Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijack This Log [CLOSED]


  • This topic is locked This topic is locked

#16
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Please provide me with the name and location of the file(s) Norton identifies.

Thanks,

Trevuren

  • 0

Advertisements


#17
jupiter583

jupiter583

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Filename: icon.exe

Location: c:\windows\casicon.exe
  • 0

#18
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
I would like youu to submit ithat file to Jotti's for analysis.

1. Click HERE to get to Jotti's site.

2. At the top of the Jotti window, use the Browse button to locate the file on your system.

3. Once you have located the file, click SUBMIT and the content of the file will be uploaded by the site and analysed.

4. Please provide me with the results of the analysis.

Regards,

Trevuren

  • 0

#19
jupiter583

jupiter583

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I hope I'm doing this right but here's what it said:

File: casicon.exe
Status: INFECTED/MALWARE
MD5 b32f2b42b39fcd590d85d60bd379d252
Packers detected: UPX

Scanner results:
AntiVir Found TR/VB.QG.1
ArcaVir Found Trojan.Vb.Qg
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Trojan.Vb.QG
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found W32/VB.QG-tr
Kaspersky Anti-Virus Found Trojan.Win32.VB.qg
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found Trojan.Win32.VB.qg

Scanner Malware name
AntiVir TR/Spy.Perfloger.O
ArcaVir Trojan.Spy.Perfloger.O
Avast X
AVG Antivirus X
BitDefender Trojan.Keylogger.RT.A
ClamAV X
Dr.Web Trojan.DownLoader.2605
F-Prot Antivirus X
Fortinet Keylog/Perfect
Kaspersky Anti-Virus not-a-virus:Monitor.Win32.Perflogger.az
NOD32 Win32/Spy.PerfKey.N
Norman Virus Control X
UNA X
VBA32 Trojan.Perflog

If there was another, better or easier way for me to show you, let me know and I'll do it again.
  • 0

#20
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
That was perfect. It also shows you that not all antivirus programs are equal. Some pick up some things and not others.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Download Killbox here: http://www.downloads...org/KillBox.exe and put it on your desktop

Open Killbox

Check the following boxes:

Standard File Kill
End Explorer Shell While Killing file


Copy & paste the full path of the file below into the Killbox topmost box.

c:\windows\casicon.exe

With the full path to the file name in the topmost textbox, Click the Red X ...and for the confirmation message that will appear, you will need to click Yes

It may not delete.

If it didn't delete, use killbox to delete the file you were not able to delete as follows:

Open Killbox

Check the following boxes:

Delete on Reboot

With the full path to the file name in the topmost textbox. Click the Red X ...and for the confirmation message that will appear, you will need to click Yes

A second message will ask to Reboot now? you will need to click Yes

Note: Killbox will let you know if the file does not exist.

Note: Rescan your system to make sure it is gone. These critters often take 3-5 times to kill


Please post a HJT log for review and provide any comments about your system that you deem important.

Regards,

Trevuren

Edited by Trevuren, 13 July 2005 - 10:20 PM.

  • 0

#21
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP