Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unable to quarantine / delete Troj/Agent and mal/behav

Started by Jeffz08 , May 28 2008 11:34 PM

  • Please log in to reply

#1
Jeffz08
Posted 28 May 2008 - 11:34 PM

Jeffz08

    New Member

  • Member
  • Pip
  • 3 posts
Alright so my brother was on my PC and was on some gaming forum when he clicked on a keylogger / trojan. I hadn't updated my virus protection on my desktop in a while b/c i have a laptop that i use while at college (Desktop stays at my house). I now have an updated Norton antivirus 08 and Webroot Spy sweeper with antiVirus which removed all of the problems except 2 =/...

Norton did not find the problems when i scanned but when i run a scan with spysweeper it finds Troj/Agent-GVF and Mal/Behav-053. When the scan ends spysweeper is unable to quarantine the selected items and when i try and delete them they pop right back up in the next scan....=/. I have been looking all night for ways to get rid of this but to no avail.

I did do a Hijackthis scan and this is the log for that, I could use any help that you could give and thanks in advance. Hope u can help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:09:31 AM, on 5/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
E:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
E:\Program Files\QuickTime\QTTask.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Webroot\Spy Sweeper\SSU.EXE
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - E:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - E:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "E:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [SpySweeper] E:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Shell] "E:\WINDOWS\system32\Rundll32.exe" "E:\WINDOWS\system32\shell32.dll",Control_RunDLL "E:\DOCUME~1\Client\LOCALS~1\Temp\dat1C4.tmp"
O4 - S-1-5-18 Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Unknown owner - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - E:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - E:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - E:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - E:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 6339 bytes

Im going to bed for now its already 2am and I've been trying to fix this since about 8am =( Ill check these forums again tomorrow morning.

Edited by Jeffz08, 29 May 2008 - 12:01 AM.

  • 0

Advertisements

#2
Jeffz08
Posted 29 May 2008 - 01:44 AM

Jeffz08

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
it seems to have gotten worse =( i now have mal/generic-A popping up as well (it also unable to delete / quarantine).... Heres the most recent hijackthis log. Any help would be greatly appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:44:18 AM, on 5/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\wdfmgr.exe
E:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
E:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
E:\Program Files\QuickTime\QTTask.exe
E:\Program Files\Messenger\msmsgs.exe
E:\WINDOWS\System32\alg.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Webroot\Spy Sweeper\SSU.EXE
E:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
E:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
E:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - E:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - E:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "E:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [SpySweeper] E:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Shell] "E:\WINDOWS\system32\Rundll32.exe" "E:\WINDOWS\system32\shell32.dll",Control_RunDLL "E:\DOCUME~1\Client\LOCALS~1\Temp\dat1C4.tmp"
O4 - HKUS\S-1-5-18\..\Run: [Shell] "E:\WINDOWS\system32\Rundll32.exe" "E:\WINDOWS\system32\shell32.dll",Control_RunDLL "E:\WINDOWS\TEMP\dat68C.tmp" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Shell] "E:\WINDOWS\system32\Rundll32.exe" "E:\WINDOWS\system32\shell32.dll",Control_RunDLL "E:\WINDOWS\TEMP\dat68C.tmp" (User 'Default user')
O4 - S-1-5-18 Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Unknown owner - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - E:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - E:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - E:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - E:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 6940 bytes
  • 0

#3
Jeffz08
Posted 29 May 2008 - 08:17 AM

Jeffz08

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
bump, keylogger still there and i cant get rid of it.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP