Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Apropo C Downloader HijackThis log [CLOSED]


  • This topic is locked This topic is locked

#1
Island-Girl

Island-Girl

    Member

  • Member
  • PipPip
  • 29 posts
Hello,

I keep getting a AGV message from REsident shield that my computer is infected with Apropo.c. AGV will not remove it, or even find it during a scan.

I turned on show hidden files and folders and Have Spyware Blaster.

Please look at my log and Help. The popups and slow internet speed are driving me crazy.

Thank you kindly

C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\s3hotkey.exe
C:\WINDOWS\System32\S3Tray2.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\PROGRA~1\MICROS~3\Office\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [S3Hotkey] s3hotkey.exe
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [CMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

Edited by Island-Girl, 10 May 2004 - 09:48 PM.

  • 0

Advertisements


#2
ditto

ditto

    - i pwn n00bs -

  • Member
  • PipPipPipPip
  • 1,260 posts
Try running these following scanners

Trojan Scan:
Click Here to download The Cleaner

Virus Scan:
Click Here to run Online Scan
  • 0

#3
Island-Girl

Island-Girl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
HI,

Been doing the online scan from Trend Micro for the past two hours.

will try the others tomorrow.

thanks
  • 0

#4
ditto

ditto

    - i pwn n00bs -

  • Member
  • PipPipPipPip
  • 1,260 posts
Try running the scans while in safe mode (tap F8 while your computer is rebooting)
  • 0

#5
Island-Girl

Island-Girl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Tried the scans after starting in safe mode. Nothing showed up.

Here is my latest Hijackthis log

Logfile of HijackThis v1.97.7
Scan saved at 4:50:40 PM, on 5/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [S3Hotkey] s3hotkey.exe
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [CMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab


Had Outlook freeze up continually late last night and this afternoon. Also have 100% CPU usage. Did have Resident Shield pick up the Apropo C Downlaoder when i started computer this afternoon.

Any assistance would be appreciated.
  • 0

#6
Island-Girl

Island-Girl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hi,

The AGV REsident Shield is still picking up the Apropo C. Downloader. AGV virus scan is not picking it up even in safe mode. Computer is running really slow and crashing a lot. This is not good as it is a temporary business computer.

any ideas, anyone?

thanks
  • 0

#7
ditto

ditto

    - i pwn n00bs -

  • Member
  • PipPipPipPip
  • 1,260 posts
try disabling system restore, restart computer, then enable it again
  • 0

#8
Island-Girl

Island-Girl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hello again,

I disabled system restore, restarted the computer in safe mode. Could not get AGV to run. Could not connect to internet while in safe mode so I could not do the trend Micro online scan.

Was able to do AGV scan while in safe mode.
It did catch a new Trojan.

RCYCWRMLJ.EXE Removed to virus vault 5/15/04

The following viruses were also in the virus vault:
AproposC Removed to Virus Vault 5/5/04
Wipemeet.ddl Removed to virus vault 5/6/04
Site.exe Removed to virus vault 5/5/04
Warn.exe Removed to virus vault 5/8/04

Even though it says the AproposC has been removed to virus vault I am continually getting warnings from Resident shield about it.

The following files are infected:
Msr.ex
Msdos.exe
Winshow.ddl

What should I do, if anything, about those files being infected?
Most of my problems started around may 5th.

Below is my latest HijackThis log.

Thankyou very much.

Logfile of HijackThis v1.97.7
Scan saved at 1:37:32 PM, on 5/15/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\System32\s3hotkey.exe
C:\WINDOWS\System32\S3Tray2.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\MICROS~3\Office\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Documents and Settings\.........\Local Settings\Temp\Temporary Directory 10 for hijackthis.zip\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [S3Hotkey] s3hotkey.exe
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [CMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
  • 0

#9
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts

The following viruses were also in the virus vault:
AproposC Removed to Virus Vault 5/5/04
Wipemeet.ddl Removed to virus vault 5/6/04
Site.exe Removed to virus vault 5/5/04
Warn.exe Removed to virus vault 5/8/04

Delete these files from your virus vault. <_<
  • 0

#10
Island-Girl

Island-Girl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Done,

Now what?

thanks
  • 0

Advertisements


#11
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
I Resident Shield still giving warnings?
  • 0

#12
Island-Girl

Island-Girl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
No, it hasn;t for a few hours.

Did let AGV run this eveing and nothing new showed up.

Is there anything else I can do to protect my computer short of installing a firewall? REally need this computer to run smoothly now.

Thank you for all of your help. You guys are the greatest!
  • 0

#13
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
ZoneAlarm is a pretty good firewall, and they offer a free version.

We strongly recommend installing SpywareBlaster (it's free for personal use). Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.
Link to SpywareBlaster: http://www.geekstogo...tion=show&id=12

It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here to make sure that you have the latest patches for Windows.
  • 0

#14
Island-Girl

Island-Girl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Thank you so much for the help. System seems to be running better, yet not perfect.

I do have Spyware Blaster and keep it up to date. Also dowlaod the latest Windows updates.

Thanks again.
  • 0

#15
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
What type of problems remain?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP