanks Amigo war1
1. Go to this folder C:\WINDOWS\system32 and delete sysdown.exe You may need Killbox or Unlocker to remove it.
Killbox to remove stuborn files
http://www.scancomplete.com/download/killbox/
OR
Unlocker
http://www.majorgeeks.com/download4660.html
2. If the following IP address does not belong to your ISP, have HijackThis remove it
O17 - HKLM\System\CCS\Services\T cpip\..\{6 2FBD353-6F 9B-49D9-81 B9-1DBED20 3F252}: NameServer = 10.53.1.8,10.53.1.9
Killbox to remove stuborn files
http://www.scancomplete.com/download/killbox/
OR
Unlocker
http://www.majorgeeks.com/download4660.html
2. If the following IP address does not belong to your ISP, have HijackThis remove it
O17 - HKLM\System\CCS\Services\T
ASKER
Hi Amigo:
Hdere is what i found on the sysshutdown.exe, and it's not a good idea to delete it
Description:
sysdown.exe is a part of Microsoft Windows Server suite. This process allows a server to shut down before management tools are loaded. This program is important for the stable and secure running of your computer and should not be terminated.
Hdere is what i found on the sysshutdown.exe, and it's not a good idea to delete it
Description:
sysdown.exe is a part of Microsoft Windows Server suite. This process allows a server to shut down before management tools are loaded. This program is important for the stable and secure running of your computer and should not be terminated.
camacho,
Yes, sysdown.exe is part of Windows shutdown. I was thinking of a similar spelling trojan.
Yes, sysdown.exe is part of Windows shutdown. I was thinking of a similar spelling trojan.
ASKER
anything else????
ASKER
I will split the point with everyone
Cheers
Cheers
ASKER