Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

rdrv.sys and trojan.cachecache


  • This topic is locked This topic is locked

#1
Jack Torse

Jack Torse

    New Member

  • Member
  • Pip
  • 2 posts
I searched geekstogo for the same problem and followed all instructions exactly how they where illustrated for other members. I also followed all directions illustrated at symantec.com to remove trojan.cachecachekit . All attemps where unsuccessfull. Also I should add that my adaware software keeps blocking something in C:\\WINNT\svchost. Symantec AntiVirus detects but can not quaranteen or delete trojan.cachecachekit.

rdrv.sys keeps re-appearing after deleting manually. I have made the necessary deletions and modifications in regedit as instructed by symantec and other sources which all were very similar.

I updated and ran the following software as instructed and got the following results: This was done in safemode with no network cable connected.

Windows Update: Windows 2000 Advanced Server - All Updates completed
Adaware SE: No spyware detected - all clean
CleanUp! - deleted alot of stuff
CWShredder - nothing was present exept for "CWS.AboutBlank"
SpyBot S&D - Nothing found
Ewido - nothing found or fixed
TrojanHunter - no trojan found (Symantec however finds Trojan.cache.cache.kit)

All software illustrated above was ran exactly how described in the following webpage: http://www.geekstogo...?showtopic=2852

PS. The primary purpose of this server is to run Lintivity software (Very similar to WebEx) and LogmeIn.com which is a web hosted PCanywhere.



Logfile of HijackThis v1.99.1
Scan saved at 10:50:23 PM, on 8/20/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\Chat Anywhere\chatanyw.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\NetTime\NeTmSvNT.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wins.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\dns.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\WINNT\Explorer.EXE
C:\Program Files\NetTime\NetTime.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Chat Anywhere\NTService.exe
C:\Documents and Settings\Administrator\My Documents\My Downloads\Virus Clean RR\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [WDTRAYSetup] C:\Program Files\Linktivity\connectionpoint\cnptray.exe
O4 - HKLM\..\Run: [NetTime] C:\Program Files\NetTime\NetTime.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DCB7DBA-5895-4492-86F1-C24CEE5C883F}: NameServer = 10.240.89.215
O17 - HKLM\System\CCS\Services\Tcpip\..\{A16F488B-9A7A-45D6-98F4-60A3D09F2014}: NameServer = 10.240.89.215
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Chat Anywhere - LionMax Software - C:\Program Files\Chat Anywhere\NTService.exe
O23 - Service: Linktivity MS ConnectionPoint (ConnectionPoint) - Linktivity, Inc. - C:\PROGRA~1\LINKTI~1\CONNEC~1\CONNEC~1.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Linktivity Sun ConnectionPoint (jService) - Spartacom, Inc. - c:\progra~1\Linktivity\ConnectionPoint\jService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - 3am Labs, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - 3am Labs, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: NetTime (NetTimeSvc) - Unknown owner - C:\Program Files\NetTime\NeTmSvNT.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Windows Kernel - Unknown owner - C:\WINNT\svchost.exe
  • 0

Advertisements


#2
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hi and welcome to GeeksToGo! My name is Sam and I will be helping you. :tazz:

I apologize for the delay getting to your log, the helpers here are very busy.
If you still need help, please post a fresh Hijack log, in this thread, so I can help you with your Malware Problems.

If you have resolved this issue please let us know.
  • 0

#3
Jack Torse

Jack Torse

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
I resolved the problem on my own. I re-formated my harddrive and reinstalled windows. This took much less time than trying to extract the virus.
  • 0

#4
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
An extreme and unnecessary step, but thanks for letting me know.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP