strange process running
Started by
ktownkatman
, Aug 31 2005 05:53 PM
#1
Posted 31 August 2005 - 05:53 PM
#2
Posted 31 August 2005 - 06:07 PM
#3
Posted 31 August 2005 - 06:14 PM
roflmao just did a virusscan on the file from http://virusscan.jotti.org/. Here' my results:
File: libsys32.exe
Status: INFECTED/MALWARE
MD5 7b2ec5bda3cc8f876f55b01989b92351
Packers detected: PE_PATCH.MORPHINE, MORPHINE, UPX
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Backdoor.SDBot.C647398C
ClamAV Found nothing
Dr.Web Found Win32.HLLW.ForBot.based
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found Backdoor.Win32.SdBot.gen
NOD32 Found a variant of Win32/Rbot
Norman Virus Control Found W32/SDBot.RTO
UNA Found nothing
VBA32 Found nothing
Last file scanned at least one scanner reported something about: ecarding.exe, detected by:
Scanner Malware name
AntiVir TR/Keylogger.BP.2
ArcaVir Trojan.Spy.Keylogger.Bp
Avast X
AVG Antivirus PSW.Keylog.S
BitDefender Trojan.Spy.Keylogger.BP
ClamAV Trojan.Spy.Keylogger.CC
Dr.Web Trojan.Elite.10
F-Prot Antivirus security risk or a "backdoor" program
Fortinet W32/Small.U-tr
Kaspersky Anti-Virus Trojan-Spy.Win32.KeyLogger.cc
NOD32 Win32/Spy.Elite.10.A
Norman Virus Control W32/KeyLogger.CC
UNA Trojan.Spy.Win32.KeyLogger
VBA32 Trojan-Spy.Win32.KeyLogger.cc
Now how do i get rid of it? ad-aware came up clean.
File: libsys32.exe
Status: INFECTED/MALWARE
MD5 7b2ec5bda3cc8f876f55b01989b92351
Packers detected: PE_PATCH.MORPHINE, MORPHINE, UPX
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Backdoor.SDBot.C647398C
ClamAV Found nothing
Dr.Web Found Win32.HLLW.ForBot.based
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found Backdoor.Win32.SdBot.gen
NOD32 Found a variant of Win32/Rbot
Norman Virus Control Found W32/SDBot.RTO
UNA Found nothing
VBA32 Found nothing
Last file scanned at least one scanner reported something about: ecarding.exe, detected by:
Scanner Malware name
AntiVir TR/Keylogger.BP.2
ArcaVir Trojan.Spy.Keylogger.Bp
Avast X
AVG Antivirus PSW.Keylog.S
BitDefender Trojan.Spy.Keylogger.BP
ClamAV Trojan.Spy.Keylogger.CC
Dr.Web Trojan.Elite.10
F-Prot Antivirus security risk or a "backdoor" program
Fortinet W32/Small.U-tr
Kaspersky Anti-Virus Trojan-Spy.Win32.KeyLogger.cc
NOD32 Win32/Spy.Elite.10.A
Norman Virus Control W32/KeyLogger.CC
UNA Trojan.Spy.Win32.KeyLogger
VBA32 Trojan-Spy.Win32.KeyLogger.cc
Now how do i get rid of it? ad-aware came up clean.
#4
Posted 31 August 2005 - 06:22 PM
#5
Posted 31 August 2005 - 06:22 PM
OMG how the [bleep] did i get a keylogger?
#6
Posted 31 August 2005 - 06:24 PM
noooooooo dont put me in the malware forum!!!!! it takes forever to get a reply! and besides libsys32.exe is makin hijackthis not work.
#7
Posted 31 August 2005 - 06:35 PM
#8
Posted 31 August 2005 - 06:39 PM
He has me confused.
He has 4 different post.
He has 4 different post.
#9
Posted 31 August 2005 - 06:43 PM
OK i got past that sneaky [bleep] virus-malware. i started in safe mode and put libsys32.exe in trash. now hjt works fine heres my log
Logfile of HijackThis v1.99.1
Scan saved at 8:31:47 PM, on 8/31/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\CallWave\IAM.exe
C:\Documents and Settings\Andy H\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runescape.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft System Checkup] libsys32.exe
O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
O4 - HKLM\..\RunServices: [Microsoft System Checkup] libsys32.exe
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1124467439366
O23 - Service: NT login service (ntlogin32) - Unknown owner - C:\WINDOWS\System32\libsys32.exe (file missing)
Logfile of HijackThis v1.99.1
Scan saved at 8:31:47 PM, on 8/31/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\CallWave\IAM.exe
C:\Documents and Settings\Andy H\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runescape.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft System Checkup] libsys32.exe
O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
O4 - HKLM\..\RunServices: [Microsoft System Checkup] libsys32.exe
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1124467439366
O23 - Service: NT login service (ntlogin32) - Unknown owner - C:\WINDOWS\System32\libsys32.exe (file missing)
#10
Posted 31 August 2005 - 06:44 PM
eat that stupid virus-malware:-) I'm smarter than you nah nah nah nah boo boo. lmao
#11
Posted 31 August 2005 - 07:04 PM
#12
Posted 31 August 2005 - 09:30 PM
#13
Posted 01 September 2005 - 04:54 AM
already have SP2...
#14
Posted 01 September 2005 - 08:09 AM
Logfile of HijackThis v1.99.1
Scan saved at 8:31:47 PM, on 8/31/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
NOT according to your HJT log !!
Wanna tell us another one ??
Murray
Scan saved at 8:31:47 PM, on 8/31/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
NOT according to your HJT log !!
Wanna tell us another one ??
Murray
Edited by Murray S., 01 September 2005 - 08:09 AM.
#15
Posted 04 September 2005 - 06:21 AM
Uhh... it wont let me download sp2 from windows update then...
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users