DOWNLOAD: Best tool to repair Windows problems & optimize system performance | Best driver update software for your PC
 
Results 1 to 8 of 8

Thread: Can a virus infect the Winsxs folder?

  1. #1
    random7 is offline New Member
    Join Date
    May 2009
    Posts
    2

    Default Can a virus infect the Winsxs folder?

    About 3-4 days ago i noticed that my pc was locking up during the night. Trying a virus scan did the same thing. so I started to narrow my scans until I saw the scan lock up on the x86_microsoft_windows_naturallanguage file. Can a virus infect the winsxs folder?

    I tried scanning just these files, using Ada-ware, and Malware. All 3 programs locked the pc up on this set of files. There are 5 of them at this time.

    Since these cannot be deleted, but clearly are the source of the problem, how do I repair it?

    Thx


  2. #2
    leofelix is offline Member
    Join Date
    Oct 2008
    Location
    Italy
    Posts
    1,668

    Default

    Welcome Random7,
    would you please be more specific?
    I mean, what Windows OS and what antivirus do you use?
    Moreover: "Malware" stands for "MalwareBytes' AntiMalware" or what?

    Please download HiJackThis to your desktop

    http://www.trendsecure.com/portal/en...HiJackThis.exe

    now open HiJackthis and click on "Do a system scan and save a log file", post the log (HiJackthis.log) here, please (just copy and paste).
    Thank you
    Last edited by leofelix; 26th May 2009 at 13:36.

  3. #3
    Choto Cheeta's Avatar
    Choto Cheeta is offline Trusted Member
    Join Date
    Jun 2008
    Posts
    136

    Default

    @random7

    Adding up to the points which leofelix has made, Dont you have any Real time Virus scanner running in your PC ??

  4. #4
    knightrider™'s Avatar
    knightrider™ is offline Gold Member
    Join Date
    Jul 2008
    Location
    India
    Posts
    754

    Default

    Run Nod32 scan or post a hijack file log file

  5. #5
    random7 is offline New Member
    Join Date
    May 2009
    Posts
    2

    Default

    Have not been without a realtime scanner for 8+ years.
    Vista Home Premium
    AVG Free
    Windows firewall

    AVG scan and MalwareBytes AntiMalware both seize system up on the same exact file.

    Hijack logfile:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:05:50 PM, on 5/27/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\zabkat\xplorer2\xplorer2_UC.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

    --
    End of file - 5375 bytes
    Last edited by random7; 29th May 2009 at 03:25. Reason: double post

  6. #6
    knightrider™'s Avatar
    knightrider™ is offline Gold Member
    Join Date
    Jul 2008
    Location
    India
    Posts
    754

    Default

    C:\Program Files\zabkat\xplorer2\xplorer2_UC.exe

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

    O13 - Gopher Prefix:

    Remove the above entries.

    Suggest you to remove adaware...

  7. #7
    leofelix is offline Member
    Join Date
    Oct 2008
    Location
    Italy
    Posts
    1,668

    Default

    Sorry Knightrider,

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

    this is part of AVG

    and
    C:\Program Files\zabkat\xplorer2\xplorer2_UC.exe

    is part of Xplorer 2 file manager

    xplorer² lite: free windows explorer replacement (file manager)

    He shouldn't remove them

    I think the files that take too long to be scanned are only too big

  8. #8
    knightrider™'s Avatar
    knightrider™ is offline Gold Member
    Join Date
    Jul 2008
    Location
    India
    Posts
    754

    Default

    Thanks for correcting leo dintknow xplorer2 fM existed....wsnt sure abt this one WormRadar.com IESiteBlocker.NavFilter

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22