Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

rdrv.sys and trojan.cachecache

Started by Jack Torse , Aug 20 2005 09:36 PM

  • This topic is locked This topic is locked

#1
Jack Torse
Posted 20 August 2005 - 09:36 PM

Jack Torse

    New Member

  • Member
  • Pip
  • 2 posts
I searched geekstogo for the same problem and followed all instructions exactly how they where illustrated for other members. I also followed all directions illustrated at symantec.com to remove trojan.cachecachekit . All attemps where unsuccessfull. Also I should add that my adaware software keeps blocking something in C:\\WINNT\svchost. Symantec AntiVirus detects but can not quaranteen or delete trojan.cachecachekit.

rdrv.sys keeps re-appearing after deleting manually. I have made the necessary deletions and modifications in regedit as instructed by symantec and other sources which all were very similar.

I updated and ran the following software as instructed and got the following results: This was done in safemode with no network cable connected.

Windows Update: Windows 2000 Advanced Server - All Updates completed
Adaware SE: No spyware detected - all clean
CleanUp! - deleted alot of stuff
CWShredder - nothing was present exept for "CWS.AboutBlank"
SpyBot S&D - Nothing found
Ewido - nothing found or fixed
TrojanHunter - no trojan found (Symantec however finds Trojan.cache.cache.kit)

All software illustrated above was ran exactly how described in the following webpage: http://www.geekstogo...?showtopic=2852

PS. The primary purpose of this server is to run Lintivity software (Very similar to WebEx) and LogmeIn.com which is a web hosted PCanywhere.



Logfile of HijackThis v1.99.1
Scan saved at 10:50:23 PM, on 8/20/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\Chat Anywhere\chatanyw.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\NetTime\NeTmSvNT.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wins.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\dns.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\WINNT\Explorer.EXE
C:\Program Files\NetTime\NetTime.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Chat Anywhere\NTService.exe
C:\Documents and Settings\Administrator\My Documents\My Downloads\Virus Clean RR\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [WDTRAYSetup] C:\Program Files\Linktivity\connectionpoint\cnptray.exe
O4 - HKLM\..\Run: [NetTime] C:\Program Files\NetTime\NetTime.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DCB7DBA-5895-4492-86F1-C24CEE5C883F}: NameServer = 10.240.89.215
O17 - HKLM\System\CCS\Services\Tcpip\..\{A16F488B-9A7A-45D6-98F4-60A3D09F2014}: NameServer = 10.240.89.215
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Chat Anywhere - LionMax Software - C:\Program Files\Chat Anywhere\NTService.exe
O23 - Service: Linktivity MS ConnectionPoint (ConnectionPoint) - Linktivity, Inc. - C:\PROGRA~1\LINKTI~1\CONNEC~1\CONNEC~1.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Linktivity Sun ConnectionPoint (jService) - Spartacom, Inc. - c:\progra~1\Linktivity\ConnectionPoint\jService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - 3am Labs, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - 3am Labs, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: NetTime (NetTimeSvc) - Unknown owner - C:\Program Files\NetTime\NeTmSvNT.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Windows Kernel - Unknown owner - C:\WINNT\svchost.exe
  • 0

Advertisements

#2
Buckeye_Sam
Posted 25 August 2005 - 07:33 AM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hi and welcome to GeeksToGo! My name is Sam and I will be helping you. :tazz:

I apologize for the delay getting to your log, the helpers here are very busy.
If you still need help, please post a fresh Hijack log, in this thread, so I can help you with your Malware Problems.

If you have resolved this issue please let us know.
  • 0

#3
Jack Torse
Posted 29 August 2005 - 10:40 AM

Jack Torse

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
I resolved the problem on my own. I re-formated my harddrive and reinstalled windows. This took much less time than trying to extract the virus.
  • 0

#4
Buckeye_Sam
Posted 29 August 2005 - 03:46 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
An extreme and unnecessary step, but thanks for letting me know.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP