Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojanhorse Downloader etc

Started by ingemushi , Apr 18 2007 01:44 AM

  • Please log in to reply

#1
ingemushi
Posted 18 April 2007 - 01:44 AM

ingemushi

    New Member

  • Member
  • Pip
  • 1 posts
My virus program AVG keeps on giving me the same threat warning over and over even when I heal or move it to vault. ie: Trojanhorse Downloader. Generic 3Zim, Trojanhorse Clicker EOD (2 different files) Tojanhorse Donwloader Generic 4CLB

I have followed the steps in you must read this before posting.

This is my Hijack log

ogfile of HijackThis v1.99.1
Scan saved at 09:13:26 AM, on 2007/04/18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\System\msnmsgr8.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\GEEKS\HijackThis.exe

R3 - URLSearchHook: MyUrlSrcHook Class - {D2A5245A-B682-4C26-A507-173A774B2E70} - C:\WINDOWS\DOWNLO~1\CnsMinIdn.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Update] C:\Program Files\Common Files\System\msnmsgr8.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: JWordでウェブ検索(&J) - res://C:\WINDOWS\DOWNLO~1\CnsMin.dll/203
O8 - Extra context menu item: Visit &japanese keywords - res://C:\WINDOWS\DOWNLO~1\CnsMin.dll/203
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.co.../AttachMail.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{44EDA4B6-740B-4E55-A677-04D53DDF34D3}: NameServer = 196.25.1.11,196.43.1.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF7DD763-93E2-4A3B-A4B6-ED17C2927713}: NameServer = 196.25.1.11,196.43.1.11
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

This is the UNINSTALL list from Hijackthis

Active Desktop Calendar 6.6
Adobe Flash Player 9 ActiveX
Adobe Reader 8
Adobe Shockwave Player
AdobeR PhotoshopR Album Starter Edition 3.0
Apple Software Update
AVG 7.5
AVG Anti-Spyware 7.5
BitComet 0.70
Data Lifeguard Tools
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Doom 3
Dual Mode USB Camera Plus
Easy CD Creator 5 Basic
EasyRecovery Professional
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_07
Java 2 SDK, SE v1.4.2_07
LimeWire PRO 4.12.3
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (2.0.0.3)
Nero 7 Ultra Edition
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
Panda ActiveScan
QuickTime
ReadWrite Hiragana version 1.1
RealPlayer
Realtek AC'97 Audio
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Skype 3.1
Skype add-on for IE
Skype Plugin Manager
Speech Redistributables
Striata Reader
SUPERAntiSpyware Free Edition
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB929338)
Update for Windows XP (KB931836)
VideoLAN VLC media player 0.8.6
VoipBuster
VoIPVoice Integration
WD Diagnostics
Windows Defender
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
XviD 1.1 final uninstall

I hope I have covered everything I need to. If I have missed something let me know please. Also the same threat detected keeps on coming up and then when I click on heal it shows healed, but a few minutes later repeats itself.

See virus vault list below

Trojan horse Downloader.Generic3.ZIM C:\nnwoyddm.exe 2007/04/17 21:57 nnwoyddm.exe 7 KB
Trojan horse Clicker.EOD C:\qhaybg.exe 2007/04/17 21:57 qhaybg.exe 47 KB
Trojan horse Downloader.Generic3.ZIM C:\Documents and Settings\Machida\Local Settings\Temporary Internet Files\Content.IE5\LQQSYUW3\mfxlrobl[1].htm 2007/04/17 22:52 mfxlrobl[1].htm 7 KB
Trojan horse Clicker.EOD C:\qhaybg.exe 2007/04/17 22:56 qhaybg.exe 47 KB
Trojan horse Downloader.Generic3.ZIM C:\nnwoyddm.exe 2007/04/17 22:52 nnwoyddm.exe 7 KB
Trojan horse Downloader.Generic3.ZIM C:\nnwoyddm.exe 2007/04/17 22:13 nnwoyddm.exe 7 KB
Trojan horse Clicker.EOD C:\qhaybg.exe 2007/04/17 22:52 qhaybg.exe 47 KB
Trojan horse Downloader.Generic3.ZIM C:\Documents and Settings\Machida\Local Settings\Temporary Internet Files\Content.IE5\5QF73ND2\mfxlrobl[2].htm 2007/04/17 22:13 mfxlrobl[2].htm 7 KB
Trojan horse Clicker.EOD C:\qhaybg.exe 2007/04/17 22:13 qhaybg.exe 47 KB
Trojan horse Clicker.EOD C:\Documents and Settings\Machida\Local Settings\Temporary Internet Files\Content.IE5\B8OV84C1\czpgdnjtdq[2].htm 2007/04/17 22:53 czpgdnjtdq[2].htm 2 KB
Trojan horse Clicker.EOD C:\Documents and Settings\Machida\Local Settings\Temporary Internet Files\Content.IE5\B8OV84C1\czpgdnjtdq[1].htm 2007/04/17 22:13 czpgdnjtdq[1].htm 47 KB
Trojan horse Downloader.Generic3.ZIM C:\nnwoyddm.exe 2007/04/17 19:56 nnwoyddm.exe 7 KB
Trojan horse Downloader.Generic3.ZIM C:\Documents and Settings\Machida\Local Settings\Temporary Internet Files\Content.IE5\LQQSYUW3\mfxlrobl[1].htm 2007/04/17 19:56 mfxlrobl[1].htm 7 KB
Trojan horse Downloader.Generic4.CLB C:\fjlooi.exe 2007/04/17 22:13 fjlooi.exe 1.97 KB
Trojan horse Clicker.EOD C:\qhaybg.exe 2007/04/17 19:56 qhaybg.exe 47 KB
Trojan horse Clicker.EOD C:\Documents and Settings\Machida\Local Settings\Temporary Internet Files\Content.IE5\AH2M6EIJ\czpgdnjtdq[1].htm 2007/04/17 19:56 czpgdnjtdq[1].htm 47 KB
Trojan horse Downloader.Generic3.ZIM C:\nnwoyddm.exe 2007/04/17 21:46 nnwoyddm.exe 7 KB
Trojan horse Downloader.Generic3.ZIM C:\Documents and Settings\Machida\Local Settings\Temporary Internet Files\Content.IE5\LQQSYUW3\mfxlrobl[1].htm 2007/04/17 21:46 mfxlrobl[1].htm 7 KB
Trojan horse Downloader.Generic4.CLB C:\fjlooi.exe 2007/04/17 22:56 fjlooi.exe 1.97 KB
Trojan horse Clicker.EOD C:\qhaybg.exe 2007/04/17 21:46 qhaybg.exe 47 KB
Trojan horse Clicker.EOD C:\Documents and Settings\Machida\Local Settings\Temporary Internet Files\Content.IE5\B8OV84C1\czpgdnjtdq[1].htm 2007/04/17 21:46 czpgdnjtdq[1].htm 47 KB
Trojan horse Downloader.Generic4.CLB C:\fjlooi.exe 2007/04/17 19:57 fjlooi.exe 1.97 KB
Trojan horse Downloader.Generic3.ZIM C:\nnwoyddm.exe 2007/04/18 06:39 nnwoyddm.exe 7 KB
Trojan horse Clicker.EOD C:\qhaybg.exe 2007/04/18 06:39 qhaybg.exe 47 KB
Trojan horse Clicker.EOD C:\Documents and Settings\Machida\Local Settings\Temporary Internet Files\Content.IE5\B8OV84C1\czpgdnjtdq[1].htm 2007/04/18 06:39 czpgdnjtdq[1].htm 47 KB
Trojan horse Downloader.Generic4.CLB C:\fjlooi.exe 2007/04/18 06:39 fjlooi.exe 1.97 KB
Trojan horse Downloader.Generic4.CLB C:\fjlooi.exe 2007/04/17 21:46 fjlooi.exe 1.97 KB
Trojan horse Clicker.EOD C:\qhaybg.exe 2007/04/18 09:23 qhaybg.exe 47 KB
Trojan horse Clicker.EOD C:\Documents and Settings\Machida\Local Settings\Temporary Internet Files\Content.IE5\AH2M6EIJ\czpgdnjtdq[1].htm 2007/04/18 09:23 czpgdnjtdq[1].htm 47 KB
Trojan horse Downloader.Generic4.CLB C:\fjlooi.exe 2007/04/18 09:24 fjlooi.exe 1.97 KB
Trojan horse Downloader.Generic3.ZIM C:\nnwoyddm.exe 2007/04/17 22:01 nnwoyddm.exe 7 KB
Trojan horse Downloader.Generic3.ZIM C:\Documents and Settings\Machida\Local Settings\Temporary Internet Files\Content.IE5\5QF73ND2\mfxlrobl[1].htm 2007/04/17 23:00 mfxlrobl[1].htm 7 KB
Trojan horse Downloader.Generic3.ZIM C:\nnwoyddm.exe 2007/04/17 23:00 nnwoyddm.exe 7 KB
Trojan horse Clicker.EOD C:\Documents and Settings\Machida\Local Settings\Temporary Internet Files\Content.IE5\B8OV84C1\czpgdnjtdq[2].htm 2007/04/17 23:00 czpgdnjtdq[2].htm 47 KB
Trojan horse Clicker.EOD C:\Documents and Settings\Machida\Local Settings\Temporary Internet Files\Content.IE5\B8OV84C1\czpgdnjtdq[1].htm 2007/04/17 22:01 czpgdnjtdq[1].htm 47 KB
Trojan horse Clicker.EOD C:\qhaybg.exe 2007/04/17 23:00 qhaybg.exe 47 KB
Trojan horse Clicker.EOD C:\qhaybg.exe 2007/04/17 22:02 qhaybg.exe 47 KB
Trojan horse Clicker.EOD C:\Documents and Settings\Machida\Local Settings\Temporary Internet Files\Content.IE5\B8OV84C1\czpgdnjtdq[1].htm 2007/04/17 23:00 czpgdnjtdq[1].htm 47 KB
Trojan horse Downloader.Generic4.CLB C:\fjlooi.exe 2007/04/17 22:02 fjlooi.exe 1.97 KB
Trojan horse Downloader.Generic4.CLB C:\fjlooi.exe 2007/04/17 20:01 fjlooi.exe 1.97 KB
Trojan horse Clicker.EOD C:\qhaybg.exe 2007/04/17 20:01 qhaybg.exe 47 KB
Trojan horse Downloader.Generic3.ZIM C:\nnwoyddm.exe 2007/04/18 06:44 nnwoyddm.exe 7 KB
Trojan horse Downloader.Generic3.ZIM C:\Documents and Settings\Machida\Local Settings\Temporary Internet Files\Content.IE5\5QF73ND2\mfxlrobl[1].htm 2007/04/18 09:26 mfxlrobl[1].htm 7 KB
Trojan horse Downloader.Generic3.ZIM C:\Documents and Settings\Machida\Local Settings\Temporary Internet Files\Content.IE5\B8OV84C1\mfxlrobl[2].htm 2007/04/18 06:44 mfxlrobl[2].htm 7 KB
Trojan horse Clicker.EOD C:\qhaybg.exe 2007/04/18 06:44 qhaybg.exe 47 KB
Trojan horse Clicker.EOD C:\Documents and Settings\Machida\Local Settings\Temporary Internet Files\Content.IE5\5QF73ND2\czpgdnjtdq[1].htm 2007/04/18 06:45 czpgdnjtdq[1].htm 47 KB
Trojan horse Downloader.Generic4.CLB C:\fjlooi.exe 2007/04/18 06:45 fjlooi.exe 1.97 KB
Trojan horse Clicker.EOD C:\qhaybg.exe 2007/04/17 22:35 qhaybg.exe 47 KB
Trojan horse Downloader.Generic3.ZIM C:\Documents and Settings\Machida\Local Settings\Temporary Internet Files\Content.IE5\B8OV84C1\mfxlrobl[1].htm 2007/04/18 09:27 mfxlrobl[1].htm 7 KB
Trojan horse Clicker.EOD C:\qhaybg.exe 2007/04/18 09:27 qhaybg.exe 47 KB
Trojan horse Clicker.EOD C:\Documents and Settings\Machida\Local Settings\Temporary Internet Files\Content.IE5\B8OV84C1\czpgdnjtdq[1].htm 2007/04/18 09:27 czpgdnjtdq[1].htm 47 KB
Trojan horse Downloader.Generic4.CLB C:\fjlooi.exe 2007/04/18 09:27 fjlooi.exe 1.97 KB
Trojan horse Clicker.EOD C:\Documents and Settings\Machida\Local Settings\Temporary Internet Files\Content.IE5\B8OV84C1\czpgdnjtdq[1].htm 2007/04/17 22:35 czpgdnjtdq[1].htm 47 KB
Trojan horse Downloader.Generic4.CLB C:\fjlooi.exe 2007/04/17 22:35 fjlooi.exe 1.97 KB
Trojan horse Downloader.Generic3.ZIM C:\nnwoyddm.exe 2007/04/17 22:36 nnwoyddm.exe 7 KB
Trojan horse Downloader.Generic3.ZIM C:\nnwoyddm.exe 2007/04/18 06:49 nnwoyddm.exe 7 KB
Trojan horse Downloader.Generic3.ZIM C:\nnwoyddm.exe 2007/04/17 22:39 nnwoyddm.exe 7 KB
Trojan horse Downloader.Generic3.ZIM C:\Documents and Settings\Machida\Local Settings\Temporary Internet Files\Content.IE5\B8OV84C1\mfxlrobl[1].htm 2007/04/18 06:49 mfxlrobl[1].htm 7 KB
Trojan horse Downloader.Generic3.ZIM C:\Documents and Settings\Machida\Local Settings\Temporary Internet Files\Content.IE5\B8OV84C1\mfxlrobl[2].htm 2007/04/17 22:39 mfxlrobl[2].htm 7 KB
Trojan horse Clicker.EOD C:\qhaybg.exe 2007/04/18 06:49 qhaybg.exe 47 KB
Trojan horse Clicker.EOD C:\Documents and Settings\Machida\Local Settings\Temporary Internet Files\Content.IE5\5QF73ND2\czpgdnjtdq[1].htm 2007/04/18 06:49 czpgdnjtdq[1].htm 47 KB
Trojan horse Clicker.EOD C:\qhaybg.exe 2007/04/17 22:24 qhaybg.exe 47 KB
Trojan horse Downloader.Generic4.CLB C:\fjlooi.exe 2007/04/17 22:24 fjlooi.exe 1.97 KB
Trojan horse Clicker.EOD C:\qhaybg.exe 2007/04/17 22:40 qhaybg.exe 47 KB
Trojan horse Downloader.Generic4.CLB C:\fjlooi.exe 2007/04/18 06:50 fjlooi.exe 1.97 KB
Trojan horse Clicker.EOD C:\Documents and Settings\Machida\Local Settings\Temporary Internet Files\Content.IE5\B8OV84C1\czpgdnjtdq[1].htm 2007/04/17 22:40 czpgdnjtdq[1].htm 47 KB
Trojan horse Downloader.Generic4.CLB C:\fjlooi.exe 2007/04/17 22:40 fjlooi.exe 1.97 KB
Trojan horse Downloader.Generic3.ZIM C:\nnwoyddm.exe 2007/04/18 09:32 nnwoyddm.exe 7 KB
Trojan horse Downloader.Generic3.ZIM C:\Documents and Settings\Machida\Local Settings\Temporary Internet Files\Content.IE5\B8OV84C1\mfxlrobl[1].htm 2007/04/18 09:32 mfxlrobl[1].htm 7 KB
Trojan horse Clicker.EOD C:\qhaybg.exe 2007/04/18 09:32 qhaybg.exe 47 KB
Trojan horse Clicker.EOD C:\Documents and Settings\Machida\Local Settings\Temporary Internet Files\Content.IE5\B8OV84C1\czpgdnjtdq[1].htm 2007/04/18 09:32 czpgdnjtdq[1].htm 47 KB
Trojan horse Downloader.Generic4.CLB C:\fjlooi.exe 2007/04/18 09:32 fjlooi.exe 1.97 KB
Trojan horse Downloader.Generic3.ZIM C:\nnwoyddm.exe 2007/04/17 22:44 nnwoyddm.exe 7 KB
Trojan horse Downloader.Generic3.ZIM C:\Documents and Settings\Machida\Local Settings\Temporary Internet Files\Content.IE5\5QF73ND2\mfxlrobl[1].htm 2007/04/17 22:44 mfxlrobl[1].htm 7 KB
Trojan horse Clicker.EOD C:\qhaybg.exe 2007/04/17 22:44 qhaybg.exe 47 KB
Trojan horse Downloader.Generic3.ZIM C:\Documents and Settings\Machida\Local Settings\Temporary Internet Files\Content.IE5\B8OV84C1\mfxlrobl[1].htm 2007/04/18 06:55 mfxlrobl[1].htm 7 KB
Trojan horse Clicker.EOD C:\qhaybg.exe 2007/04/18 06:55 qhaybg.exe 47 KB
Trojan horse Downloader.Generic4.CLB C:\fjlooi.exe 2007/04/17 22:45 fjlooi.exe 1.97 KB
Trojan horse Clicker.EOD C:\Documents and Settings\Machida\Local Settings\Temporary Internet Files\Content.IE5\B8OV84C1\czpgdnjtdq[2].htm 2007/04/18 06:55 czpgdnjtdq[2].htm 47 KB
Trojan horse Downloader.Generic3.ZIM C:\Documents and Settings\Machida\Local Settings\Temporary Internet Files\Content.IE5\B8OV84C1\mfxlrobl[1].htm 2007/04/18 09:37 mfxlrobl[1].htm 7 KB
Trojan horse Downloader.Generic4.CLB C:\fjlooi.exe 2007/04/18 06:55 fjlooi.exe 1.97 KB
Trojan horse Clicker.EOD C:\qhaybg.exe 2007/04/17 22:45 qhaybg.exe 47 KB
Trojan horse Downloader.Generic3.ZIM C:\nnwoyddm.exe 2007/04/17 22:45 nnwoyddm.exe 7 KB
Trojan horse Clicker.EOD C:\qhaybg.exe 2007/04/18 09:37 qhaybg.exe 47 KB
Trojan horse Downloader.Generic4.CLB C:\fjlooi.exe 2007/04/17 22:45 fjlooi.exe 1.97 KB
Trojan horse Clicker.EOD C:\Documents and Settings\Machida\Local Settings\Temporary Internet Files\Content.IE5\B8OV84C1\czpgdnjtdq[1].htm 2007/04/18 09:37 czpgdnjtdq[1].htm 47 KB
Trojan horse Downloader.Generic4.CLB C:\fjlooi.exe 2007/04/18 09:37 fjlooi.exe 1.97 KB
Trojan horse Downloader.Generic3.ZIM C:\nnwoyddm.exe 2007/04/18 06:57 nnwoyddm.exe 7 KB
Trojan horse Downloader.Generic3.ZIM C:\nnwoyddm.exe 2007/04/18 06:59 nnwoyddm.exe 7 KB
Trojan horse Clicker.EOD C:\qhaybg.exe 2007/04/18 06:59 qhaybg.exe 47 KB
Trojan horse Downloader.Generic4.CLB C:\fjlooi.exe 2007/04/18 07:00 fjlooi.exe 1.97 KB
Trojan horse Downloader.Generic4.CLB C:\fjlooi.exe 2007/04/18 08:21 fjlooi.exe 1.97 KB
Trojan horse Downloader.Generic3.ZIM C:\nnwoyddm.exe 2007/04/18 08:21 nnwoyddm.exe 7 KB
Trojan horse Clicker.EOD C:\qhaybg.exe 2007/04/18 08:21 qhaybg.exe 47 KB
Trojan horse Downloader.Generic3.ZIM C:\Documents and Settings\Machida\Local Settings\Temporary Internet Files\Content.IE5\5QF73ND2\mfxlrobl[1].htm 2007/04/18 08:21 mfxlrobl[1].htm 7 KB
Trojan horse Clicker.EOD C:\Documents and Settings\Machida\Local Settings\Temporary Internet Files\Content.IE5\B8OV84C1\czpgdnjtdq[1].htm 2007/04/18 08:21 czpgdnjtdq[1].htm 47 KB
Trojan horse Downloader.Generic4.CLB C:\Documents and Settings\Machida\Local Settings\Temporary Internet Files\Content.IE5\B8OV84C1\qnrwy[1].txt 2007/04/18 08:21 qnrwy[1].txt 1.97 KB
Trojan horse Downloader.Generic3.ZIM C:\System Volume Information\_restore{64B40632-67AD-4064-BD95-D6880900ED8F}\RP78\A0007455.exe 2007/04/17 19:32 A0007455.exe 7 KB
Trojan horse Downloader.Generic4.CLB C:\fjlooi.exe 2007/04/18 00:30 fjlooi.exe 1.97 KB
Trojan horse Clicker.EOD C:\qhaybg.exe 2007/04/18 00:30 qhaybg.exe 47 KB
Trojan horse Downloader.Generic3.ZIM C:\nnwoyddm.exe 2007/04/18 00:30 nnwoyddm.exe 7 KB

This afternoon I uninstalled AVG and installed Kapersky 30day trial. It disinfects files, but the trojans just keep coming back. This is the new logs

eb Anti-Virus
--------------
Total scanned: 48
Detected: 8
Untreated: 0
Start time: 2007/04/18 06:32:55 PM
Duration: 00:10:40


Detected
--------
Status Object
------ ------
detected: Trojan program Trojan-Proxy.Win32.Dlena.ce URL: http://xhmdadfxpb.co...exhe/rrfjbf.php
detected: Trojan program Trojan-Downloader.Win32.Small.cwj URL: http://xhmdadfxpb.co...he/mfxlrobl.php
detected: Trojan program Trojan-Clicker.Win32.Agent.is URL: http://xhmdadfxpb.co..._Patch.UPX//UPX
detected: Trojan program Trojan-Downloader.Win32.Small.ecr URL: http://xhmdadfxpb.co...exhe/qnrwy//FSG
detected: Trojan program Trojan-Proxy.Win32.Dlena.ce URL: http://qhelhunxna.co...exhe/rrfjbf.php
detected: Trojan program Trojan-Downloader.Win32.Small.cwj URL: http://qhelhunxna.co...he/mfxlrobl.php
detected: Trojan program Trojan-Clicker.Win32.Agent.is URL: http://qhelhunxna.co..._Patch.UPX//UPX
detected: Trojan program Trojan-Downloader.Win32.Small.ecr URL: http://qhelhunxna.co...exhe/qnrwy//FSG


Events
------
Time Name Status Reason
---- ---- ------ ------
2007/04/18 06:33:45 PM URL: http://www.superanti...?request=STATUS ok scanned
2007/04/18 06:33:47 PM URL: http://www.superanti...8-0949231C9484} ok scanned
2007/04/18 06:33:54 PM URL: http://xhmdadfxpb.co....php?adv=adv759 ok iChecker
2007/04/18 06:33:55 PM URL: http://xhmdadfxpb.co...he/gvscyvsh.php ok iChecker
2007/04/18 06:34:33 PM URL: http://download.wind....cab?0704181634 ok scanned
2007/04/18 06:34:36 PM URL: http://update.micros....cab?0704181634 ok iChecker
2007/04/18 06:34:37 PM URL: http://download.wind....cab?0704181634 ok iChecker
2007/04/18 06:34:37 PM URL: http://download.wind....cab?0704181634 archive CAB
2007/04/18 06:34:37 PM URL: http://download.wind...634/wusetup.inf ok scanned
2007/04/18 06:34:37 PM URL: http://download.wind...634/wusetup.cat ok scanned
2007/04/18 06:34:37 PM URL: http://download.wind....cab?0704181634 ok scanned
2007/04/18 06:34:39 PM URL: http://download.wind....cab?0704181634 ok iChecker
2007/04/18 06:34:54 PM URL: http://download.wind....cab?0704181634 ok iChecker
2007/04/18 06:38:16 PM URL: http://www.sup3r.net/adv759_4607.exe ok iChecker
2007/04/18 06:38:41 PM URL: http://update.ewido.net/update-xml.cgi ok scanned
2007/04/18 06:38:51 PM URL: http://xhmdadfxpb.co...exhe/rrfjbf.php detected Trojan program 'Trojan-Proxy.Win32.Dlena.ce'
2007/04/18 06:38:51 PM URL: http://xhmdadfxpb.co...exhe/rrfjbf.php access denied
2007/04/18 06:38:52 PM URL: http://xhmdadfxpb.co...exhe/rrfjbf.php access denied
2007/04/18 06:39:19 PM URL: http://xhmdadfxpb.co...he/mfxlrobl.php detected Trojan program 'Trojan-Downloader.Win32.Small.cwj'
2007/04/18 06:39:19 PM URL: http://xhmdadfxpb.co...he/mfxlrobl.php access denied
2007/04/18 06:39:25 PM URL: http://xhmdadfxpb.co...xhe/kuumjti.php packed file FSG
2007/04/18 06:39:25 PM URL: http://xhmdadfxpb.co...uumjti.php//FSG ok scanned
2007/04/18 06:39:25 PM URL: http://xhmdadfxpb.co...xhe/kuumjti.php ok scanned
2007/04/18 06:39:28 PM URL: http://xhmdadfxpb.co.../czpgdnjtdq.php packed file PE_Patch.UPX
2007/04/18 06:39:28 PM URL: http://xhmdadfxpb.co...p//PE_Patch.UPX packed file UPX
2007/04/18 06:39:28 PM URL: http://xhmdadfxpb.co..._Patch.UPX//UPX detected Trojan program 'Trojan-Clicker.Win32.Agent.is'
2007/04/18 06:39:28 PM URL: http://xhmdadfxpb.co..._Patch.UPX//UPX access denied
2007/04/18 06:39:28 PM URL: http://xhmdadfxpb.co.../czpgdnjtdq.php access denied
2007/04/18 06:39:28 PM URL: http://xhmdadfxpb.co...gs/muexhe/qnrwy packed file FSG
2007/04/18 06:39:28 PM URL: http://xhmdadfxpb.co...exhe/qnrwy//FSG detected Trojan program 'Trojan-Downloader.Win32.Small.ecr'
2007/04/18 06:39:28 PM URL: http://xhmdadfxpb.co...exhe/qnrwy//FSG access denied
2007/04/18 06:39:37 PM URL: http://qhelhunxna.co....php?adv=adv759 ok iChecker
2007/04/18 06:39:38 PM URL: http://qhelhunxna.co...he/gvscyvsh.php ok iChecker
2007/04/18 06:39:45 PM URL: http://qhelhunxna.co...exhe/rrfjbf.php detected Trojan program 'Trojan-Proxy.Win32.Dlena.ce'
2007/04/18 06:39:45 PM URL: http://qhelhunxna.co...exhe/rrfjbf.php access denied
2007/04/18 06:39:45 PM URL: http://qhelhunxna.co...exhe/rrfjbf.php access denied
2007/04/18 06:39:51 PM URL: http://qhelhunxna.co...he/mfxlrobl.php detected Trojan program 'Trojan-Downloader.Win32.Small.cwj'
2007/04/18 06:39:51 PM URL: http://qhelhunxna.co...he/mfxlrobl.php access denied
2007/04/18 06:39:52 PM URL: http://qhelhunxna.co...xhe/kuumjti.php ok iChecker
2007/04/18 06:39:55 PM URL: http://qhelhunxna.co.../czpgdnjtdq.php packed file PE_Patch.UPX
2007/04/18 06:39:55 PM URL: http://qhelhunxna.co...p//PE_Patch.UPX packed file UPX
2007/04/18 06:39:55 PM URL: http://qhelhunxna.co..._Patch.UPX//UPX detected Trojan program 'Trojan-Clicker.Win32.Agent.is'
2007/04/18 06:39:55 PM URL: http://qhelhunxna.co..._Patch.UPX//UPX access denied
2007/04/18 06:39:55 PM URL: http://qhelhunxna.co.../czpgdnjtdq.php access denied
2007/04/18 06:39:55 PM URL: http://qhelhunxna.co...gs/muexhe/qnrwy packed file FSG
2007/04/18 06:39:55 PM URL: http://qhelhunxna.co...exhe/qnrwy//FSG detected Trojan program 'Trojan-Downloader.Win32.Small.ecr'
2007/04/18 06:39:55 PM URL: http://qhelhunxna.co...exhe/qnrwy//FSG access denied



Thanks in advance

Edited by ingemushi, 18 April 2007 - 11:02 AM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP