[ktownkatman]

Just recently saw. seems very strange. very particular... uses between 3 and 7KB or mem space. when i try and close it just coms right back. Myabe the cause of hijackthis not running?? Mysterious.......

[Advertisements]

ktownkatman

Read this.

http://www.bleepingc....exe-12025.html

[Cranky]

ktownkatman

Read this.

http://www.bleepingc....exe-12025.html

[ktownkatman]

roflmao just did a virusscan on the file from http://virusscan.jotti.org/. Here' my results:



File: libsys32.exe
Status: INFECTED/MALWARE
MD5 7b2ec5bda3cc8f876f55b01989b92351
Packers detected: PE_PATCH.MORPHINE, MORPHINE, UPX
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Backdoor.SDBot.C647398C
ClamAV Found nothing
Dr.Web Found Win32.HLLW.ForBot.based
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found Backdoor.Win32.SdBot.gen
NOD32 Found a variant of Win32/Rbot
Norman Virus Control Found W32/SDBot.RTO
UNA Found nothing
VBA32 Found nothing


Last file scanned at least one scanner reported something about: ecarding.exe, detected by:

Scanner Malware name
AntiVir TR/Keylogger.BP.2
ArcaVir Trojan.Spy.Keylogger.Bp
Avast X
AVG Antivirus PSW.Keylog.S
BitDefender Trojan.Spy.Keylogger.BP
ClamAV Trojan.Spy.Keylogger.CC
Dr.Web Trojan.Elite.10
F-Prot Antivirus security risk or a "backdoor" program
Fortinet W32/Small.U-tr
Kaspersky Anti-Virus Trojan-Spy.Win32.KeyLogger.cc
NOD32 Win32/Spy.Elite.10.A
Norman Virus Control W32/KeyLogger.CC
UNA Trojan.Spy.Win32.KeyLogger
VBA32 Trojan-Spy.Win32.KeyLogger.cc



Now how do i get rid of it? ad-aware came up clean.

[Cranky]

Go here and follow all instructions.

http://www.geekstogo...-Log-t2852.html

[ktownkatman]

OMG how the [bleep] did i get a keylogger?

[ktownkatman]

noooooooo dont put me in the malware forum!!!!! it takes forever to get a reply! and besides libsys32.exe is makin hijackthis not work.

[Murray S.]

noooooooo dont put me in the malware forum!!!!! it takes forever to get a reply! and besides libsys32.exe is makin hijackthis not work.

Howdy:

Well, that's where you get to go as malware problems are handled there NOT in the XP forum (or any other for that matter) !!

Murray

[Cranky]

He has me confused.

He has 4 different post.

[ktownkatman]

OK i got past that sneaky [bleep] virus-malware. i started in safe mode and put libsys32.exe in trash. now hjt works fine heres my log


Logfile of HijackThis v1.99.1
Scan saved at 8:31:47 PM, on 8/31/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\CallWave\IAM.exe
C:\Documents and Settings\Andy H\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runescape.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft System Checkup] libsys32.exe
O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
O4 - HKLM\..\RunServices: [Microsoft System Checkup] libsys32.exe
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1124467439366
O23 - Service: NT login service (ntlogin32) - Unknown owner - C:\WINDOWS\System32\libsys32.exe (file missing)

[ktownkatman]

eat that stupid virus-malware:-) I'm smarter than you nah nah nah nah boo boo. lmao

[Cranky]

You have malware.
Post hjt log in the malware forum.

http://www.geekstogo...-Log-t2852.html

[Murray S.]

eat that stupid virus-malware:-) I'm smarter than you nah nah nah nah boo boo. lmao

You're still loaded.. still need to post a "COMPLETE" HJT log in Malware..

Suggest you upgrade to SP1 before you do!!

Murray

[ktownkatman]

already have SP2...

[Murray S.]

Logfile of HijackThis v1.99.1
Scan saved at 8:31:47 PM, on 8/31/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

NOT according to your HJT log !!

Wanna tell us another one ??

Murray

Edited by Murray S., 01 September 2005 - 08:09 AM.

[ktownkatman]

Uhh... it wont let me download sp2 from windows update then...