Tech Support Guy banner
Status
Not open for further replies.
1 - 4 of 4 Posts

·
Registered
Joined
·
2 Posts
Discussion Starter · #1 ·
hello there, i have done some searching and found that many have had this problem, i see that usually people download hijackthis and then shows the log file here, and hopefully somebody can help :p

well this is the log (1 hour old winxp install)

Logfile of HijackThis v1.97.7
Scan saved at 16:42:23, on 31-03-2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svhosts.exe
C:\WINDOWS\System32\explore.exe
C:\WINDOWS\System32\esoh123.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kim\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Microsoft Firewall Service] svhosts.exe
O4 - HKLM\..\Run: [Video] explore.exe
O4 - HKLM\..\Run: [esoh] esoh123.exe
O4 - HKLM\..\RunServices: [Microsoft Firewall Service] svhosts.exe
O4 - HKLM\..\RunServices: [Video] explore.exe
O4 - HKLM\..\RunServices: [esoh] esoh123.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/threatinfo/virusinfo/webscan.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38077.2305208333
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

i hope someone can tell me what is wrong, also i´m pretty sure i have the blaster virus since i get the NT/System shutdown every once in awhile. but im still trying to update windows for that one..

Kim Jørgensen
 

·
Registered
Joined
·
2 Posts
Discussion Starter · #3 ·
oh i have run a few.. i tried a few online ones aswell, just tried norton antivirus 2004 trial, they usually find a trojan or 2, but they clean it. ag bot something.. i think it was called..
 

·
Premium Member
Joined
·
52,926 Posts
What you need is to install an antivirus program on your computer. Norton Antivirus is good, AVG is good and free: www.grisoft.com

These are the virus entries:
O4 - HKLM\..\Run: [Microsoft Firewall Service] svhosts.exe
O4 - HKLM\..\Run: [Video] explore.exe
O4 - HKLM\..\Run: [esoh] esoh123.exe
O4 - HKLM\..\RunServices: [Microsoft Firewall Service] svhosts.exe
O4 - HKLM\..\RunServices: [Video] explore.exe
O4 - HKLM\..\RunServices: [esoh] esoh123.exe

Remove them from Hijackthis and then boot into Safe Mode, find and dlete the actual files. Symantec provides removal tools and great instructions; I would recommend going to their website and doing a full online scan which will tell you what viruses you have, then find any removal tools or instructions they have and remove the viruses.

Here's some that may apply:
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.e.html
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.af.html
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.g.html
 
1 - 4 of 4 Posts
Status
Not open for further replies.
Top