Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

More problems


  • Please log in to reply

#1
Betafish

Betafish

    New Member

  • Member
  • Pip
  • 3 posts
norton is finding the following:

mediaticketsinstaller.ocx Adware.CDT
mtrslib2[1].js Adware.CDT
clearlogs.exe Hacktool
SUB0T.dll Backdoor
WINMGNT.EXT Backdoor

<_<

Here's my hijack log:
Logfile of HijackThis v1.97.7
Scan saved at 7:40:20 AM, on 11/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Help\Tours\htmlTour\dll\vpt3\choco\svchostdll.exe
c:\windows\system32\server.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\lsasvc.exe
C:\WINDOWS\Help\Tours\htmlTour\dll\vpt3\choco\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\ms-ntfs.exe
C:\WINDOWS\system32\service.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\dllcache\here\winsm.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Efficient Networks\SpeedStream DSL\SPDSTRM.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\2Wire HomePortal Monitor\2portalmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hometab.bellsouth.net
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1A8D3004-E747-7E9B-8356-64550DA67A13} - C:\WINDOWS\System32\zusec.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [DSL Monitor] C:\Program Files\Efficient Networks\SpeedStream DSL\SPDSTRM.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [IISAdmin] C:\WINDOWS\system32\logonsrv.exe
O4 - HKLM\..\Run: [Microsoft AUTH Update] MSlti32.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire HomePortal Monitor\2portalmon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\RunServices: [Microsoft AUTH Update] MSlti32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft AUTH Update] MSlti32.exe
O4 - HKCU\..\Run: [Utus] C:\Documents and Settings\Nathaniel\Application Data\coe.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8107.6588541667
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft...ols/SassCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab

:D
  • 0

Advertisements


#2
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
I'll be back in a sec. Let me check something.

Regards,

Pieter
  • 0

#3
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
The biggest problem :

http://www.trendmicr...me=WORM_RBOT.FH

But you have had that for months: <_<
http://www.geekstogo...t=0

Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

O2 - BHO: (no name) - {1A8D3004-E747-7E9B-8356-64550DA67A13} - C:\WINDOWS\System32\zusec.dll (file missing)

O4 - HKLM\..\Run: [IISAdmin] C:\WINDOWS\system32\logonsrv.exe
O4 - HKLM\..\Run: [Microsoft AUTH Update] MSlti32.exe

O4 - HKLM\..\RunServices: [Microsoft AUTH Update] MSlti32.exe

O4 - HKCU\..\Run: [Microsoft AUTH Update] MSlti32.exe
O4 - HKCU\..\Run: [Utus] C:\Documents and Settings\Nathaniel\Application Data\coe.exe

Reboot after doing so, preferably Reboot into safe mode
and delete:
C:\Documents and Settings\Nathaniel\Application Data\coe.exe
c:\windows\system32\dllcache\here <= the entire folder

Then disable System Restore, reboot, and re-enable System Restore.
Disabling or enabling Windows XP System Restore

Then do an online virusscan for example here: http://housecall.antivirus.com/

Truthfully, I think you have a rootkit on board and it will probably be faster and safer to reinstall the entire computer. I would certainly advise to change any passwords on that computer after we are done and not to store anything private on it unless you are sure it's clean and secure.

Regards,

Pieter
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP