msudp4.exe virus
Jeg har fået en virus eller trojaner. Den bliver rapporteret af AVG (Anti Virus Guard)men ikke af Panda. Den installerer sig selv ved start af Internet Explorer, hvor der kommer en advarselsdialogboks som siger: "Microsoft Visual C++.Runtimelibrary
Runtime error
Abnormal program determination"
Hvis man klikker OK lukker IE - ellers kan den bare bruges.
Men samtidig er der installeret en fil, der hedder MSUPD4.exe på 56 Kb og en eller flere andre hver på 14 Kb - de kan fx hedde vpibagx.exe.
Filerne kan slettes manuelt eller fjernes via AVG, men dukker op ved næste start af IE. Er der nogen som kan hjælpe?
Her er HiJackThis log'en
Logfile of HijackThis v1.99.0
Scan saved at 10:26:06, on 13-01-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Panda Software\Panda Antivirus Titanium\PAVSRV51.EXE
C:\WINDOWS\System32\locator.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Programmer\Panda Software\Panda Antivirus Titanium\AVENGINE.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Panda Software\Panda Antivirus Titanium\apvxdwin.exe
C:\WINDOWS\System32\alg.exe
C:\Programmer\Kerio\Personal Firewall 4\kpf4gui.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmer\Panda Software\Panda Antivirus Titanium\pavProxy.exe
D:\programmer\Winamp\winampa.exe
C:\Programmer\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Spyware Doctor\swdoctor.exe
D:\programmer\telefon\LGSyncManager.exe
C:\Programmer\OpenOffice.org1.1.3\program\soffice.exe
D:\programmer\SpywareGuard\sgmain.exe
D:\programmer\SpywareGuard\sgbhp.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\programmer\skype\Phone\Skype.exe
D:\programmer\totalcmd\TOTALCMD.EXE
D:\download\unzip\hijack this\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lsb.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {233C5D53-4D60-3E50-6A6C-F5EF34B45EE0} - blank (file missing)
O2 - BHO: (no name) - {F429941A-5C69-A275-D4FC-8EDB57338790} - C:\WINDOWS\system32\pzlnadxu.dll
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmer\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [WinampAgent] D:\programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [RealTray] C:\Programmer\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [THGuard] "C:\Programmer\TrojanHunter 4.1\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmer\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Skype] "D:\programmer\skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Programmer\OpenOffice.org1.1.3\program\quickstart.exe
O4 - Startup: SpywareGuard.lnk = D:\programmer\SpywareGuard\sgmain.exe
O4 - Global Startup: LG SyncManager.lnk = D:\programmer\telefon\LGSyncManager.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download using Download &Express - C:\Programmer\Download Express\Add_Url.htm
O15 - Trusted Zone: http://www.lsb.dk
O15 - Trusted Zone: http://www.psykiatrifronten.dk
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://qp.ell.auc.dk/qp2.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {328DDF23-82BE-11D0-A799-00A02488BD89} (BscwUpload Control) - http://bscw.ruc.dk/bscw_resources/BscwUpload.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/da/deleon/1.1.54-deleon/GoogleNav.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {AE997861-7CF6-11D4-AA92-0050DA41472F} (BSCW JMonitor) - http://bscw.ruc.dk/bscw_resources/JMonitor/jmonitor.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_7.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/netbank/activex/DanskeSikker.cab
O16 - DPF: {FD1A73A3-C038-11D2-BDFD-00A02454F633} (Swing classes) - http://bscw.ruc.dk/bscw_resources/Swing/swing.cab
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 - Kerio Technologies - C:\Programmer\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Macromedia Licensing Service - Unknown - C:\Programmer\Fælles filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Miscrosoft Updates Service 4 - Unknown - C:\WINDOWS\system32\msupd4.exe
O23 - Service: MySql - Unknown - (no file)
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda anti-virus service - Unknown - C:\Programmer\Panda Software\Panda Antivirus Titanium\PAVSRV51.EXE
O23 - Service: PHPGeekUtil - Unknown - (no file)