Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HELP I GOT TROJAN.AGENT/TROJAN.DOWNLOWNLOAD.AGENT


  • Please log in to reply

#1
EffectedByTrojan

EffectedByTrojan

    New Member

  • Member
  • Pip
  • 3 posts
[FONT=Times][SIZE=7]

a few days ago my computer would restart by itself and then the computer says the system has recovered from a serious error and what probaly caused it was Trojan.Agent.Cp/Trojan.Downloader.Agent.Lg. now when i restart the computer it just cuts of without goin through the windows is saving files and restarting screen. it come back on with that black screen that says "run safe mode/run windows normally/start from last working or something like that and all that" i got to run normally and it restarts over and over and goes back to the same screen. then i went to Start from last working or something. it come on and says it just recovered from a serious error as i was saying in the beginning heres a HJT LOG
HOW DO I FIX THIS!? it doesnt restart or shutdown right no more.

Logfile of HijackThis v1.99.1
Scan saved at 3:19:34 AM, on 9/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\ofbpht\ahcqw.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\PROGRA~1\COMMON~1\WinTools\WSup.exe
C:\Program Files\eM\Bay Reader\Shwicon2k.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\fthwoq\csdibt.exe
C:\WINDOWS\system32\kkhy\xjpfnfou.exe
C:\WINDOWS\system32\tbvfwtqc\muapb.exe
C:\WINDOWS\system32\mctxv\ieky.exe
C:\WINDOWS\system32\yoohb\ifxrtwbo.exe
C:\WINDOWS\system32\fsgxg\gfqnfh.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
C:\Program Files\Netscape\Netscape Browser\netscape.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Documents and Settings\Sabrina Provens\My Documents\My Music\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = 1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
N4 - Mozilla: user_pref("browser.startup.homepage", "http://home.bellsouth.net"); (C:\Documents and Settings\Sabrina Provens\Application Data\Mozilla\Profiles\default\i7ij0law.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\Sabrina Provens\Application Data\Mozilla\Profiles\default\i7ij0law.slt\prefs.js)
O1 - Hosts: 216.39.69.102 view.atdmt.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: COMMUNICATOR - {4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} - C:\WINDOWS\system32\communicator.dll (file missing)
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: COMMUNICATOR - {4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} - C:\WINDOWS\system32\communicator.dll (file missing)
O4 - HKLM\..\Run: [showicon2k] C:\Program Files\\eM\Bay Reader\Shwicon2k.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [2N85L533MR#GJT] C:\WINDOWS\System32\Qiii.exe
O4 - HKLM\..\Run: [ostQ3sW] crercl.exe
O4 - HKLM\..\Run: [dmjexsn] C:\WINDOWS\dmjexsn.exe
O4 - HKLM\..\Run: [ncnwz] C:\WINDOWS\ncnwz.exe
O4 - HKLM\..\Run: [rutebar] C:\WINDOWS\rutebar.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [csdibt] C:\WINDOWS\system32\fthwoq\csdibt.exe
O4 - HKLM\..\Run: [xjpfnfou] C:\WINDOWS\system32\kkhy\xjpfnfou.exe
O4 - HKLM\..\Run: [muapb] C:\WINDOWS\system32\tbvfwtqc\muapb.exe
O4 - HKLM\..\Run: [ieky] C:\WINDOWS\system32\mctxv\ieky.exe
O4 - HKLM\..\Run: [ahcqw] C:\WINDOWS\system32\ofbpht\ahcqw.exe
O4 - HKLM\..\Run: [ifxrtwbo] C:\WINDOWS\system32\yoohb\ifxrtwbo.exe
O4 - HKLM\..\Run: [gfqnfh] C:\WINDOWS\system32\fsgxg\gfqnfh.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKCU\..\Run: [Usrr] C:\Documents and Settings\Sabrina Provens\Application Data\rncr.exe
O4 - HKCU\..\Run: [WNST] C:\WINDOWS\System32\wnsapisv.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\RunServices: [p2pnetwork] p2pnetwork.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1126456874859
O23 - Service: ahcqwofbpht - Unknown owner - C:\WINDOWS\system32\ofbpht\ahcqw.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DigiChat 4.0 Server (DigiChat_4.0_Server) - Unknown owner - C:\PROGRA~1\DIGICH~1.0\DIGICH~2.EXE (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe
  • 0

Advertisements


#2
EffectedByTrojan

EffectedByTrojan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
WHAT THE BUINESS BE! THESE STUPID A [bleep]AZ AINT NEVA GET MY REPLY NOW I DONE STARTED THE WHOLE THING OVER AND LOST ALL MY FILES YALL DONT HELP BLACK PEOPLE! [bleep]ES! :tazz: :) :woot: [font=Arial Black] :) [font=Arial Black][size=7]
  • 0

#3
EffectedByTrojan

EffectedByTrojan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
[size=7] WHATS UP B!TCHES YALL AINT NEVER GET MY REPLY, WHY CAUSE IM BLACK? CANT HELP US OUT. STUPID A$$E$ AINT WORTH A GOD DAYUM THING DUMBA$$ HOE$ FUKK YALL! I BEEN WAITIN FOR 3 MONTHS AND YALL STILL HAVENT GOTTEN TO ME. PLAIN AND SIMPLE FUKK U B!TCH A$$ HOE$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP