I have the following programs installed and up to date
Ewido
SB S&D
Ad-Adaware
CWShredder
Hijack This
Microsoft Malicious Software removeal tool Sept. & Oct. versions
Defender Pro
Defender Pro System Utilities
Cleanup
About Buster
PV
TDS-3 (Now outdated since it went under)
Spyware Blaster
I Have just reformated by drive for the 3rdish time and I seem to keep getting this virus back. Some viruses i get are (most are files rather than the virus name):
libsysmgr (Cleaned)
mspathfinder (Cleaned)
syslog32 (Cleaned)
i.exe (Cleaned but keeps comming back)
Several TFTP#### viral files (such as TFTP1116)
Several erase_me#### files
o.exe(Cleaned)
MSAOL32DLL.exe (cleaned)
c.bat (Cleaned)
.pif(unknown)
hosts (May be cleaned)
Get the idea?
I have also downloaded firefox and am switching back to it. My HJT log is posted below but appears clean. I have a good understanding of computers and viruses and actually help people out for a hobby, but I just can't seem to figure this one out. Any Ideas?
Logfile of HijackThis v1.99.1
Scan saved at 12:15:04 AM, on 10/27/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\DEFEND~1\DEFEND~1\PopUpKiller.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\HijackThis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\DEFEND~1\DEFEND~1\PopUp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Defender\Defender Pro 2005\kav.exe /minimize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\DEFEND~1\DEFEND~1\PopUpKiller.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -noauth
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A0849F8-0245-4409-A151-61A851045A57}: NameServer = 207.217.126.81 207.217.77.82
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Labs - C:\Program Files\Defender\Defender Pro 2005\kavsvc.exe
I'll also put a silent runners log up soon. The only one that looks odd it that 017 entry. Upon futher inspection, however, it really looks legit now so, eh, ignore the last paragraph.
Ps: My system freezes up a lot but usually only when i'm on the net...
Edited by Virus Hunter BT, 26 October 2005 - 10:19 PM.
Sign In
Create Account
