Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Home shopper and host trojan [CLOSED]


  • This topic is locked This topic is locked

#1
NazguL

NazguL

    Member

  • Member
  • PipPip
  • 10 posts
Hi, I,ve maintained my pc for a long time now but once again I seem to have spyware. Please could someone assist me...

Here is my log:

Logfile of HijackThis v1.99.1
Scan saved at 8:00:54 PM, on 8/18/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sdkdq.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-za\msnappau.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Ultima Online 2D\autopilot\UOAutoPilot.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\WINDOWS\slrundll.exe
C:\Program Files\Ultima Online 2D\No_Crypt_Client_2d.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\sdkbs.exe
C:\antispyware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.msn.co.za
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\sbtlo.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\sbtlo.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\sbtlo.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\sbtlo.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\sbtlo.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\sbtlo.dll/sp.html#10001
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\sbtlo.dll/sp.html#10001
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = www.msn.co.za
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = www.msn.co.za
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {BE0AF818-3A53-6BB3-FBCD-A5E558A11457} - C:\WINDOWS\system32\crvs.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [Soltek] C:\WINDOWS\System32\autorun.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-za\msnappau.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Tsl2] C:\PROGRA~1\COMMON~1\tsa\tsl2.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [iert.exe] C:\WINDOWS\iert.exe
O4 - HKLM\..\Run: [mszu32.exe] C:\WINDOWS\mszu32.exe
O4 - HKLM\..\Run: [atlsj.exe] C:\WINDOWS\atlsj.exe
O4 - HKLM\..\Run: [sdkbs.exe] C:\WINDOWS\system32\sdkbs.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1115557274854
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{820FCC4E-669E-4B06-A332-EF241F5DDAE9}: NameServer = 196.25.1.11 196.43.1.11
O23 - Service: Remote Procedure Call (RPC) Helper ( 11F#`I) - Unknown owner - C:\WINDOWS\system32\sdkdq.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe


thanks :tazz:
  • 0

Advertisements


#2
therock247uk

therock247uk

    Expert

  • Expert
  • 14,671 posts
  • MVP
Please download ewido security suite it is a trial version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

Open Ewido again
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido security suite.

Reboot and Post the report Ewido made and a new Hijackthis log here in a reply.
  • 0

#3
NazguL

NazguL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here is the HiJackThis report:

Logfile of HijackThis v1.99.1
Scan saved at 4:55:23 PM, on 8/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\antispyware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.msn.co.za
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\sbtlo.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\sbtlo.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\sbtlo.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\sbtlo.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\sbtlo.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\sbtlo.dll/sp.html#10001
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\sbtlo.dll/sp.html#10001
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = www.msn.co.za
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = www.msn.co.za
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {BE0AF818-3A53-6BB3-FBCD-A5E558A11457} - C:\WINDOWS\system32\crvs.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [Soltek] C:\WINDOWS\System32\autorun.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Tsl2] C:\PROGRA~1\COMMON~1\tsa\tsl2.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [iert.exe] C:\WINDOWS\iert.exe
O4 - HKLM\..\Run: [mszu32.exe] C:\WINDOWS\mszu32.exe
O4 - HKLM\..\Run: [atlsj.exe] C:\WINDOWS\atlsj.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1115557274854
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O23 - Service: Remote Procedure Call (RPC) Helper ( 11F#`I) - Unknown owner - C:\WINDOWS\system32\sdkdq.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

and then here is the ewido:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 4:54:27 PM, 8/21/2005
+ Report-Checksum: 30D4F16F

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{38D4D5D0-423E-4220-B6F9-30918C2AE4A4} -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{09CA52B3-703C-4B17-9690-C13F736E3DCD} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{8EA362BD-39CB-40F5-9226-73CD40999095} -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{C5991634-0185-4B0D-B4F9-6C45597962B7} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{D88DA98D-48BA-4116-96AB-77C38EAE487F} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW -> Spyware.CoolWebSearch : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\4D463624-B30F-409E-9FB9-3A3DB0\C80606F0-0A81-4E24-9D5B-4CEAA0 -> Trojan.Agent.fc : Cleaned with backup
C:\WINDOWS\69632 -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\addii32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\addll.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\addqb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apijj.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\appcj32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\appia32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\appnr.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\appwq32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\d3bt32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\d3fe.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\d3hf32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\fpf.INI:tgfks -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Gone Fishing.bmp:wjssjs -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ieok.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\imsins.log:pclxld -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\jaaste.dll -> Trojan.Agent.fc : Cleaned with backup
C:\WINDOWS\javawa32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB823559.log:pxgcyc -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB834707-IE6-20040929.115007.log:rrpzn -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB835732.log:ixribm -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\KB887472.log:esuqhq -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB888113.log:ctsjj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB891781.log:wsnvbt -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcht32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\mfcib.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mfczu32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\msed32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\msnm.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ntha.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ocmsn.log:dphvit -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\sdkjy.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\sessmgr.setup.log:zbhewv -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\setupapi.log:ksavem -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\setupapi.log.0.old:sczjrx -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32:yqaa.dll -> TrojanDownloader.Small.azk : Cleaned with backup
C:\WINDOWS\system32\addwp32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\apikn.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\apipv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\appcw.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\appef32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\appip.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\appnm32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\appof32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\apprm32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\atlej.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\atlhs.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\atlqt32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\crrm.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\guninst.exe -> Spyware.Serpo : Cleaned with backup
C:\WINDOWS\system32\ievi.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\ievy32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\javali.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\javare.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\javazc32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\mfcfe32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\mfckk32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\mfctw32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\mfcwv.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\mfcyp32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\msyk32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\netal32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netqq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\system32\netsg32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\ntgb.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\sdkoj.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\sysam.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\winoj32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\system32\winxs.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\thin-137-3-x-x.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\winco32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\wininit.ini:ktjik -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\winug32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\winul.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\winyj32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:bvsbsn -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\_default.pif:gohfy -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\_default.pif:tvkgux -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\_default.pif:vmvnc -> TrojanDownloader.Agent.bc : Cleaned with backup


::Report End

Thank you!
  • 0

#4
therock247uk

therock247uk

    Expert

  • Expert
  • 14,671 posts
  • MVP
1. Make sure your PC is set to show all hidden files and folders go here for instructions on how to do this. http://www.xtra.co.n...1916458,00.html

2. Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

3. While in safemode open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\sbtlo.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\sbtlo.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\sbtlo.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\sbtlo.dll/sp.html#10001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\sbtlo.dll/sp.html#10001
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\sbtlo.dll/sp.html#10001
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\sbtlo.dll/sp.html#10001
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {BE0AF818-3A53-6BB3-FBCD-A5E558A11457} - C:\WINDOWS\system32\crvs.dll (file missing)
O4 - HKLM\..\Run: [Tsl2] C:\PROGRA~1\COMMON~1\tsa\tsl2.exe
O4 - HKLM\..\Run: [iert.exe] C:\WINDOWS\iert.exe
O4 - HKLM\..\Run: [mszu32.exe] C:\WINDOWS\mszu32.exe
O4 - HKLM\..\Run: [atlsj.exe] C:\WINDOWS\atlsj.exe
O23 - Service: Remote Procedure Call (RPC) Helper ( 11F#`I) - Unknown owner - C:\WINDOWS\system32\sdkdq.exe (file missing)

4. Delete the folders. (if present)

C:\Program Files\Common Files\tsa\

5. Delete the files. (if present)

C:\WINDOWS\system32\sbtlo.dll
C:\WINDOWS\system32\crvs.dll
C:\WINDOWS\iert.exe
C:\WINDOWS\mszu32.exe
C:\WINDOWS\atlsj.exe
C:\WINDOWS\system32\sdkdq.exe

6. Reboot and post a new Hijackthis log here in a reply.

Edited by therock247uk, 21 August 2005 - 11:49 AM.

  • 0

#5
therock247uk

therock247uk

    Expert

  • Expert
  • 14,671 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP