Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HiJackThis Log ... Help Please


  • Please log in to reply

#16
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,674 posts
No problem. It's what I like to do.

I'll have a look tomorrow to see how it worked out.

Regards,
  • 0

Advertisements


#17
HardcoreZ28

HardcoreZ28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Well still no luck unfortunately. The file was not found, but I know it's on the computer because when I hit ctl+alt+del it lists it. I tried typing it in in all different caps combinations, then I copied and pasted it from your post, then I tried ending the task and finding it and it still didn't work.

Any other suggestions?
  • 0

#18
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,674 posts
See HERE for how to show hidden files.

Let me know if that helps.

Regards,
  • 0

#19
HardcoreZ28

HardcoreZ28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I thought I changed it the other day to view them but maybe since I shut it down since then it reverted back? Wouldn't the spywad folder find it anyway even if it was hidden?
  • 0

#20
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,674 posts
I am not sure. You can also try with one of the other spywad files and see what the script does.
These are the ones:
c:\windows\slprqbo.exe
c:\windows\lbxwkds.exe
c:\windows\ucletmv.exe
c:\windows\fwrmusx.exe
c:\windows\ghnewkh.exe
c:\windows\dfwihrl.exe
c:\windows\tpqtllm.exe
c:\windows\jdginua.exe
c:\windows\tikjslr.exe
c:\windows\ykaapfe.exe

Regards,

Pieter
  • 0

#21
HardcoreZ28

HardcoreZ28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Wow this is getting frustrating! I tried setting it to view all files again this weekend and every time I did it the computer froze up and had to be restarted. I must have tried 6 times. I also tried pasting all the different files you listed above into SpyWad with no success....maybe due to the files being unviewable?
  • 0

#22
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,674 posts
Let's try another approach.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Regards,
  • 0

#23
HardcoreZ28

HardcoreZ28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Thanks....will that version work for Win 98? It says 2000 and XP.
  • 0

#24
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,674 posts
Oops. No it won't. :tazz:

Then download a free trial of TDS3 from here:
http://tds.diamondcs...x.php?page=home
Update as described here:
http://tds.diamondcs...php?page=update
When that is ready click System Testing > Full sytem scan

Rightclick any of the found files and choose Save as text.
It will open a text file with all the detected files.

Regards,
  • 0

#25
HardcoreZ28

HardcoreZ28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hey just wanted to let you know I didn't ditch this thread. I've been really busy and haven't had time to touch the home computer much. Only time I tried I was unable to download the programs because all the download links hijacked me to the search site from the virus. I'm going to try downloading them onto my memory stick at work and bringing them home...they are too big to fit on disk.
  • 0

Advertisements


#26
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,674 posts
No problem. Take all the time you need.

I'll be here. :tazz:

Regards,
  • 0

#27
HardcoreZ28

HardcoreZ28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Ok I finally found some time to run that other virus program and for once the computer didn't freeze while it was running over night. Here is the list of files it pulled up:

Scan Control Dumped @ 08:27:08 28-06-05
Positive identification: Trojan.Win32.TopAntiSpyware.k
File: c:\windows\system\spoolsrv32.exe

Positive identification: Trojan.Win32.WebSearch.i3
File: c:\windows\system\services\{db0e7598-e1cc-4d6a-9113-7af8a7c1cbda}\svchost.exe

RegVal Trace: Worm.Torvil please submit: HKEY_LOCAL_MACHINE
File: Software\Microsoft\Windows\CurrentVersion\Run [Service Host=C:\WINDOWS\SYSTEM\Services\{DB0E7598-E1CC-4D6A-9113-7AF8A7C1CBDA}\SVCHOST.EXE]

Positive identification: Trojan.Win32.Agent.eo
File: c:\windows\uninstiu.exe

Positive identification: TrojanDropper.Win32.Agent.ii
File: c:\windows\system\gaqspadm.exe

Positive identification: Trojan.Win32.TopAntiSpyware.k
File: c:\windows\system\spoolsrv32.exe

Positive identification (DLL): TrojanDownloader.Win32.Agent.na (dll)
File: c:\windows\system\wldr.dll

Positive identification: Trojan.Win32.WebSearch.i3
File: c:\windows\system\services\{db0e7598-e1cc-4d6a-9113-7af8a7c1cbda}\svchost.exe

Positive identification (DLL): Trojan.Win32.WebSearch.i4 (dll)
File: c:\windows\system\services\{db0e7598-e1cc-4d6a-9113-7af8a7c1cbda}\svchost.dll

Positive identification (embedded in file): Trojan.Win32.WebSearch.i2 (dll)
File: c:\windows\system\services\{db0e7598-e1cc-4d6a-9113-7af8a7c1cbda}\security.exe

Positive identification: Trojan.Win32.WebSearch.i2
File: c:\windows\system\services\{db0e7598-e1cc-4d6a-9113-7af8a7c1cbda}\security.exe

Positive identification (DLL): Trojan.Win32.WebSearch.i2 (dll)
File: c:\windows\system\services\{db0e7598-e1cc-4d6a-9113-7af8a7c1cbda}\security.dll

Positive identification: Trojan.Win32.Agent.eo2
File: c:\windows\temporary internet files\content.ie5\8hmbshyr\file[1].exe

Suspicious Filename: Dual extensions
File: c:\windows\profiles\hardcorez28\my documents\college stuff\fall 2002\econ 305\problems[1].123.doc

Suspicious Filename: Dual extensions
File: c:\windows\profiles\hardcorez28\my documents\college stuff\fall 2002\econ 305\problems[1].456.doc

Suspicious Filename: Dual extensions
File: c:\my documents\college stuff\fall 2002\econ 305\problems[1].123.doc

Suspicious Filename: Dual extensions
File: c:\my documents\college stuff\fall 2002\econ 305\problems[1].456.doc

Positive identification (DLL): Adware.MiniBug (dll)
File: c:\program files\aws\weatherbug\minibugtransporter.dll

Positive identification: Riskware.ProcessRestart
File: c:\program files\kodak\kodak software updater\7288971\6.1.4.37-7288971l\program\restart.exe

Suspicious Filename: Dual extensions
File: e:\my documents\college stuff\fall 2002\econ 305\problems[1].123.doc

Suspicious Filename: Dual extensions
File: e:\my documents\college stuff\fall 2002\econ 305\problems[1].456.doc



I left the computer on so hopefully it doesn't freeze before I can take some action on these. Please let me know what my next steps are. Thanks again for all of your patience and help.
  • 0

#28
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,674 posts
Rightclick the files I listed below in the TDS screen and choose delete:

c:\windows\system\spoolsrv32.exe
c:\windows\system\services\{db0e7598-e1cc-4d6a-9113-7af8a7c1cbda}\svchost.exe
c:\windows\uninstiu.exe
c:\windows\system\gaqspadm.exe
c:\windows\system\spoolsrv32.exe
c:\windows\system\wldr.dll
c:\windows\system\services\{db0e7598-e1cc-4d6a-9113-7af8a7c1cbda}\svchost.exe
c:\windows\system\services\{db0e7598-e1cc-4d6a-9113-7af8a7c1cbda}\svchost.dll
c:\windows\system\services\{db0e7598-e1cc-4d6a-9113-7af8a7c1cbda}\security.exe
c:\windows\system\services\{db0e7598-e1cc-4d6a-9113-7af8a7c1cbda}\security.dll
c:\program files\aws\weatherbug\minibugtransporter.dll

Then reboot into safe mode and delete:
c:\windows\system\services\{db0e7598-e1cc-4d6a-9113-7af8a7c1cbda} <= the entire folder

Then (still in safe mode) use the Disk Cleanup Utility to empty all your Temp folders.

Then boot back to normal and post a new HijackThis log.

Regards,
  • 0

#29
HardcoreZ28

HardcoreZ28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Thanks I will do this during my lunch and try to post the new log in about 3 hours from now.
  • 0

#30
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,674 posts
I'll have a look when I get home. (about 4 hours from the time of my reply)

Regards,
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP