Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan Horse downloader.delf.12.AN


  • Please log in to reply

#1
cen

cen

    New Member

  • Member
  • Pip
  • 4 posts
My system is running so slow now pls. help. I use Combofix and this is the result

ComboFix 08-08-18.05 - cen 2008-08-20 1:13:08.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.55 [GMT 8:00]
Running from: C:\Documents and Settings\cen\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\UserData
C:\Documents and Settings\Administrator\UserData\BAANT5JC\YL[1].xml
C:\Documents and Settings\Administrator\UserData\BAANT5JC\YL[2].xml
C:\Documents and Settings\Administrator\UserData\BAANT5JC\YL[3].xml
C:\Documents and Settings\Administrator\UserData\index.dat
C:\Documents and Settings\Administrator\UserData\VP3JZ9Y8\undefined[1].xml
C:\Documents and Settings\cen\UserData
C:\Documents and Settings\cen\UserData\index.dat
C:\Documents and Settings\cen\UserData\WD6Z4H2B\YL[1].xml
C:\WINDOWS\system\oeminfo.ini
C:\WINDOWS\system32\AutoRun.inf

.
((((((((((((((((((((((((( Files Created from 2008-07-19 to 2008-08-19 )))))))))))))))))))))))))))))))
.

2008-08-19 07:50 . 2008-08-19 07:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-08-19 07:44 . 2008-08-19 07:44 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-08-19 07:44 . 2008-08-19 07:44 <DIR> d-------- C:\Program Files\AVS4YOU
2008-08-19 07:44 . 2003-05-22 00:50 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll
2008-08-19 00:53 . 2008-08-19 00:53 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-19 00:53 . 2008-08-19 00:53 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-19 00:53 . 2008-08-19 00:53 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-19 00:34 . 2008-08-19 00:34 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-19 00:34 . 2008-08-19 00:34 <DIR> d-------- C:\Program Files\AVG
2008-08-19 00:29 . 1997-05-13 18:26 3,206,344 --a------ C:\Documents and Settings\cen\HOSPPAT.EXE
2008-08-19 00:29 . 1994-05-31 22:00 265,396 --a------ C:\Documents and Settings\cen\DOS4GW.EXE
2008-08-18 06:19 . 2005-01-22 19:30 163,840 -ra------ C:\WINDOWS\system32\igfxres.dll
2008-08-18 06:10 . 2004-08-03 22:32 571,392 --a------ C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-08-18 06:09 . 2001-08-23 20:00 1,875,968 --a------ C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-08-18 06:08 . 2001-08-23 20:00 13,463,552 --a------ C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-08-18 06:07 . 2001-08-23 20:00 1,677,824 --a------ C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-08-18 06:06 . 2004-08-04 00:56 369,664 --a------ C:\WINDOWS\system32\dllcache\asp51.dll
2008-08-18 06:05 . 2004-05-13 00:39 876,653 --a------ C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-08-18 06:03 . 2008-08-18 06:03 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-08-18 06:03 . 2008-08-18 06:03 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-08-18 06:03 . 2008-08-18 06:03 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-08-18 06:03 . 2008-08-18 06:03 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-08-18 06:03 . 2008-08-18 06:03 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-08-18 06:03 . 2008-08-18 06:03 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-08-18 05:57 . 2001-08-23 20:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-08-18 05:57 . 2001-08-23 20:00 24,661 --a------ C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-08-18 05:57 . 2001-08-23 20:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-08-18 05:57 . 2001-08-23 20:00 13,312 --a------ C:\WINDOWS\system32\dllcache\irclass.dll
2008-08-18 05:21 . 2008-08-18 05:21 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-15 18:07 . 2008-08-15 18:07 <DIR> d-------- C:\Documents and Settings\cen\Saved Games
2008-08-15 14:50 . 2008-08-15 14:50 <DIR> d-------- C:\Program Files\Dream Day Wedding 2
2008-08-13 09:47 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\000001_.tmp
2008-08-13 08:15 . 2008-08-13 08:15 <DIR> d--hs---- C:\FOUND.080
2008-08-13 07:56 . 2008-08-13 07:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-13 07:55 . 2008-08-13 07:55 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-08-03 17:45 . 2008-08-03 17:45 <DIR> d--hs---- C:\FOUND.079
2008-07-31 09:42 . 2008-07-31 09:42 <DIR> d-------- C:\Program Files\MSECache
2008-07-31 09:12 . 2008-07-31 09:12 <DIR> d-------- C:\Documents and Settings\cen\Application Data\GeoVid
2008-07-31 08:54 . 2003-03-19 08:12 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll
2008-07-31 08:54 . 2005-06-07 15:11 60,416 --a------ C:\WINDOWS\system32\dsetup.dll
2008-07-31 08:53 . 2008-07-31 08:53 <DIR> d-------- C:\Program Files\GeoVid
2008-07-31 08:53 . 2008-07-31 08:53 <DIR> d-------- C:\Program Files\Common Files\GeoVid
2008-07-31 08:53 . 2004-09-06 17:06 53,248 --a------ C:\WINDOWS\system32\xvid.ax
2008-07-30 11:01 . 2008-07-30 11:01 <DIR> d--hs---- C:\FOUND.078
2008-07-28 02:03 . 2008-07-28 02:03 <DIR> d-------- C:\Program Files\CubedLabs YouTube Download Convert
2008-07-27 08:18 . 2008-07-27 08:18 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-27 08:10 . 2008-07-27 07:56 1,232,152 --a------ C:\avgtray.exe
2008-07-27 07:56 . 2008-07-27 07:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-18 14:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 14:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 14:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-12 02:51 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-05-03 22:16 0 ----a-w C:\Program Files\temp01
2006-12-08 13:03 2,240,512 ----a-w C:\Documents and Settings\cen\Setup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B0514B1E-FEED-40BA-BC1A-477ECCF8141E}]
2008-03-05 02:58 94208 --a------ C:\WINDOWS\system32\inetcpl.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TaskSwitchXP"="C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe" [2005-08-24 15:11 61952]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2006-08-23 15:17 2068527]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-01 18:11 4670968]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 16:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-22 19:36 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-22 19:31 126976]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2006-07-25 23:19 540672]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-19 00:53 1232152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TaskSwitchXP"="C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe" [2005-08-24 15:11 61952]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2006-08-23 15:17 2068527]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"DisableCAD"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli scecli

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R0 hihckits;hihckits;C:\WINDOWS\system32\drivers\mfrfjnle.dat []
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-19 00:53]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-19 00:53]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-19 00:53]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-19 00:53]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2008-08-17 C:\WINDOWS\Tasks\AVG Anti-Spyware.job
- C:\PROGRA~1\Grisoft\AVGANT~1.5\avgas.exe []
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
Notify-dimsntfy - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\cen\Application Data\Mozilla\Firefox\Profiles\ar1cqj38.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-amo&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
.
.
------- File Associations (Beta) -------
.
inffile=C:\WINDOWS\system32\NOTEPAD2.EXE %1
inifile=C:\WINDOWS\system32\NOTEPAD2.EXE %1
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-20 01:18:58
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hihckits]
"ImagePath"="system32\drivers\mfrfjnle.dat"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\SYSTEM32\MSIEXEC.EXE
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-08-20 1:22:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-19 17:22:34

Pre-Run: 25,788,776,448 bytes free
Post-Run: 26,876,739,584 bytes free

189 --- E O F --- 2008-02-21 19:02:13
  • 0

Advertisements


#2
cen

cen

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hello!

I already cure Trojan Horse downloader.delf.12.AN by NOrton Anti Virus. I tried Malwarebytes anti-malware and spyware cleaner 2008 and nothing happened but when I used Norton Anti Virus the virus stop flashing everytime I'm browsing.

I was attacking by 169.254.1.1 (source address).That's what I found out from Norton Anti Virus.

Now,my system is clean.

Thanks.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP