Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Phew, 99% Clean - Help me w/ last 1%


  • Please log in to reply

#1
legal_video

legal_video

    New Member

  • Member
  • Pip
  • 1 posts
Thanks in advance for the help. What can I say, I've run the gamet - ewido / adaware / spybot / cwshredder / HJT / trojanhunter / kaspersky / kill2me. Seems like the malware is against the ropes -- two fishy items are popping up when I run HJT (in bold below). I'm hesitant to reattach the ethernet cable as I know it will just regrow into the thick urban density it'd achieved before. Ahem. Any advice on wrapping this up?

--------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 3:12:33 PM, on 4/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Documents and Settings\ENCODING 3\Desktop\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://smbusiness.dellnet.com/
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on LANE] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P43 "Auto EPSON Stylus Photo R200 Series on LANE" /O17 "\\LANE\EPSON R200" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\g6jolg1316.dll

O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

--------------------------------

As I hinted above, these buggers won't stay deleted after I "fix" them with HJT. Most recently I went into the Restore Console and tried deleting the random.dll from the DOS prompt and succeeded, though a new one pops up with each reboot. The spyware/trojan removers mentioned above all come up with clean searches, with the exception of CWShredder (v2.14) always saying it's removed "VX2.Look2Me". You guys & gals are super smart, I'd greatly appreciate any input on the matter.

Edit: Actually ewido is continuing to finding look2me.ab components embedded in the system restore points. I have no clue why this "trusted zone" entry is being so tenacious...

Edited by legal_video, 27 April 2005 - 02:51 PM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP