djb1011
asked on
Have a virus called notepad.exe
Hello experts,
I have a virus that I thought might be notepad.exe. I am not able to search the net, it tries to connect me using a data line when I am using DSL. In my registry I found in looking under: HKEY_LOCAL_MACHINE
Software Microsoft Windows CurrentVersion run Run the entry of the command Rundll32.exe C:\windows\system32\\opccx
I have a virus that I thought might be notepad.exe. I am not able to search the net, it tries to connect me using a data line when I am using DSL. In my registry I found in looking under: HKEY_LOCAL_MACHINE
Software Microsoft Windows CurrentVersion run Run the entry of the command Rundll32.exe C:\windows\system32\\opccx
Last Comment
Try doing a system restore to a point earlier than the virus was detected. Sometimes these kind of virus that infect your system files like that are easily removed by a restore. If that does not work have a look at this article.
http://www.pchell.com/virus/qaz.shtml
http://www.pchell.com/virus/qaz.shtml
djb1011--If you have one virus, you may have others.
Do you have antivirus and antispyware programs installed on your PC? If so, run scans with them and delete what is recommended. I understand that you have no access to the internet. Otherwise I would have also suggested that you update the reference definitions for those programs before the scan.
Do you have antivirus and antispyware programs installed on your PC? If so, run scans with them and delete what is recommended. I understand that you have no access to the internet. Otherwise I would have also suggested that you update the reference definitions for those programs before the scan.
ASKER
it must not be the notepad.exe as the entry wasn't in the registry. I do have internet access to some webpages.
ASKER
I downloaded and ran hijackthis. My code is below:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:58:19 PM, on 7/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\Ati2ev
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\Ati2ev
C:\Program Files\Lavasoft\Ad-Aware\aa
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATC
C:\Program Files\MUSICMATCH\MUSICMATC
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spools
C:\WINDOWS\system32\wscntf
C:\WINDOWS\system32\dumpre
C:\WINDOWS\system32\dwwin.
C:\Program Files\Trend Micro\HijackThis\HijackThi
R0 - HKCU\Software\Microsoft\In
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATC
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATC
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [b88a9e41] rundll32.exe "C:\WINDOWS\system32\opccx
O4 - HKLM\..\RunOnce: [SpybotDeletingA4817] command /c del "C:\Program Files\Outerinfo\FF\install
O4 - HKLM\..\RunOnce: [SpybotDeletingC2049] cmd /c del "C:\Program Files\Outerinfo\FF\install
O4 - HKLM\..\RunOnce: [SpybotDeletingA4187] command /c del "C:\Program Files\Outerinfo\FF\compone
O4 - HKLM\..\RunOnce: [SpybotDeletingC6850] cmd /c del "C:\Program Files\Outerinfo\FF\compone
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\Yah
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Aryd] "C:\Program Files\??stem32\j?vaw.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1135] command /c del "C:\Program Files\Outerinfo\FF\install
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-5
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-5
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aa
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2ev
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sg
--
End of file - 4426 bytes
Any help would be appreciated.
Thanks
D
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:58:19 PM, on 7/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\Ati2ev
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\Ati2ev
C:\Program Files\Lavasoft\Ad-Aware\aa
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATC
C:\Program Files\MUSICMATCH\MUSICMATC
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spools
C:\WINDOWS\system32\wscntf
C:\WINDOWS\system32\dumpre
C:\WINDOWS\system32\dwwin.
C:\Program Files\Trend Micro\HijackThis\HijackThi
R0 - HKCU\Software\Microsoft\In
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATC
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATC
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals
O4 - HKLM\..\Run: [b88a9e41] rundll32.exe "C:\WINDOWS\system32\opccx
O4 - HKLM\..\RunOnce: [SpybotDeletingA4817] command /c del "C:\Program Files\Outerinfo\FF\install
O4 - HKLM\..\RunOnce: [SpybotDeletingC2049] cmd /c del "C:\Program Files\Outerinfo\FF\install
O4 - HKLM\..\RunOnce: [SpybotDeletingA4187] command /c del "C:\Program Files\Outerinfo\FF\compone
O4 - HKLM\..\RunOnce: [SpybotDeletingC6850] cmd /c del "C:\Program Files\Outerinfo\FF\compone
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\Yah
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Aryd] "C:\Program Files\??stem32\j?vaw.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1135] command /c del "C:\Program Files\Outerinfo\FF\install
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-5
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-5
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aa
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2ev
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sg
--
End of file - 4426 bytes
Any help would be appreciated.
Thanks
D
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Windows XP
Microsoft Windows XP is the sixth release of the NT series of operating systems, and was the first to be marketed in a variety of editions: XP Home and XP Professional, designed for business and power users. The advanced features in XP Professional are generally disabled in Home Edition, but are there and can be activated. There were two 64-bit editions, an embedded edition and a tablet edition.
119K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
does it help ?