Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need help removing "Win32:Spyware-gen" and "Win32:Homle

Started by ljohnson4541 , Jun 23 2008 01:41 PM

  • Please log in to reply

#1
ljohnson4541
Posted 23 June 2008 - 01:41 PM

ljohnson4541

    New Member

  • Member
  • Pip
  • 2 posts
Hello and thanks to how ever takes this,

Locations of Trojans

6/21/2008 11:30:17 AM Owner 1676 Sign of "Win32:Crypt-CIL [Trj]" has been found in "C:\Documents and Settings\Owner.YOUR-89AF14A9B4\Desktop\wr-1-2073.exe" file.
6/21/2008 11:30:51 AM Owner 1676 Sign of "Win32:Crypt-CIL [Trj]" has been found in "http://admin.waverevenue.com/download.php?affID=0002073\unp205992023" file.
6/21/2008 4:06:25 PM Owner 1676 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Program Files\InetGet2\Installeur.exe" file.
6/21/2008 4:06:32 PM Owner 1676 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Program Files\InetGet2\Installeur.exe" file.
6/22/2008 9:20:40 PM Owner 1668 Sign of "Win32:Homles [Trj]" has been found in "C:\WINDOWS\mrofinu2073.exe\[UPX]" file.
6/22/2008 9:54:48 PM Owner 1600 Sign of "Win32:Homles [Trj]" has been found in "C:\WINDOWS\mrofinu2073.exe\[UPX]" file.
6/22/2008 9:57:42 PM Owner 1640 Sign of "Win32:Homles [Trj]" has been found in "C:\WINDOWS\mrofinu2073.exe\[UPX]" file.
6/23/2008 7:47:55 AM Owner 1664 Sign of "Win32:Homles [Trj]" has been found in "C:\WINDOWS\mrofinu2073.exe\[UPX]" file.
6/23/2008 7:51:27 AM Owner 1632 Sign of "Win32:Homles [Trj]" has been found in "C:\WINDOWS\mrofinu2073.exe\[UPX]" file.
6/23/2008 7:52:05 AM Owner 1632 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\IA\ASAPPSRV.DLL" file.
6/23/2008 8:25:22 AM Owner 1632 Sign of "VBS:Malware-gen" has been found in "C:\WINDOWS\IA\KE.vbs" file.
6/23/2008 8:35:39 AM Owner 1632 Sign of "Win32:Small-KXF [Trj]" has been found in "http://download.dailykeys.com/files/spyhunter%203.exe\keygen.exe" file.
6/23/2008 10:57:50 AM Owner 352 Sign of "Win32:Homles [Trj]" has been found in "c:\windows\mrofinu2073.exe\[UPX]" file.
6/23/2008 2:00:51 PM Owner 3264 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\Documents and Settings\Owner.YOUR-89AF14A9B4\Local Settings\Temp\cmdinst.exe" file.
6/23/2008 2:06:47 PM Owner 3264 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Program Files\Network Monitor\netmon.exe" file.
6/23/2008 2:11:52 PM Owner 3264 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP37\A0005429.exe" file.
6/23/2008 2:12:20 PM Owner 3264 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP44\A0010541.dll" file.
6/23/2008 2:12:20 PM Owner 3264 Sign of "VBS:Malware-gen" has been found in "C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP44\A0010548.vbs" file.
6/23/2008 2:12:21 PM Owner 3264 Sign of "Win32:Homles [Trj]" has been found in "C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP44\A0010553.exe\[UPX]" file.
6/23/2008 2:12:21 PM Owner 3264 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP44\A0010556.exe" file.
6/23/2008 2:14:37 PM Owner 3264 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\WINDOWS\b104.exe" file.
6/23/2008 2:15:43 PM Owner 3264 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\WINDOWS\IA\command.exe" file.


HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:20:57 PM, on 6/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Owner.YOUR-89AF14A9B4\My Documents\WC3\WC3 Programs\Inventory A+.exe
C:\Program Files\LimeWire\LimeWire.exe
c:\program files\warcraft iii\war3.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...h...P&M=GT5238E
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...P&M=GT5238E
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.c...h...P&M=GT5238E
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\Owner\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O23 - Service: Intel® Alert Service (AlertService) - Intel Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8072 bytes

Thanks...

Edited by ljohnson4541, 23 June 2008 - 01:42 PM.

  • 0

Advertisements

#2
ljohnson4541
Posted 29 June 2008 - 01:16 PM

ljohnson4541

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
bump
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP