Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Aurora Problems


  • This topic is locked This topic is locked

#16
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Start from the beginning please.


Trevuren
  • 0

Advertisements


#17
KarenSt

KarenSt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Sneaky little Critter!....

ok. so I did the Killbox stuff...
I am now in the HJT sequence and am not finding
O4 - HKLM\..\Run: [tvoglqr] c:\windows\system32\vxpiju.exe r
Instead I find an entry O4 - HKLM\..\Run: [gjitsp] c:\windows\system32\cyjnpyd.exe r

Do I delete that one? Is this our mutant?
I haven't rebooted yet.... will wait on your reply.
  • 0

#18
KarenSt

KarenSt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
There was no entry for O4 - HKLM\..\Run: [tvoglqr] c:\windows\system32\vxpiju.exe r
Instead I find an entry O4 - HKLM\..\Run: [gjitsp] c:\windows\system32\cyjnpyd.exe r

I checked the cyjnpyd.exe r entry.... then fixed the entries and rebooted

NAV is now repeatedly popping up a message that a Trojan Horse was detected on my pc... it is c:\Windows\system32\cyjnpyd.exe. Norton is unable to repair it.

Logfile of HijackThis v1.99.1
Scan saved at 8:23:35 PM, on 6/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Utility\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Utility\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Utility\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\Utility\Norton SystemWorks\WinFax\WFXMOD32.EXE
C:\WINDOWS\System32\Fast.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\Utility\NORTON~1\NORTON~1\navapw32.exe
C:\Utility\NORTON~1\WinFax\WFXSWTCH.exe
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\fast.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Utility\WinKey\WinKey.exe
C:\WINDOWS\Explorer.exe
C:\Documents and Settings\Current User\Desktop\Computer\spyware adware removal tools\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Utility\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Utility\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NAV Agent] C:\Utility\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\Utility\NORTON~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - Global Startup: WinKey.lnk = C:\Utility\WinKey\WinKey.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Blackjack - http://download.game...nts/y/jt0_x.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.game...s/y/mjst3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potb_x.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://support.chart...ad/tgctlins.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://support.chart...oad/tgctlcm.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse....iveX/winrep.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft....ayx_vp6_aac.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.c...ebio5_1_3_0.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{06E0DC6E-C905-4D80-BFDC-260A4AF0AE67}: NameServer = 24.196.64.39,24.196.64.40
O17 - HKLM\System\CS1\Services\Tcpip\..\{06E0DC6E-C905-4D80-BFDC-260A4AF0AE67}: NameServer = 24.196.64.39,24.196.64.40
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Utility\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Utility\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Utility\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WinFax Basic Edition (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE
  • 0

#19
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Killbox the file and this one: C:\WINDOWS\svcproc.exe

USE straight kill It may 5-6 tries

Then run Norton again and get back to me please


Trevuren
  • 0

#20
KarenSt

KarenSt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I understatnd "Killbox the file and this one: C:\WINDOWS\svcproc.exe"

What do you mean by "USE straight kill It may 5-6 tries"... Do you just mean repeat Killbox (in normal mode) on it 5-6 times / however many time it takes??? Do I not make extra effort to check these boxes : Standard File Kill & End Explorer Shell While Killing file... or do I check them too.

Do I reboot between KillBox kills? - assuming not since you didn't say so... do I just repeatedly enter the " C:\WINDOWS\svcproc.exe" until it says file not found

BTW... Norton keeps popping up the message telling me there is a Virus Detected.. and the name is Trojan Horse. Do I shut down NAV during this process?
  • 0

#21
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
All excellent questions.

1) If you shut down Norton, make sure that you are unplugged from the internet

2) No reboot. Just paste file and path as many times as it takes to kill it off completely (if it hasn't worked after 5 times, forget it)

3) Try it with just Standard File Kill


Have fun


Trevuren
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP