hi all!
Some of you might be coming here from my other post about Sygate Personal Firewall. Anyways I appreciate your support with this matter, and those who answered my question about Sygate.

Anyways, I now have a new more important problem. I have downloaded a WinZip crack off of Kazaa lite, and become infected with some kind of malware. I know, I shouldn't have downloaded a crack off of Kazaa, and I now have learned the consequences with downloading cracked programs since I believe this may have happened to me once before .

Anyways, I downloaded and opened the crack, which I even scanned with my updated antivirus program before I opened it (with advanced heuristics enabled). When I opened it, nothing happened and my Sygate started to give me weird messages telling me that someone was attempting to connect to me and that my computer was attempting to connect to: get.inetbar.com (< which I am still recieving every now and then). Thinking, this isn't normal, I posted a reply to my post about Sygate here.

Anyways, I performed a scan with updated "Free Sypware Scanner GOLD" on my PC and it did not find anything. I also performed a scan with NOD32 Antivirus System with updated definitions and advanced heuristics enabled, and it did not find anything. So I booted up into safe mode, and performed another scan of my system with NOD32 Antivirus, and once again, it did not find anything.

Last night, I performed a scan with BitDefender online virus scanner at bitdefender.com, and it found 2 .dll files that were located in my "C:\WINDOWS\SYSTEM" directory infected with what it called "Trojan.Downloader.BBQ" and could not clean them. It also found several files located in my "C:\My Shared Folder\" (Kazza lite's sharing folder) that I DID NOT download such as other Win program cracks/keygens like WinACE WinRAR and a couple of CD burning program cracks/keygens that were infected with the same. I DID NOT DOWNLOAD THESE. It also found 2 .tmp files in my Windows\Temp folder, along with another application that I noticed myself that did not look right. The application was named "123.exe". Sounds like a trojan to me, but the virus scanners did not seem to be picking it up (I even tried scanning it before I deleted it). Being as it would not let me delete the .dll files in SYSTEM folder, I booted into safe mode, and was able to delete them then. I also deleted ALL files that came up infected including the Temp files (including 123.exe) and files mysteriously added to the "My Shared Folder" disguised as popular program crack names.

This to me, sounds like an undetectable trojan or virus that is using some kind of sharing application spread. But somehow my virus scanners do not seem to be picking it up even with heuristics enabled. A couple of people told me to run a program called "HiJackThis" on my PC which I did and did not do anything with any of the files as I was also told to just upload the log file here. I posted it in my other reply, and just peformed another scan and here is the entire log file:

Logfile of HijackThis v1.98.2
Scan saved at 2:02:04 PM, on 3/25/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\ESET\NOD32KRN.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMTRAY.EXE
C:\PROGRAM FILES\NETASSISTANT\SMARTBRIDGE\MOTIVESB.EXE
C:\PROGRAM FILES\ESET\NOD32KUI.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\IRIVER\IRIVER MANAGER\UPDATER\UPDATER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freewebtown.com/freesec/thankyou.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: {92E1B3F7-0546-421E-9835-904D25B7BA66} - {C4F147D7-BF25-488E-A12B-EFD43E7029BF} - C:\WINDOWS\SYSTEM\winvbie.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: VisuExplorer - {92E1B3F7-0546-421E-9835-904D25B7BA66} - C:\WINDOWS\SYSTEM\msiev32.dll (file missing)
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [NOD32kernel] "C:\Program Files\Eset\nod32krn.exe"
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
I am just wondering if any one knows what this could be? Could this be a new virus that is currently still undetected? Also what should I do about it?

Any help on this matter would be greatly appreciated!

Thanks alot in advance!!!


Peace.