Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

C:\windows\Explorer.EXE trojan detected and cleaned

Started by miacop , Dec 09 2008 09:50 PM

  • Please log in to reply

#1
miacop
Posted 09 December 2008 - 09:50 PM

miacop

    New Member

  • Member
  • Pip
  • 1 posts
Hi there!!!
Newbie here :)

My notebook has been working some strange,
It send a message saying C:\windows\Explorer.EXE trojan detected and cleaned
each time starts mcfee.

I hope you can give me an advice to solve it.


here is the highjackthis log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:37:18 PM, on 12/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\GE Fanuc\Alarm Viewer\Host\AEClientHostService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\GE Fanuc\Proficy Common\Proficy Common Licensing\CCFLIC0.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\GE Fanuc\Proficy Machine Edition\fxControl\Runtime\NT\FxControl.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\GE Fanuc\Proficy Machine Edition\fxManager\Server\fxServer.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe
C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2007\HmiSmartStart.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\PROGRA~1\ROCKWE~1\RSCOMMON\RSOBSERV.EXE
C:\WINDOWS\Intellution\iLicenseSvc.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\GE Fanuc\Proficy Event Logger\LoggingService.exe
C:\PROGRA~1\Novadigm\radtray.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Siemens\Sqlany\dbsrv9.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Binn\sqlservr.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Novadigm\radexecd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Progra~1\Novadigm_patch_scan\srvany.exe
C:\Program Files\Novadigm\radsched.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Novadigm\Radstgms.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\Novadigm_patch_scan\SLEEP.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\ROCKWE~1\RSLINX\RSLINX.EXE
C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe
C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe
C:\Program Files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Binn\sqlagent.EXE
C:\Program Files\GE Fanuc\Proficy Machine Edition\Common\Components\NT\trapiserver.exe
C:\Program Files\ORL\VNC\WinVNC.exe
C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe
C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2007\HmiES.exe
C:\WINDOWS\system32\S7OTBXSX.EXE
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.automatio...mens.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://socrates.gm.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.siemens.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.siemens.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoproxy.gm.com/ie
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [S7UB Start] "C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe" -StartDB
O4 - HKLM\..\Run: [WinCC flexible Smart Start] "C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2007\HmiSmartStart.exe" /startup
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Radia User Connect] "C:\PROGRA~1\Novadigm\Radskman.exe" context=u,cop=y,log=connect_user.log,logsize=5000000,startdir=$USER,uid=$MACHINE,mname=RADIA,cat=m,rtimeout=600,hreboot=y,ind=n,rep=n
O4 - HKLM\..\Run: [RUNRADTRAY] "C:\PROGRA~1\Novadigm\radtray.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [T2W] C:\WINDOWS\system32\crsm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.siemens.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rar.mfg.ad.gm.com
O17 - HKLM\Software\..\Telephony: DomainName = rar.mfg.ad.gm.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rar.mfg.ad.gm.com
O23 - Service: AEClientHostService - GE Fanuc Automation Americas - C:\Program Files\GE Fanuc\Alarm Viewer\Host\AEClientHostService.exe
O23 - Service: Automation License Manager Service (almservice) - SIEMENS AG - C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe
O23 - Service: Proficy Licensing (CCFLIC0) - GE Fanuc Automation Americas - C:\Program Files\GE Fanuc\Proficy Common\Proficy Common Licensing\CCFLIC0.exe
O23 - Service: dnWhoDisp - Unknown owner - C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FxControl Runtime (FxControlRuntime) - GE Fanuc Automation Canada Inc. - C:\Program Files\GE Fanuc\Proficy Machine Edition\fxControl\Runtime\NT\FxControl.exe
O23 - Service: Change Management Server (fxServer) - GE Fanuc Automation Canada Inc. - C:\Program Files\GE Fanuc\Proficy Machine Edition\fxManager\Server\fxServer.EXE
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Harmony - Rockwell Software Inc. - C:\PROGRA~1\ROCKWE~1\RSCOMMON\RSOBSERV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: M1 Licensing Helper (iLicenseSvc) - GE Fanuc Automation Americas, Inc. - C:\WINDOWS\Intellution\iLicenseSvc.exe
O23 - Service: Proficy Log Server (LoggingService) - Unknown owner - C:\Program Files\GE Fanuc\Proficy Event Logger\LoggingService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Proficy Driver Runtime - Total Control Products (Canada) Inc. - C:\Program Files\GE Fanuc\Proficy Machine Edition\fxView\Runtime\ProficyDrivers\Win32\GefPdfOpc.exe
O23 - Service: Radia Notify Daemon (radexecd) - Hewlett-Packard - C:\Program Files\Novadigm\radexecd.exe
O23 - Service: Radia_Patch_Scan - Unknown owner - C:\Progra~1\Novadigm_patch_scan\srvany.exe
O23 - Service: Radia Scheduler Daemon (radsched) - Hewlett-Packard - C:\Program Files\Novadigm\radsched.exe
O23 - Service: Radia MSI Redirector (Radstgms) - Hewlett-Packard - C:\Program Files\Novadigm\Radstgms.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RSLinx - Rockwell Software, Inc. - C:\PROGRA~1\ROCKWE~1\RSLINX\RSLINX.EXE
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: S7 Global Services (s7asysvx) - SIEMENS AG - C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe
O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
O23 - Service: S7TraceServiceX - SIEMENS AG - C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe
O23 - Service: Trapi File Server (TrapiServer) - GE Fanuc Automation Canada Inc. - C:\Program Files\GE Fanuc\Proficy Machine Edition\Common\Components\NT\trapiserver.exe
O23 - Service: VNC Server (winvnc) - AT&T Research Labs Cambridge - C:\Program Files\ORL\VNC\WinVNC.exe

--
End of file - 11192 bytes


Regards!!!
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP