Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Aurora Problems

Started by KarenSt , Jun 19 2005 09:47 PM

  • This topic is locked This topic is locked

#16
Trevuren
Posted 21 June 2005 - 08:47 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Start from the beginning please.


Trevuren
  • 0

Advertisements

#17
KarenSt
Posted 21 June 2005 - 09:14 PM

KarenSt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Sneaky little Critter!....

ok. so I did the Killbox stuff...
I am now in the HJT sequence and am not finding
O4 - HKLM\..\Run: [tvoglqr] c:\windows\system32\vxpiju.exe r
Instead I find an entry O4 - HKLM\..\Run: [gjitsp] c:\windows\system32\cyjnpyd.exe r

Do I delete that one? Is this our mutant?
I haven't rebooted yet.... will wait on your reply.
  • 0

#18
KarenSt
Posted 22 June 2005 - 07:29 PM

KarenSt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
There was no entry for O4 - HKLM\..\Run: [tvoglqr] c:\windows\system32\vxpiju.exe r
Instead I find an entry O4 - HKLM\..\Run: [gjitsp] c:\windows\system32\cyjnpyd.exe r

I checked the cyjnpyd.exe r entry.... then fixed the entries and rebooted

NAV is now repeatedly popping up a message that a Trojan Horse was detected on my pc... it is c:\Windows\system32\cyjnpyd.exe. Norton is unable to repair it.

Logfile of HijackThis v1.99.1
Scan saved at 8:23:35 PM, on 6/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Utility\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Utility\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Utility\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\Utility\Norton SystemWorks\WinFax\WFXMOD32.EXE
C:\WINDOWS\System32\Fast.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\Utility\NORTON~1\NORTON~1\navapw32.exe
C:\Utility\NORTON~1\WinFax\WFXSWTCH.exe
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\fast.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Utility\WinKey\WinKey.exe
C:\WINDOWS\Explorer.exe
C:\Documents and Settings\Current User\Desktop\Computer\spyware adware removal tools\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Utility\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Utility\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NAV Agent] C:\Utility\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\Utility\NORTON~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - Global Startup: WinKey.lnk = C:\Utility\WinKey\WinKey.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Blackjack - http://download.game...nts/y/jt0_x.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.game...s/y/mjst3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potb_x.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://support.chart...ad/tgctlins.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://support.chart...oad/tgctlcm.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse....iveX/winrep.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft....ayx_vp6_aac.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.c...ebio5_1_3_0.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{06E0DC6E-C905-4D80-BFDC-260A4AF0AE67}: NameServer = 24.196.64.39,24.196.64.40
O17 - HKLM\System\CS1\Services\Tcpip\..\{06E0DC6E-C905-4D80-BFDC-260A4AF0AE67}: NameServer = 24.196.64.39,24.196.64.40
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Utility\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Utility\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Utility\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WinFax Basic Edition (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE
  • 0

#19
Trevuren
Posted 22 June 2005 - 07:48 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Killbox the file and this one: C:\WINDOWS\svcproc.exe

USE straight kill It may 5-6 tries

Then run Norton again and get back to me please


Trevuren
  • 0

#20
KarenSt
Posted 22 June 2005 - 08:45 PM

KarenSt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I understatnd "Killbox the file and this one: C:\WINDOWS\svcproc.exe"

What do you mean by "USE straight kill It may 5-6 tries"... Do you just mean repeat Killbox (in normal mode) on it 5-6 times / however many time it takes??? Do I not make extra effort to check these boxes : Standard File Kill & End Explorer Shell While Killing file... or do I check them too.

Do I reboot between KillBox kills? - assuming not since you didn't say so... do I just repeatedly enter the " C:\WINDOWS\svcproc.exe" until it says file not found

BTW... Norton keeps popping up the message telling me there is a Virus Detected.. and the name is Trojan Horse. Do I shut down NAV during this process?
  • 0

#21
Trevuren
Posted 22 June 2005 - 09:02 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
All excellent questions.

1) If you shut down Norton, make sure that you are unplugged from the internet

2) No reboot. Just paste file and path as many times as it takes to kill it off completely (if it hasn't worked after 5 times, forget it)

3) Try it with just Standard File Kill


Have fun


Trevuren
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP