Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

can't remove trojan.win32.agent [RESOLVED]

Started by do_boop , Jun 06 2005 01:34 AM

  • This topic is locked This topic is locked

#1
do_boop
Posted 06 June 2005 - 01:34 AM

do_boop

    New Member

  • Member
  • Pip
  • 3 posts
here is my hijack log.
Please what can i do to remove this trojan?

Logfile of HijackThis v1.99.1
Scan saved at 09:32:54, on 06/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\drivers\CDAC11BA.EXE
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\WINDOWS\System32\RUNDLL32.EXE
D:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
D:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
D:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {32E0D979-6042-CF01-0410-26540E229E75} - D:\WINDOWS\system32\ieas32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PRONoMgr.exe] D:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [KAVPersonal50] D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iexplore.exe] D:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [atlfu32.exe] D:\WINDOWS\atlfu32.exe
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O16 - DPF: {5DDCC37F-7C6B-48B8-9664-97C537920CA0} (aecviz Class) - http://www.maisonphe...om/npaecviz.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1107811824750
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...506/mcfscan.cab
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - D:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - D:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

Advertisements

#2
therock247uk
Posted 06 June 2005 - 08:24 AM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
1. Make sure your PC is set to show all hidden files and folders go here for instructions on how to do this. http://www.xtra.co.n...1916458,00.html

2. Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

3. While in safemode open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

R3 - Default URLSearchHook is missing
O2 - BHO: Class - {32E0D979-6042-CF01-0410-26540E229E75} - D:\WINDOWS\system32\ieas32.dll
O4 - HKLM\..\Run: [iexplore.exe] D:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [atlfu32.exe] D:\WINDOWS\atlfu32.exe

4. Delete the files. (if present)

D:\WINDOWS\system32\ieas32.dll
D:\WINDOWS\atlfu32.exe

5. Reboot and post a new Hijackthis log here in a reply.
  • 0

#3
do_boop
Posted 06 June 2005 - 10:30 AM

do_boop

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
hi therock247uk,

thanks for your fast reply and your help.
I've done what you said. and i post the hijack new log.

I've also run MWAV (i saw on another post that it gives good scanning features) and it found 3 threads : alexa, AltNet, SrchAsst. I post a partial log.

Spybot and Ad-Aware tell there are nothing malicious....

More over when i want to disable the RPC service, all the function are in gray and i cant stop it, or define an manual start.

This is not good i think. My Pc suffer some sporadic problems from before the trojan.

-----------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 18:23:13, on 06/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\RUNDLL32.EXE
D:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
D:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
D:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
D:\WINDOWS\system32\drivers\CDAC11BA.EXE
D:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\System32\notepad.exe
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PRONoMgr.exe] D:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [KAVPersonal50] D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O16 - DPF: {5DDCC37F-7C6B-48B8-9664-97C537920CA0} (aecviz Class) - http://www.maisonphe...om/npaecviz.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1107811824750
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...506/mcfscan.cab
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - D:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - D:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - D:\WINDOWS\system32\ZoneLabs\vsmon.exe

----------------------------------------------------

MWAV partial log

-----------------------------------------------

Mon Jun 06 18:07:57 2005 => **********************************************************
Mon Jun 06 18:07:57 2005 => MicroWorld AntiVirus & Spyware Toolkit Utility.
Mon Jun 06 18:07:57 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc.
Mon Jun 06 18:07:57 2005 => **********************************************************
Mon Jun 06 18:07:57 2005 => Version 6.2.9 (D:\DOCUME~1\exodus\LOCALS~1\Temp\mwavscan.com)
Mon Jun 06 18:07:57 2005 => Log File: D:\DOCUME~1\exodus\LOCALS~1\Temp\MWAV.LOG
Mon Jun 06 18:07:57 2005 => Last Scan Date and Time: 05.06.2005 20:21:35
Mon Jun 06 18:07:57 2005 => MWAV Registered: FALSE.
Mon Jun 06 18:07:57 2005 => MWAV Mode: Only Scan files.
Mon Jun 06 18:07:57 2005 => Database Path in KL Key: D:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus

Personal\5.0\bases.
Mon Jun 06 18:07:57 2005 => Latest Date of files in KL key: 06 Jun 2005 16:41:12.
Mon Jun 06 18:07:57 2005 => Latest Date of files inside MWAV: 29 May 2005 13:10:21.
Mon Jun 06 18:07:59 2005 => AV Library Loaded...
Mon Jun 06 18:07:59 2005 => MWAV doing self scanning...
Mon Jun 06 18:07:59 2005 => Scanning File D:\DOCUME~1\exodus\LOCALS~1\Temp\kavss.exe
Mon Jun 06 18:07:59 2005 => Scanning File D:\DOCUME~1\exodus\LOCALS~1\Temp\Getvlist.exe
Mon Jun 06 18:07:59 2005 => Scanning File D:\DOCUME~1\exodus\LOCALS~1\Temp\kavss.dll
Mon Jun 06 18:07:59 2005 => Scanning File D:\DOCUME~1\exodus\LOCALS~1\Temp\kavssdi.dll
Mon Jun 06 18:07:59 2005 => Scanning File D:\DOCUME~1\exodus\LOCALS~1\Temp\kavssi.dll
Mon Jun 06 18:07:59 2005 => Scanning File D:\DOCUME~1\exodus\LOCALS~1\Temp\kavvlg.dll
Mon Jun 06 18:07:59 2005 => Scanning File D:\DOCUME~1\exodus\LOCALS~1\Temp\msvlclnt.dll
Mon Jun 06 18:07:59 2005 => Scanning File D:\DOCUME~1\exodus\LOCALS~1\Temp\ipc.dll
Mon Jun 06 18:07:59 2005 => Scanning File D:\DOCUME~1\exodus\LOCALS~1\Temp\main.avi
Mon Jun 06 18:07:59 2005 => Scanning File D:\DOCUME~1\exodus\LOCALS~1\Temp\virus.avi
Mon Jun 06 18:07:59 2005 => MWAV files are clean.
Mon Jun 06 18:08:02 2005 => Virus Database Date: 2005/06/06
Mon Jun 06 18:08:02 2005 => Virus Database Count: 125308

Mon Jun 06 18:08:24 2005 => **********************************************************
Mon Jun 06 18:08:24 2005 => MicroWorld AntiVirus & Spyware Toolkit Utility.
Mon Jun 06 18:08:24 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc.
Mon Jun 06 18:08:24 2005 =>
Mon Jun 06 18:08:24 2005 => Support: [email protected]
Mon Jun 06 18:08:24 2005 => Web: http://www.mwti.net
Mon Jun 06 18:08:24 2005 => **********************************************************
Mon Jun 06 18:08:24 2005 => Version 6.2.9 (D:\DOCUME~1\exodus\LOCALS~1\Temp\mwavscan.com)
Mon Jun 06 18:08:24 2005 => Log File: D:\DOCUME~1\exodus\LOCALS~1\Temp\MWAV.LOG
Mon Jun 06 18:08:24 2005 => User Account: exodus
Mon Jun 06 18:08:24 2005 => Windows Root Folder: D:\WINDOWS
Mon Jun 06 18:08:24 2005 => Windows Sys32 Folder: D:\WINDOWS\System32
Mon Jun 06 18:08:24 2005 => OS: Windows NT
Mon Jun 06 18:08:24 2005 => Database Path in KL Key: D:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus

Personal\5.0\bases.
Mon Jun 06 18:08:24 2005 => Latest Date of files in KL key: 06 Jun 2005 16:41:12.
Mon Jun 06 18:08:24 2005 => Latest Date of files inside MWAV: 29 May 2005 13:10:21.

Mon Jun 06 18:08:24 2005 => Options Selected by User:
Mon Jun 06 18:08:24 2005 => Memory Check: Enabled
Mon Jun 06 18:08:24 2005 => Registry Check: Enabled
Mon Jun 06 18:08:24 2005 => StartUp Folder Check: Enabled
Mon Jun 06 18:08:24 2005 => System Folder Check: Enabled
Mon Jun 06 18:08:24 2005 => System Area Check: Disabled
Mon Jun 06 18:08:24 2005 => Services Check: Enabled
Mon Jun 06 18:08:24 2005 => Drive Check: Enabled
Mon Jun 06 18:08:24 2005 => All Drive Check :Disabled
Mon Jun 06 18:08:24 2005 => Drive Selected = C:\
Mon Jun 06 18:08:24 2005 => Folder Check: Disabled

////////////////////
Mon Jun 06 18:08:45 2005 => *** File D:\WINDOWS\System32\nvcpl.dll having Size Restriction ***. Filesize 4508 kb > 3072 kb...
Mon Jun 06 18:08:45 2005 => Scanning File D:\WINDOWS\System32\nvcpl.dll [**]
Mon Jun 06 18:08:45 2005 => *** File D:\WINDOWS\System32\nvcpl.dll having Size Restriction ***. Filesize 4508 kb > 3072 kb...
Mon Jun 06 18:08:45 2005 => Scanning File D:\WINDOWS\System32\nvcpl.dll [**]
//////////////////
Mon Jun 06 18:08:45 2005 => ERROR!!! Invalid Entry {596AB062-B4D2-4215-9F74-E9109B0A8153} = D:\WINDOWS\System32\twext.dll (in key

SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved). No Action Taken.
Mon Jun 06 18:08:45 2005 => ERROR!!! Invalid Entry {9DB7A13C-F208-4981-8353-73CC61AE2783} = D:\WINDOWS\System32\twext.dll (in key

SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved). No Action Taken.
///////////////////


Mon Jun 06 18:08:56 2005 => ***** Scanning Registry and File system for Adware/Spyware *****
Mon Jun 06 18:09:03 2005 => System found infected with Alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No

Action Taken.
Mon Jun 06 18:09:03 2005 => Object "Alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon Jun 06 18:09:04 2005 => Offending value found in HKLM\Software\microsoft\downloadmanager !!!
Mon Jun 06 18:09:04 2005 => Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon Jun 06 18:09:04 2005 => Offending value found in HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\SearchAssistant !!!
Mon Jun 06 18:09:04 2005 => Object "SrchAsst Spyware/Adware" found in File System! Action Taken: No Action Taken.


---------------------------------

THANKS A LOT FOR YOUR HELP AND YOUR KNOWLEDGE
  • 0

#4
therock247uk
Posted 06 June 2005 - 12:10 PM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
Your log is clean :tazz:

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
To protect yourself further:
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.

Credit to PGPhantom for canned speech.
  • 0

#5
therock247uk
Posted 25 June 2005 - 07:10 PM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP