Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

w32 downloader.AYEN


  • Please log in to reply

#1
sean m

sean m

    New Member

  • Member
  • Pip
  • 1 posts
I've gotten some msgs from postmaster at bellsouth that an email was returned due to:

Reason: virus detected (/mxl/spool/fd/fdcf1b54.623451056.739.mxm19aec/BASEFILE.virus.out.att.03->(UPX) is a security risk named W32/Downloader.AYEN)

I've run Spybot S&S, Ad-Aware, and Bazooka....nothing seems to find it. In searching on the internet,
this Downloader.AYEN can be called several different things.

Here is my Hijack file

ogfile of HijackThis v1.99.1
Scan saved at 2:32:26 PM, on 1/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BellSouth\BellSouth Internet Security\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\Microsoft Shared\pse7\Srnappp7.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe
C:\Program Files\BellSouth\BellSouth Internet Security\Rps.exe
C:\Program Files\Miller Direct Connect\4072598\Program\Miller Direct Connect.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\sean\LOCALS~1\Temp\Temporary Directory 5 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\BellSouth\BellSouth Internet Security\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\BellSouth\BellSouth Internet Security\FBHR.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\SYSTEM32\TwcToolbarBho.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\SYSTEM32\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [BellSouthAlertManager.exe] C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe
O4 - HKLM\..\Run: [BellSouth Internet Security] "C:\Program Files\BellSouth\BellSouth Internet Security\Rps.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Miller Direct Connect.lnk = C:\Program Files\Miller Direct Connect\4072598\Program\Miller Direct Connect.exe
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} - http://host.cycore.net/Cult.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1136905902828
O17 - HKLM\System\CCS\Services\Tcpip\..\{E08F916D-2019-41DA-B317-0BDE7994316B}: NameServer = 192.0.3.50
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\BellSouth\BellSouth Internet Security\fws.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IgniteService - Unknown owner - C:\Program Files\Miller Direct Connect\4072598\Program\IgniteService.exe" -Service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Srnappp7 - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\pse7\Srnappp7.exe
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP