Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Ceres ABI Network virus

Started by legendary one , Aug 03 2005 09:56 PM

  • Please log in to reply

#1
legendary one
Posted 03 August 2005 - 09:56 PM

legendary one

    New Member

  • Member
  • Pip
  • 1 posts
New to the network. Looks like I've got the Ceres/ABI network virus. Any help you could give would be beyond appreciated. Here's my Hijack this log.

Logfile of HijackThis v1.99.1
Scan saved at 8:55:29 PM, on 8/3/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\ibmpmsvc.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\S24EvMon.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\INSIGHT\TOOLS\Aiclient.EXE
C:\WINNT\System32\APSSRV.EXE
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\LCFD.EXE
C:\MSSQL7\binn\sqlservr.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\RegSrvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZCfgSvc.exe
C:\WINNT\system32\SUSS.EXE
C:\WINNT\System32\tardisnt.exe
C:\WINNT\System32\drivers\trcboot.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Personal Communications\PCS_AGNT.EXE
C:\WINNT\system32\1XConfig.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.Exe
C:\Program Files\NavNT\vptray.exe
C:\PROGRA~1\FileNET\IDM\fnsysmgr.exe
C:\WINNT\AGRSMMSG.exe
C:\WINNT\system32\carpserv.exe
C:\Program Files\6in1 Driver\shwicon.exe
C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfep.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
C:\Program Files\CRN\Common\Bin\CRNWMQH.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\winnt\system32\tapsgw.exe
C:\WINNT\system32\ bdll4012.exe
C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\WINNT\DvzCommon\DvzMsgr.exe
C:\Program Files\Lexmark X125\LEX125SU.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker1.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\uswsaf05\Desktop\Downloads DW\Hijack this\HijackThis.exe
C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: IncrediFindBHO Class - {0026AD90-C86F-4269-97F3-DAB4897C6D06} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
F2 - REG:system.ini: Shell=C:\WINNT\Explorer.Exe,
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\uswsaf05\Application Data\Mozilla\Profiles\default\dwgrskn1.slt\prefs.js)
O2 - BHO: (no name) - {00000049-8F91-4D9C-9573-F016E7626484} - (no file)
O2 - BHO: NavErrRedir Class - {0026AD90-C86F-4269-97F3-DAB4897C6D06} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [0FileNET System Manager] C:\PROGRA~1\FileNET\IDM\fnsysmgr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [0FileNET IDM Upgrade] C:\Program Files\FileNET\IDM\fnupgrade.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ShowIcon_AboCom Systems, Inc._6in1 Card Reader's Driver v1.15e005] "C:\Program Files\6in1 Driver\shwicon.exe" -t"AboCom Systems, Inc.\6in1 Card Reader's Driver v1.15e005"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [lcfep] "C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfep.exe"
O4 - HKLM\..\Run: [FNLocalDB] cmd /c del "C:\Program Files\FileNet\IDM\LocalDB\fnlocaldb.fnldb"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CfgDownload] C:\IXOS-ARCHIVE\bin\CfgDownload.exe
O4 - HKLM\..\Run: [CacheFix] regedit.exe /s "C:\WINNT\maxcache.reg"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [farmmext] C:\WINNT\farmmext.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ALiUSBfix] C:\WINNT\system32\ALiUSB20.exe
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINNT\system32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [CRN WMQ Exit Background Process] C:\Program Files\CRN\Common\Bin\CRNWMQH.exe
O4 - HKLM\..\Run: [3rdParty] "C:\WINNT\System32\cmd.exe" /c copy "C:\WINNT\System32\3rdparty.ini" "C:\Program Files\Xactware\Xactimate\XCentral\3rdparty.ini"
O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINNT\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [CRN5.10.04] C:\Program Files\CRN\Setup\crn_5.10.04_production.exe /s
O4 - HKLM\..\Run: [tapsgw] c:\winnt\system32\tapsgw.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - Startup: HotSync Manager.LNK = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINNT\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsear...earch.html?p=ZS
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictive...b/snnyadadf.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.8.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguar...ion/Install.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://thomsonelite...bex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E72923AB-94EF-4772-8F4B-E626B98A394F}: NameServer = 10.176.3.193,10.176.66.193
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = farmersinsurance.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = farmersinsurance.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = farmersinsurance.com
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O20 - Winlogon Notify: Sebring - C:\WINNT\system32\LgNotify.dll
O23 - Service: Asset Insight Client (AICLIENT) - Unknown owner - C:\INSIGHT\TOOLS\Aiclient.EXE
O23 - Service: Local Client Administrator (APS) - Unknown owner - C:\WINNT\System32\APSSRV.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ErrorSocketService - Farmers Insurance Group - C:\Program Files\CRN\Common\Bin\Errorsockservice.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\System32\ibmpmsvc.exe
O23 - Service: Tivoli Endpoint (lcfd) - Unknown owner - C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\LCFD.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\Oracle\Ora81\BIN\ONRSD.EXE
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINNT\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINNT\system32\S24EvMon.exe
O23 - Service: Tardis time service (Tardis) - Unknown owner - C:\WINNT\System32\tardisnt.exe
O23 - Service: TrcBoot - Unknown owner - C:\WINNT\System32\drivers\trcboot.exe
O23 - Service: VitalAgent - Lucent Technologies, VitalSoft division - C:\PROGRA~1\INS\VitalAgent\Program\VtlAgent.exe
  • 0

Advertisements

#2
darth_ash
Posted 04 August 2005 - 03:51 AM

darth_ash

    Member 1K

  • Member
  • PipPipPipPip
  • 1,382 posts
Please go to the malware forum and follow the instructions at the top....Especially the CLICK HERE .

That will give you several steps that will help you clean up 70 percent of all problems by yourself. If at the end of the process you are still having difficulty--and you may not be-- then post a hijackthis log in THAT forum.
  • 0
Back to Windows XP, 2000, 2003, NT · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Windows XP, 2000, 2003, NT

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP