Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

New W32.Toxbot variant? [CLOSED]


  • This topic is locked This topic is locked

#1
killjuliet

killjuliet

    New Member

  • Member
  • Pip
  • 1 posts
I think I may have a new W32.Toxbot variant on my system. Below I have listed (1) what I have already done, (2) why I think it is Toxbot, (3) HijackThis log.

(1). I have already taken these measures:

+Adaware SE
+Spybot S&D
+Spywareblaster
+HijackThis (eliminated hosts file)
+Trojan Hunter

+Microsoft's Malware Remover 1.6
+TrendMicro Housecall
+ca Virus Scan
+Symantec W32.Toxbot removal tool

(2). Why I think it is a W32.Toxbot variant:

When not connected to the internet, the dialer informs that the following are requesting connection:

0x80.goingformars.com
0x80.my1x1.com
0x80.my-secure.name.com
0x80.martiansong.com
0xff.memzero.info
0x80.online-software.org

Compare to TOXBOT.C variant:

0xff.devtech.us
0xff.memzero.info
0xDEADBEEF.goingformars.com
0xDEADBEEF.martiansong.com
0xDEADBEEF.my1x1.com
0xDEADBEEF.my-secure.name
mindleak.com

(3). Logfile of HijackThis v1.99.1

Scan saved at 12:36:14 PM, on 7/26/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\dxdmain.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\KatyBeth\Desktop\Maintenance- once a week\HijackThis.exe

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B8239D3-E5C9-44D2-9C16-21E51E9EF5AC}: NameServer = 207.69.188.187 207.69.188.186
O23 - Service: DirectX Graphics (dxdmain) - Unknown owner - C:\WINDOWS\System32\dxdmain.exe



Please help! :tazz:

Terry

Edited by killjuliet, 26 July 2005 - 02:15 PM.

  • 0

Advertisements


#2
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft...&DisplayLang=en
Apply the update, reboot, and post a fresh Hijack This log.
  • 0

#3
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP