My Computer Everytime Instal "scan" Its A Virus?

Di0g0
edited October 2008 in Logs analysis

Everytime a setup open in my screen


The name of setup is "scan"


Please see this images!


virusbv9.th.jpgthpix.gif


virus2aq6.th.jpgthpix.gif


Hijack this:


Logfile of HijackThis v1.99.1


Scan saved at 20:29:22, on 10-10-2008


Platform: Windows XP SP3 (WinNT 5.01.2600)


MSIE: Internet Explorer v7.00 (7.00.6000.16705)


Running processes:


C:WINDOWSSystem32smss.exe


C:WINDOWSsystem32csrss.exe


C:WINDOWSsystem32winlogon.exe


C:WINDOWSsystem32services.exe


C:WINDOWSsystem32lsass.exe


C:WINDOWSsystem32Ati2evxx.exe


C:WINDOWSsystem32svchost.exe


C:WINDOWSsystem32svchost.exe


C:ProgramasFicheiros comunsBitDefenderBitDefender Update Servicelivesrv.exe


C:ProgramasBitDefenderBitDefender 2009vsserv.exe


C:WINDOWSSystem32svchost.exe


C:WINDOWSsystem32svchost.exe


C:WINDOWSsystem32Ati2evxx.exe


C:WINDOWSsystem32svchost.exe


C:ProgramasLavasoftAd-Awareaawservice.exe


C:WINDOWSsystem32spoolsv.exe


C:ProgramasAPCAPC PowerChute Personal Editionmainserv.exe


C:ProgramasComodoFirewallcmdagent.exe


C:WINDOWSsystem32HPZipm12.exe


C:ProgramasSpyware DoctorpctsAuxs.exe


C:ProgramasSpyware DoctorpctsSvc.exe


C:WINDOWSsystem32svchost.exe


C:WINDOWSSystem32alg.exe


C:WINDOWSSystem32svchost.exe


C:WINDOW###plorer.EXE


C:ProgramasMicrosoft IntelliType Protype32.exe


C:ProgramasATI TechnologiesATI.ACECore-StaticMOM.exe


C:WINDOWSsystem32msiexec.exe


C:WINDOWSRTHDCPL.EXE


C:ProgramasBitDefenderBitDefender 2009bdagent.exe


C:ProgramasMicrosoft OfficeOffice12GrooveMonitor.exe


C:ProgramasSpyware DoctorpctsTray.exe


C:ProgramasComodoFirewallcfp.exe


C:WINDOWSsystem32ctfmon.exe


C:ProgramasMSN MessengerMsnMsgr.Exe


C:ProgramasMessengermsmsgs.exe


C:ProgramasATI TechnologiesATI.ACECore-Staticccc.exe


C:ProgramasAPCAPC PowerChute Personal Editionapcsystray.exe


C:ProgramasBitDefenderBitDefender 2009seccenter.exe


C:WINDOWSsystem32notepad.exe


C:Documents and SettingsDiOgOAmbiente de trabalhoHijackThis.exe


R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157


R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896


R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896


R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hiperligações


O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:ProgramasFicheiros comunsAdobeAcrobatActiveXAcroIEHelperShim.dll


O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:ProgramasSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll


O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:PROGRA~1MICROS~3Office12GRA8E1~1.DLL


O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:ProgramasFicheiros comunsMicrosoft SharedWindows LiveWindowsLiveLogin.dll


O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:ProgramasBitDefenderBitDefender 2009IEToolbar.dll


O4 - HKLM..Run: [startCCC] "C:ProgramasATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun


O4 - HKLM..Run: [type32] "C:ProgramasMicrosoft IntelliType Protype32.exe"


O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE


O4 - HKLM..Run: [skyTel] SkyTel.EXE


O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE


O4 - HKLM..Run: [bDAgent] "C:ProgramasBitDefenderBitDefender 2009bdagent.exe"


O4 - HKLM..Run: [bitDefender Antiphishing Helper] "C:ProgramasBitDefenderBitDefender 2009IEShow.exe"


O4 - HKLM..Run: [GrooveMonitor] "C:ProgramasMicrosoft OfficeOffice12GrooveMonitor.exe"


O4 - HKLM..Run: [iSTray] "C:ProgramasSpyware DoctorpctsTray.exe"


O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:ProgramasAdobeReader 9.0ReaderReader_sl.exe"


O4 - HKLM..Run: [COMODO Firewall Pro] "C:ProgramasComodoFirewallcfp.exe" -h


O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe


O4 - HKCU..Run: [MsnMsgr] "C:ProgramasMSN MessengerMsnMsgr.Exe" /background


O4 - HKCU..Run: [MSMSGS] "C:ProgramasMessengermsmsgs.exe" /background


O4 - Global Startup: APC UPS Status.lnk = ?


O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:PROGRA~1MICROS~3Office12EXCEL.EXE/3000


O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~3Office12ONBttnIE.dll


O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~3Office12ONBttnIE.dll


O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:ProgramasSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll


O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~3Office12REFIEBAR.DLL


O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)


O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)


O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramasMessengermsmsgs.exe


O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgramasMessengermsmsgs.exe


O11 - Options group: [iNTERNATIONAL] International*


O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab


O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:PROGRA~1MICROS~3Office12GR99D3~1.DLL


O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1MSNMES~1MSGRAP~1.DLL


O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:ProgramasFicheiros comunsMicrosoft SharedHelphxds.dll


O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:PROGRA~1MSNMES~1MSGRAP~1.DLL


O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1FICHEI~1SkypeSKYPE4~1.DLL


O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:PROGRA~1FICHEI~1MICROS~1OFFICE12MSOXMLMF.DLL


O20 - AppInit_DLLs: C:WINDOWSsystem32guard32.dll


O20 - Winlogon Notify: dimsntfy - %SystemRoot%System32dimsntfy.dll (file missing)


O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:ProgramasLavasoftAd-Awareaawservice.exe


O23 - Service: APC UPS Service - American Power Conversion Corporation - C:ProgramasAPCAPC PowerChute Personal Editionmainserv.exe


O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:ProgramasFicheiros comunsBitDefenderBitDefender Arrakis ServerbinArrakis3.exe


O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe


O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe


O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:ProgramasComodoFirewallcmdagent.exe


O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:ProgramasFicheiros comunsBitDefenderBitDefender Update Servicelivesrv.exe" /service (file missing)


O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe


O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:ProgramasSpyware DoctorpctsAuxs.exe


O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:ProgramasSpyware DoctorpctsSvc.exe


O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:ProgramasBitDefenderBitDefender 2009vsserv.exe" /service (file missing)


This setup open when i open internet explorer sites.

Comments

  • This setup open when i open internet explorer sites.


    Hy Diogo.


    I think that you have a virus:


    C:\WINDOWS\system32\notepad.exe


    The file of the Note Pad is in C:\Windows.


    Can you add this file to BitDefender´s quarantine or upload it to Virus Total?


    I think that you have a lot of Security software(Spyware Doctor,Ad-aware,Comodo Firewall,BitDefender...)


    This software can cause incompatibilities.


    Try to upload


    C:\WINDOWS\system32\notepad.exe to virus total:


    www.virustotal.com


    Post the log,and add this file to quarantine.


    Gooodbye!

  • rootkit
    rootkit ✭✭✭
    edited October 2008

    @ Di0g0


    Post a new log using Hijackthis 2.0.2


    @ matabufalez


    WRONG !


    e43368f328ecc3b8264d2077f6071395.PNG

  • @ Di0g0


    Post a new log using Hijackthis 2.0.2


    @ matabufalez


    WRONG !


    e43368f328ecc3b8264d2077f6071395.PNG


    Sorry!


    Sorry!


    I´m sorry,I have checked if Notepad.exe was in C:\Windows\ and I search information on Google for System32\Notepad,and I found this:


    First thing to do is change the file type for the text documents. -Menu tools, Folder options, file types. -Edit the txt file type and make sure it reads c:\windows\notepad.exe

    Then fix your short cuts and delete the notepad.exe found at c:\windows\system32


    I´m sorry :(

  • Di0g0
    edited October 2008

    I desinstaled the comodo and the problem it disappeared.


    Its stranger.....


    LOG:


    Logfile of Trend Micro HijackThis v2.0.2


    Scan saved at 21:44:05, on 10-10-2008


    Platform: Windows XP SP3 (WinNT 5.01.2600)


    MSIE: Internet Explorer v7.00 (7.00.6000.16705)


    Boot mode: Normal


    Running processes:


    C:\WINDOWS\System32\smss.exe


    C:\WINDOWS\system32\csrss.exe


    C:\WINDOWS\system32\winlogon.exe


    C:\WINDOWS\system32\services.exe


    C:\WINDOWS\system32\lsass.exe


    C:\WINDOWS\system32\Ati2evxx.exe


    C:\WINDOWS\system32\svchost.exe


    C:\WINDOWS\system32\svchost.exe


    C:\WINDOWS\System32\svchost.exe


    C:\WINDOWS\system32\Ati2evxx.exe


    C:\WINDOWS\system32\svchost.exe


    C:\WINDOWS\system32\svchost.exe


    C:\Programas\Lavasoft\Ad-Aware\aawservice.exe


    C:\WINDOWS\system32\spoolsv.exe


    C:\WINDOWS\Explorer.EXE


    C:\Programas\APC\APC PowerChute Personal Edition\mainserv.exe


    C:\WINDOWS\system32\HPZipm12.exe


    C:\Programas\Spyware Doctor\pctsAuxs.exe


    C:\Programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe


    C:\Programas\Microsoft IntelliType Pro\type32.exe


    C:\WINDOWS\RTHDCPL.EXE


    C:\Programas\BitDefender\BitDefender 2009\bdagent.exe


    C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe


    C:\Programas\Spyware Doctor\pctsTray.exe


    C:\WINDOWS\system32\ctfmon.exe


    C:\Programas\MSN Messenger\MsnMsgr.Exe


    C:\Programas\Spyware Doctor\pctsSvc.exe


    C:\Programas\Messenger\msmsgs.exe


    C:\Programas\APC\APC PowerChute Personal Edition\apcsystray.exe


    C:\WINDOWS\system32\svchost.exe


    C:\Programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe


    C:\WINDOWS\System32\alg.exe


    C:\Programas\BitDefender\BitDefender 2009\seccenter.exe


    C:\Programas\Valve\Steam\Steam.exe


    C:\Programas\MSN Messenger\usnsvc.exe


    C:\Programas\BitDefender\BitDefender 2009\vsserv.exe


    C:\WINDOWS\System32\svchost.exe


    C:\Programas\Ficheiros comuns\BitDefender\BitDefender Update Service\livesrv.exe


    C:\Programas\Mozilla Firefox\firefox.exe


    C:\WINDOWS\system32\wbem\wmiprvse.exe


    C:\Programas\Trend Micro\HijackThis\HijackThis.exe


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896


    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações


    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll


    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL


    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll


    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programas\BitDefender\BitDefender 2009\IEToolbar.dll


    O4 - HKLM\..\Run: [startCCC] "C:\Programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun


    O4 - HKLM\..\Run: [type32] "C:\Programas\Microsoft IntelliType Pro\type32.exe"


    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE


    O4 - HKLM\..\Run: [skyTel] SkyTel.EXE


    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE


    O4 - HKLM\..\Run: [bDAgent] "C:\Programas\BitDefender\BitDefender 2009\bdagent.exe"


    O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Programas\BitDefender\BitDefender 2009\IEShow.exe"


    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"


    O4 - HKLM\..\Run: [iSTray] "C:\Programas\Spyware Doctor\pctsTray.exe"


    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe


    O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background


    O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background


    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')


    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')


    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')


    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')


    O4 - Global Startup: APC UPS Status.lnk = ?


    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000


    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll


    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll


    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll


    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL


    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe


    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe


    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL


    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL


    O20 - AppInit_DLLs:


    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programas\Lavasoft\Ad-Aware\aawservice.exe


    O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Programas\APC\APC PowerChute Personal Edition\mainserv.exe


    O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Programas\Ficheiros comuns\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe


    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe


    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe


    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Programas\Ficheiros comuns\BitDefender\BitDefender Update Service\livesrv.exe


    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programas\Spyware Doctor\pctsAuxs.exe


    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programas\Spyware Doctor\pctsSvc.exe


    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Programas\BitDefender\BitDefender 2009\vsserv.exe


    --


    End of file - 6991 bytes

  • The problem presists!!! I installed malware bytes anti malware and the setup of "scan" open 6x.


    "scan" its a corrupt file of windows'????

  • the files that were missing was the scan.msi! I looked through the net and found a solution for the problem, it says that when it asks for the cd we should insert the cd for the hp printer. I was able to resolve the problem with the hp cd. What i find strange is that i already have the printer instaleed on the pc. I don't understand how a hp printer cd can resolve a windows problem. Can someone explain this?

  • Problem resolved