Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Yet another one!


  • This topic is locked This topic is locked

#31
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Run the online scan from Panda and copy and paste the results.

http://www.pandasoft...n_principal.htm

You will need to use Internet Explorer to download.
  • 0

Advertisements


#32
BlackVinyl

BlackVinyl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
I finally managed to get a report. :tazz:
Here are the details:


Incident Status Location

Adware:Adware/Popuper No disinfected C:\Documents and Settings\All Users\Desktop\Online Dating.url
Adware:Adware/Smitfraud No disinfected Windows Registry
Adware:Adware/Antivirus-gold No disinfected C:\WINNT\screen.html
Virus:W32/Sdbot.EEX.worm Disinfected C:\CFBD.exe
Virus:Application/Poliphonic No disinfected Personal Folders\Personal\11.02 Coding Workshop Polyphonic Wizard 2.3.3.zip[cwpolywz.file]
Adware:Adware/Popuper No disinfected C:\Documents and Settings\All Users\Desktop\Online Dating.url
Adware:Adware/Popuper No disinfected C:\Documents and Settings\All Users\Desktop\Remove Spyware.url
Adware:Adware/Antivirus-gold No disinfected C:\WINNT\screen.html
Adware:Adware/Antivirus-gold No disinfected C:\WINNT\system32\hookdump.exe.filez
Virus:W32/Codbot.AV.worm Disinfected C:\WINNT\system32\Netlib.exe
Virus:W32/Sdbot.EEX.worm Disinfected C:\WINNT\system32\phqghum.exe
Now where do we go from here? ;)

BV
  • 0

#33
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
irus:Application/Poliphonic No disinfected Personal Folders\Personal\11.02 Coding Workshop Polyphonic Wizard 2.3.3.zip[cwpolywz.file]

what is the above?
  • 0

#34
BlackVinyl

BlackVinyl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Hello,
Coding Workshop Polyphonic Wizard 2.3.3.zip is a program that allows you to send polyphonic ring tones to your mobile/cell phone via the internet.

BV
  • 0

#35
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
yes, I saw that in doing a search. there were also several references to it being a cracked program. is that true?
  • 0

#36
BlackVinyl

BlackVinyl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
I think so, but I have never used it so I don't know for certain whether it's cracked or whether it works or not.

Where do we go from here?

BV
  • 0

#37
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
If you're running a cracked copy of something, I can't help you. It's in our board guidelines.
  • 0

#38
BlackVinyl

BlackVinyl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
OK then.
I will remove it and delete it.
I will let you know when I have done it.

Cheers,

BV
  • 0

#39
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
After you remove it, please run a new log and post it here.
  • 0

#40
BlackVinyl

BlackVinyl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
OK will do.
Now, when you say new log, do you mean HJT or Active Scan?

Cheers,

BV
  • 0

Advertisements


#41
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Hijack This log.
  • 0

#42
BlackVinyl

BlackVinyl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Hi,
I was thinking about what you said regarding that prog, however, when I reformatted the pc prior to getting this virus/trojan, I never installed the program again, so it should not be on there at all!!!

I don't know how it appeared in your searching techniques? :tazz:

However, I did a search on my pc and found a couple of links for that prog but they seemed to be html links only. Nevertheless, I still deleted them.

I will run another HJT log and post it for you to see.

Thanks,

BV ;)

Edited by BlackVinyl, 07 July 2005 - 02:24 AM.

  • 0

#43
BlackVinyl

BlackVinyl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Hi there,
OK I got the latest HJT log for you, but as I said, that prog should not be on this pc as I formatted the HD not even a week before it was infected again.

Here's the log...

Logfile of HijackThis v1.99.1
Scan saved at 11:56:50 PM, on 7/07/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\SpySweeperV3.2.0.147\SpySweeper.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\trojfix\HJT\HijackThis.exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program

Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\SpySweeperV3.2.0.147\SpySweeper.exe" /0
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat

6.0\Distillr\acrotray.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B6D28B5-5136-4712-B297-27953F1D9DEC}: NameServer =

192.189.54.17 203.8.183.1
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp.

- C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation -

C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Net Functions Library (Netlib) - Unknown owner - C:\WINNT\system32\Netlib.exe

(file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

Let me know what you would like me to do next.

Thanks,

BV
  • 0

#44
BlackVinyl

BlackVinyl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Oh, I forgot 1 thing... the past few days I have been receiving a warning from Norton that I have a virus by the name of...
W32.Desktophijack in the file c:\winnt\system32\wininet.dll

Norton is unable to repair or delete it.

Thanks,

BV
  • 0

#45
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
I am holding off on this because of your infection. One of our members has been asking for samples of this infection and I wanted to see if he wanted to look at it :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP