Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

trojan.flood & fir.exe? can't get rid , anyone heard of these?


  • Please log in to reply

#1
ozboy

ozboy

    New Member

  • Member
  • Pip
  • 4 posts
Hello, I seem to have something a trojan called ... trojan.flood that my AVG antispyware 7.5 keeps finding, but cant get rid of. I have also found a strange entry on my hijack this log to... fir.exe & fixweb.exe? I tried looking it up, but found nothing. I'd appreciate any help thanks so much!




Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\windowsupdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\fir.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\PoivY.com\PoivY\PoivY.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\fixweb.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Microsoft Network Associates] C:\WINDOWS\System32\fir.exe
O4 - HKLM\..\Run: [msennger] C:\WINDOWS\System32\fir.exe
O4 - HKLM\..\RunServices: [windowsupdate] C:\WINDOWS\System32\windowsupdate.exe
O4 - HKLM\..\RunServices: [Windows has Layer] fixweb.exe
O4 - HKLM\..\RunOnce: [Windows has Layer] fixweb.exe
O4 - HKCU\..\Run: [PoivY] "C:\Program Files\PoivY.com\PoivY\PoivY.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Microsoft Network Associates] C:\WINDOWS\System32\fir.exe
O4 - HKCU\..\RunOnce: [Windows has Layer] fixweb.exe
O4 - HKUS\S-1-5-21-1004336348-492894223-1343024091-1003\..\Run: [PoivY] "C:\Program Files\PoivY.com\PoivY\PoivY.exe" -nosplash -minimized (User '?')
O4 - HKUS\S-1-5-21-1004336348-492894223-1343024091-1003\..\Run: [Microsoft Network Associates] C:\WINDOWS\System32\fir.exe (User '?')
O4 - HKUS\S-1-5-21-1004336348-492894223-1343024091-1003\..\RunOnce: [Windows has Layer] fixweb.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [Windows has Layer] fixweb.exe (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [Windows has Layer] fixweb.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [Windows has Layer] fixweb.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Windows has Layer] fixweb.exe (User 'Default user')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\system\intralaunch.CAB
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP