Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Startpage Trojan


  • Please log in to reply

#1
itchic

itchic

    New Member

  • Member
  • Pip
  • 9 posts
Running Windows 2000 - the following files show up in the Application Event Log.
Virus Found!Virus Name Trajan.StartPage in C:Program Files\WMP\sxe2D.tmp by Manual Scan. Action Clean failed. Leaeve alone Succeeded.
Others found -
sxe15
sxe1D
C:WINNT\sxe19.tmp
When I browse to that directory I do not see the .tmp files.
I ran Adaware and Spybot and CWSredder - nothing returned with this trojan.
Here is my HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 2:55:27 PM, on 3/21/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\S24EvMon.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\SYSTEM32\THOTKEY.EXE
C:\Program Files\TOSHIBA\TME3\Tmesbs3.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv3.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\system32\TPWRTRAY.EXE
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jucheck.exe
C:\Program Files\DynamicAccess AirConnect\Launcher.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4T6HSLSD\HijackThis[1].exe

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV3.EXE /Logon
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS3.EXE /logon
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect /keeploaded
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Startup: AOM.lnk = C:\Program Files\Common Files\Adobe\Web\AOM.exe
O4 - Global Startup: 3Com Launcher.lnk = C:\Program Files\DynamicAccess AirConnect\Launcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .NPSSView: C:\Program Files\Seagate Software\Viewers\ActiveXViewer\NPssView.dll
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {74FB8CE6-912D-46B6-9A87-869B83A71CA8} (BOSIActiveFormX Control) - http://helpdesk.net/...ActiveXGrid.cab
O16 - DPF: {92A0A6CF-2A89-45A4-A3D0-CC13938EE146} (BOSIRichEditX Control) - http://helpdesk.net/...MemoControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = inlfldom1.inlfl.org
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = inlfldom1.inlfl.org
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = inlfldom1.inlfl.org
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Symbol Technologies - C:\WINNT\system32\S24EvMon.exe
O23 - Service: THotkey (THOTKEY) - TOSHIBA Corp. - C:\WINNT\SYSTEM32\THOTKEY.EXE
O23 - Service: Tmesbs3 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs3.exe" /Service (file missing)
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv3.exe" /Service (file missing)
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\WINNT\Pointdev\VNC\WinVNC.exe" -service (file missing)

Please Help - Thx in advance
  • 0

Advertisements


#2
ilago

ilago

    Visiting Staff

  • Visiting Consultant
  • 363 posts
Hi itchic

Can you please do an on line virus scan here http://housecall.tre.../start_corp.asp Select the Autoclean box.

Then download and install the evaluation version of TDS-3 from here http://www.geekstogo...=download&id=45 and the current radius updates from here http://tds.diamondcs...php?page=update

The instructions for the manual installation of the updates is here http://tds.diamondcs...php?page=update.

Open TDS-3 - it will go through a basic system check. When that is complete, go to System and click on Full System Scan. If you have any questions on anything it finds please ask. Not everything it finds will be malicious. Some of it will be harmless.

When all that is completed please post a new HijackThis log so we can have a look at it.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP