Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 20 of 25 Posts

·
Registered
Joined
·
14 Posts
Discussion Starter · #1 ·
hi i tried to follow this thread..
http://forums.techguy.org/archive/t-371014.html
but certain results of mine could not let me apply some instructions on that thread. i am new as well.

-a blue background came on saying i have the Trojan-Spy.HTML.Smitfraud.c

-and a norton antivirus alert keeps popping up every few minutes saying it has detected a virus on my computer
two dialog boxes:
Object Name C:\WINDOWS\SYSTEM32\WININET.DLL
Virus Name Bloodhound.W32.EP
Action Taken Unable to repair this file.

then the second dialog box right after says:
Object Name C:\WINDOWS\SYSTEM32\WININET.DLL
Virus Name Bloodhound.W32.EP
Action Taken Access to the file was denied.

please help! heres my hijack

Logfile of HijackThis v1.99.1
Scan saved at 1:56:09 PM, on 6/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\Office Keyboard\Versato.exe
C:\PROGRA~1\COMMON~1\AOL\111822~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\111822~1\EE\AOLServiceHost.exe
C:\Program Files\Office Keyboard\OSD.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Vince\My Documents\HiJack This\HijackThis.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1118226671\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - Startup: Reboot.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Enable Office Keyboard Driver.lnk = C:\Program Files\Office Keyboard\Versato.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1118223755624
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 

·
Administrator
Joined
·
123,557 Posts
There is nothing malicious showing in the log but we'll go through the process of smitfraud removal.

Please read these instructions carefully and copy them to notepad then save the notepad file to your desktop so you can refer to them. Be sure to follow ALL instructions!

Go here: http://www.filehippo.com/download_ccleaner.html to download and install CCleaner but do NOT use it yet. You will use it later in safe mode.

Go here: http://www.thespykiller.co.uk/files/killbox.exe and download the Killbox and save it to your desktop.

I am attaching a smitfraudfix.zip file. Download it and unzip it to your desktop and have it ready to run later.

Click here to see how to boot into safe mode as you will need to do this later:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

Go to Start - Control Panel - Add or Remove Programs and remove the following programs, if found:

Security IGuard
Virtual Maid
Search Maid
PSGuard


Rescan with Hijack This and put a check by these. Close all browser windows except HijackThis and click "Fix checked"

Restart your computer into safe mode now. Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confirmation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\wp.exe

C:\wp.bmp

C:\bsw.exe

C:\Windows\sites.ini

C:\Windows\popuper.exe

C:\Windows\system32\hhk.dll

C:\Windows\System32\wldr.dll

C:\Windows\System32\helper.exe

C:\Windows\System32\intmon.exe

C:\Windows\System32\shnlog.exe

C:\Windows\System32\intmonp.exe

C:\WINDOWS\System32\winnook.exe

C:\WINDOWS\desktop.html

C:\Windows\System32\msmsgs.exe

C:\Windows\system32\msole32.exe

C:\Windows\System32\ole32vbs.exe

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

Exit the Killbox.

Because XP will not always show you hidden files and folders by default, Go to Start - Search and under "More advanced search options", make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

Next click on My Computer. Go to Tools - Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types". Now click "Apply to all folders". Click "Apply" then "OK"

Find and delete these folders if they exist:

C:\Program Files\Search Maid
C:\Program Files\Virtual Maid
C:\Program Files\Security IGuard
C:\WINDOWS\System32\Services
C:\Windows\System32\Log Files
C:\Program Files\PSGuard

IMPORTANT!: If you forget to run the smitfraud.reg file you will not be able to boot your computer normally. DO NOT forget this step. Locate smitfraudfix.reg on your desktop and double click on it. When asked if you want to merge with the registry click YES. After you receive the prompt "merged successfully", follow the rest of the instructions below.

Start Ccleaner and click Run Cleaner

Go to Control Panel - Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

Restart back into Windows normally now.

Download the Hoster from here: http://www.funkytoad.com/download/hoster.zip. Unzip the file and press "Restore Original Hosts" and press "OK". Exit Program.

Run Panda’s ActiveScan online virus scan from here: http://www.pandasoftware.com/activescan/

When the scan is finished, have it delete anything that it cannot clean. Make a note of the file location of anything that cannot be deleted so you can delete it yourself. Save the results from the scan.

Post a new HiJackThis log along with the results from ActiveScan
 

·
Registered
Joined
·
14 Posts
Discussion Starter · #3 ·
thanks, i believe i've done all that.. heres my Hijack

Logfile of HijackThis v1.99.1
Scan saved at 11:58:38 PM, on 6/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\Office Keyboard\Versato.exe
C:\PROGRA~1\COMMON~1\AOL\111822~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\111822~1\EE\AOLServiceHost.exe
C:\Program Files\Office Keyboard\OSD.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Vince\My Documents\HiJack This\HijackThis.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1118226671\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Startup: Reboot.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Enable Office Keyboard Driver.lnk = C:\Program Files\Office Keyboard\Versato.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1118223755624
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 

·
Registered
Joined
·
14 Posts
Discussion Starter · #5 ·
no more Bloodhound.W32.EP alerts THANKS!!!

but this is the one that shows when it does a scan..

Source: C:\WINDOWS\system32\wininet.dll
Description: The file C:\WINDOWS\system32\wininet.dll is a Security risk threat.
Click for more information about this threat : SecurityRisk.Oleadm

its the same file that caused the popup alert for the Bloodhound.W32.EP

any thoughts?
 

·
Registered
Joined
·
14 Posts
Discussion Starter · #7 ·
Thanks, heres the results of my scan.


-------------------------------------------------------------------------------
KASPERSKY ANTI-VIRUS WEB SCANNER REPORT
Sunday, June 19, 2005 01:45:35
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Anti-Virus Web Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 19/06/2005
Kaspersky Anti-Virus database records: 126849
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 48415
Number of viruses found: 12
Number of infected objects: 30
Number of suspicious objects: 1
Duration of the scan process: 7377 sec

Infected Object Name - Virus Name
C:\Program Files\Norton AntiVirus\Quarantine\00BC389E.tmp Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\265A10B0.tmp Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\31F271AE.tmp Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\3A693469.tmp Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\3BB343EE.htm Infected: Trojan-Downloader.JS.Psyme.an
C:\Program Files\Norton AntiVirus\Quarantine\3BB343EE.jar/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\3BB343EE.jar/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\3BB343EE.jar/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\3BB343EE.jar Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\3BFB5F9F.htm Infected: Trojan-Downloader.JS.Psyme.an
C:\Program Files\Norton AntiVirus\Quarantine\3C0B318D.jar/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\3C0B318D.jar/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\3C0B318D.jar/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\3C0B318D.jar Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\3D8637EC.cla Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\3D8637EC.exe Infected: Virus.Win32.Bube.l
C:\Program Files\Norton AntiVirus\Quarantine\3DBE01AF.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\3F3C5F1C.tmp Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\43004601.tmp Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\45A05D02.tmp Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\45BC6646.tmp Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\468E55FC.tmp Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\5C1D7917.tmp Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\60664F7B.tmp Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\66D0066C.tmp Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\69371051.cla Infected: Trojan.Java.Femad
C:\Program Files\Norton AntiVirus\Quarantine\69371051.exe Infected: Virus.Win32.Bube.l
C:\System Volume Information\_restore{8F1CBF70-72D7-4885-A195-AABF3E98B4D6}\RP57\A0017853.exe Infected: Trojan-Downloader.Win32.INService.gen
C:\System Volume Information\_restore{8F1CBF70-72D7-4885-A195-AABF3E98B4D6}\RP57\A0017854.exe Infected: Trojan.Win32.Agent.eo
C:\System Volume Information\_restore{8F1CBF70-72D7-4885-A195-AABF3E98B4D6}\RP57\A0017868.exe Infected: Trojan-Downloader.Win32.INService.gen
C:\System Volume Information\_restore{8F1CBF70-72D7-4885-A195-AABF3E98B4D6}\RP57\A0017870.exe Infected: Trojan.Win32.Agent.eo

Scan process completed.
 

·
Administrator
Joined
·
123,557 Posts
Most of those are quanrantined Norton files so no danger and the rest are in system restore.

Turn off system restore to flush out all restore points. Leave it off for now, we will turn it back on when we're sure the machine is clean.

Does this C:\WINDOWS\system32\wininet.dll still show when you do a scan?
 

·
Registered
Joined
·
14 Posts
Discussion Starter · #13 ·
well i could not download the new wininet.dll file Winrar said it already existed. it said:

The following file already exists
wininet.dll

Would you like to replace the existing file?
657,920 bytes
modified on 5/2/2005 1:52PM

with this one?
583,680 bytes
modified on 8/17/2001 10:34PM
--------------------------------

then when i try it says this
! C:\Documents and Settings\Vince\Desktop\wininet.zip: Cannot create wininet.dll
Access is denied.

i just bought this computer 2 1/2 weeks ago. heres my hijack.

Logfile of HijackThis v1.99.1
Scan saved at 4:26:16 PM, on 6/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\COMMON~1\AOL\111822~1\EE\AOLHOS~1.EXE
C:\Program Files\NetLimiter\NetLimiter.exe
C:\PROGRA~1\COMMON~1\AOL\111822~1\EE\AOLServiceHost.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\Office Keyboard\Versato.exe
C:\Program Files\Office Keyboard\OSD.EXE
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\Vince\My Documents\HiJack This\HijackThis.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1118226671\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Startup: Reboot.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Enable Office Keyboard Driver.lnk = C:\Program Files\Office Keyboard\Versato.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1118223755624
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 

·
Registered
Joined
·
14 Posts
Discussion Starter · #15 ·
everything is running normal. a little slow since i've download all the programs in such a short time. think i needa defrag? oh and i forgot to do that turn off system restore thing. how do i do that? i kno run msconfig theres a LAUNCH system restore, but i dont know how to turn system restore off.?
 

·
Administrator
Joined
·
123,557 Posts
Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

To turn off system restore, on the Desktop, right click on My Computer and click on Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a new restore point, click on Start - All Programs - Accessories - System Tools and then select System Restore.

In the System Restore wizard, select "Create a restore point" and click the Next button.

Type a name for your new restore point then click on Create.

I also recommend downloading SPYWAREBLASTER & SPYWAREGUARD, for added protection.

http://www.javacoolsoftware.com/spywareblaster.html

Read here to see how to tighten your security:

http://forums.techguy.org/t208517.html

Delete your temporary files:

In safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit - Select All then Edit - Delete to delete the entire contents of the Temp folder.

Go to Start - Run and type %temp% in the Run box. The Temp folder will open. Click Edit - Select All then Edit - Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel - Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

Empty the recycle bin.
 

·
Registered
Joined
·
14 Posts
Discussion Starter · #17 ·
When i right click on the recycling bin, theres an option to "Empty Norton Protected Files" and when i select it it says:

"There are 1,124 protected files total on drive C.

You have 533 protected files on drive C."

[Purge Yours] [Purge All] [Cancel]

and of course I hit cancel to ask what this is.
 

·
Registered
Joined
·
14 Posts
Discussion Starter · #18 ·
OMG! i was trying to do a HiJack to show you my latest log and when i tried to open HiJack it said there was a virus!

File: HiJackThis.exe

Virus name: W32/Generic.worm!p2p

File path: C:\Documents and Settings\Vince\My Documents\HiJack This

What do i do?!

Im doing a scan right now, ill update you in a bit.
 

·
Registered
Joined
·
14 Posts
Discussion Starter · #20 ·
ya i tried downloading other forms of Hijack and that virus still pops up and i can't open any kind of Hijack whether it be standalone, zip or selfextracting, an alert pops up saying its that virus and quarantines it. here are my scans

Kaspersky:

-------------------------------------------------------------------------------
KASPERSKY ANTI-VIRUS WEB SCANNER REPORT
Friday, June 24, 2005 03:19:18
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Anti-Virus Web Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 24/06/2005
Kaspersky Anti-Virus database records: 127531
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 39762
Number of viruses found: 11
Number of infected objects: 27
Number of suspicious objects: 2
Duration of the scan process: 9493 sec

Infected Object Name - Virus Name
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTsvc.zip/istsvc.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechISTsvc.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\Vince\Local Settings\Temp\GLF101GLF101.EXE/WISE0007.BIN Infected: Trojan-Downloader.Win32.TSUpdate.j
C:\Documents and Settings\Vince\Local Settings\Temp\GLF101GLF101.EXE Infected: Trojan-Downloader.Win32.TSUpdate.j
C:\Documents and Settings\Vince\Local Settings\Temp\optimize.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\Documents and Settings\Vince\Local Settings\Temp\switch.exe Infected: Trojan-Downloader.Win32.IstBar.gen
C:\Documents and Settings\Vince\Local Settings\Temp\targetsaver.exe/WISE0007.BIN Infected: Trojan-Downloader.Win32.TSUpdate.j
C:\Documents and Settings\Vince\Local Settings\Temp\targetsaver.exe Infected: Trojan-Downloader.Win32.TSUpdate.j
C:\Documents and Settings\Vince\Local Settings\Temp\tsinstall_4_0_3_8_b17.exe/WISE0010.BIN Infected: Trojan-Downloader.Win32.TSUpdate.k
C:\Documents and Settings\Vince\Local Settings\Temp\tsinstall_4_0_3_8_b17.exe/WISE0011.BIN Infected: Trojan-Downloader.Win32.TSUpdate.j
C:\Documents and Settings\Vince\Local Settings\Temp\tsinstall_4_0_3_8_b17.exe/WISE0012.BIN Infected: Trojan-Downloader.Win32.TSUpdate.l
C:\Documents and Settings\Vince\Local Settings\Temp\tsinstall_4_0_3_8_b17.exe Infected: Trojan-Downloader.Win32.TSUpdate.l
C:\Documents and Settings\Vince\Local Settings\Temporary Internet Files\Content.IE5\17NB558E\istsvc[1].exe Infected: Trojan-Downloader.Win32.IstBar.gen
C:\Documents and Settings\Vince\Local Settings\Temporary Internet Files\Content.IE5\1Z7RD5KA\sidefind[1].exe Infected: Trojan-Downloader.Win32.IstBar.jm
C:\Documents and Settings\Vince\Local Settings\Temporary Internet Files\Content.IE5\XJ3RTDWE\optimize[1].exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\Documents and Settings\Vince\Local Settings\Temporary Internet Files\Content.IE5\YTHEJ694\nem220[1].dll Infected: Trojan-Downloader.Win32.Dyfuca.gen
C:\Documents and Settings\Vince\Local Settings\Temporary Internet Files\Content.IE5\YTHEJ694\targetsaver[1].exe/WISE0007.BIN Infected: Trojan-Downloader.Win32.TSUpdate.j
C:\Documents and Settings\Vince\Local Settings\Temporary Internet Files\Content.IE5\YTHEJ694\targetsaver[1].exe Infected: Trojan-Downloader.Win32.TSUpdate.j
C:\Program Files\BitComet\Downloads\McAfee Anti-Virus 2005 with serial.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.gen
C:\Program Files\BitComet\Downloads\McAfee Anti-Virus 2005 with serial.exe Infected: Trojan-Downloader.Win32.IstBar.gen
C:\Program Files\BitComet\Downloads\Tila Nguyen - Cute, Tight, and Naked (Self-Extracting Zip).exe.bc!/data0001 Infected: Trojan-Downloader.Win32.Agent.oz
C:\Program Files\BitComet\Downloads\Tila Nguyen - Cute, Tight, and Naked (Self-Extracting Zip).exe.bc! Infected: Trojan-Downloader.Win32.Agent.oz
C:\Program Files\Common Files\mfwz\mfwza.exe Infected: Trojan-Downloader.Win32.TSUpdate.l
C:\Program Files\Common Files\mfwz\mfwzl.exe Infected: Trojan-Downloader.Win32.TSUpdate.j
C:\Program Files\Common Files\mfwz\mfwzm.exe Infected: Trojan-Downloader.Win32.TSUpdate.k
C:\System Volume Information\_restore{8F1CBF70-72D7-4885-A195-AABF3E98B4D6}\RP3\A0000141.exe Infected: Virus.Win32.Bube.l
C:\System Volume Information\_restore{8F1CBF70-72D7-4885-A195-AABF3E98B4D6}\RP3\A0000142.exe Infected: Virus.Win32.Bube.l
C:\System Volume Information\_restore{8F1CBF70-72D7-4885-A195-AABF3E98B4D6}\RP3\A0000143.dll Infected: Virus.Win32.Nsag.a
C:\System Volume Information\_restore{8F1CBF70-72D7-4885-A195-AABF3E98B4D6}\RP3\A0000193.dll Infected: Trojan-Downloader.Win32.Dyfuca.gen

Scan process completed.

Panda Activescan:

Incident Status Location

Adware:Adware/SideFind No disinfected C:\PROGRA~1\COMMON~1\mfwz\mfwzm.exe
Adware:Adware/SideFind No disinfected C:\PROGRA~1\COMMON~1\mfwz\mfwza.exe
Adware:Adware/Sqwire No disinfected C:\PROGRA~1\COMMON~1\mfwz\mfwzd\mfwzc.dll
Adware:Adware/SideFind No disinfected C:\PROGRA~1\COMMON~1\mfwz\mfwzm.exe
Spyware:Spyware/ISTbar No disinfected C:\Program Files\Daily Weather Forecast
Adware:Adware/Sqwire No disinfected Windows Registry
Adware:Adware/SideFind No disinfected C:\Program Files\SideFind
Adware:Adware/NavHelper No disinfected C:\Program Files\Ares
Spyware:Spyware/YourSiteBar No disinfected C:\Program Files\YourSiteBar
Adware:Adware/Smitfraud No disinfected Windows Registry
Adware:Adware/PsGuard No disinfected C:\Documents and Settings\Vince\Application Data\PSGuard.com
Adware:Adware/PsGuard No disinfected C:\Program Files\Common Files\AOL\ACS\resource.dll
Adware:Adware/SideFind No disinfected C:\Program Files\Common Files\mfwz\mfwza.exe
Adware:Adware/Sqwire No disinfected C:\Program Files\Common Files\mfwz\mfwzd\mfwzc.dll
Adware:Adware/SideFind No disinfected C:\Program Files\Common Files\mfwz\mfwzl.exe
Adware:Adware/SideFind No disinfected C:\Program Files\Common Files\mfwz\mfwzm.exe
Adware:Adware/SideFind No disinfected C:\Program Files\Common Files\mfwz\mfwzp.exe
Adware:Adware/SideFind No disinfected C:\Program Files\SideFind\sfbho.dll
Adware:Adware/Sqwire No disinfected C:\WINDOWS\system32\tsuninst.exe
 
1 - 20 of 25 Posts
Status
Not open for further replies.
Top