How to remove trojan downloader [CLOSED], dfrgsrv.exe (trojan downloader.zlob.260) |
Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.
  |
 Mar 12 2006, 07:45 AM
Post
#1
|
|
|
New Member  Posts: 2 OS: xp  |
Please kindly assist me. thank you. Eiwdo anti malware report |
 |
 
|
|
Mar 12 2006, 09:00 AM
Post
#2
|
|
|
New Member Posts: 2 OS: xp |
Dear Sir,
Can u instruct me of the best way to remove this trojan . I've followed your steps listed on site and below is the log file of hijackthis. Note I've disabled internet explorer and I'm presently using Firefox. I ran trojan hunter just before hijackthis and it found the trojan indicated above of cousre it could not be deleted because it is being used. thank you Logfile of HijackThis v1.99.1 Scan saved at 14:50:27, on 12/03/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINNT\system32\gearsec.exe C:\WINNT\System32\nvsvc32.exe C:\WINNT\System32\svchost.exe C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe C:\WINNT\System32\wdfmgr.exe C:\WINNT\Explorer.EXE C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe C:\Program Files\VoyagerTest\fts.exe C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\AOL\1131621337\ee\AOLHostManager.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe C:\Program Files\Eraser\eraser.exe C:\Program Files\Shareaza\Shareaza.exe C:\Program Files\Common Files\AOL\1131621337\ee\AOLServiceHost.exe C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe c:\program files\common files\aol\1131621337\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe C:\Program Files\Common Files\AOL\1131621337\ee\AOLServiceHost.exe C:\WINNT\System32\wbem\wmiprvse.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINNT\System32\wuauclt.exe C:\WINNT\System32\taskmgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\TrojanHunter 4.2\TrojanHunter.exe C:\My Documents\SOFTWARE\My Download Files\AntiVirus\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe" O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131621337\ee\AOLHostManager.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe" O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: Go!Zilla.lnk = C:\Program Files\Go!Zilla\gozilla.exe O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesuk.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesuk.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/06b5a6fef02d4d...ip/RdxIE601.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1133105818076 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9F026EF1-C56F-4370-BB43-FF9FF5858E02}: NameServer = 205.188.146.145 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: winfuq32 - winfuq32.dll (file missing) O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AVSync Manager (AvSynMgr) - Networks Associates Technologies, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\system32\gearsec.exe O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZONELABS\vsmon.exe |
|
|
|
|
Mar 12 2006, 09:16 AM
Post
#3
|
|
 Malware Expert  Posts: 16,459 From: New York OS: Windows 98, XP, Vista, Mac OS X |
Please do not post duplicate topics...topics merged.
You must install XP SP1a http://www.microsoft.com/windowsxp/downloa...p1/default.mspx (hold off on SP2 until your computer is clean). Without SP1a, you are wide open to re-infection. When you are done, restart and run a new HijackThis scan. Post that log here. |
|
|
|
|
Apr 15 2006, 10:48 AM
Post
#4
|
|
|
Malware Expert Posts: 16,459 From: New York OS: Windows 98, XP, Vista, Mac OS X |
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic. |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
Similar Topics
| Topic Title | Replies / Views | Topic Information | |||||
|---|---|---|---|---|---|---|---|
 |
2 / 756 | 25th September 2005 - 08:49 AM sos1 started - last by Buckeye_Sam |
|||||
|
4 / 5,450 | 18th March 2008 - 07:41 PM anna regina started - last by OwNt |
|||||
|
0 / 617 | 2nd September 2008 - 11:18 AM Sys Rq started - last by Sys Rq |
|||||
 |
25 / 1,869 | 3rd November 2008 - 11:09 PM beefheart_1 started - last by Jimmy2012 |
|||||
|
Time is now: 6th January 2009 - 07:19 AM |
| Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. |
