another post but no replies? can anyone have a look? - Geeks to Go Forums

Jump to content

Log in Register Register Malware removal guide How it works

another post but no replies? can anyone have a look? Duplicate Thread

#1 Babs cabs

  • Group: Member
  • Posts: 17
  • Joined: 18-October 05

Posted 02 November 2005 - 08:35 AM

I am using w2k pro

and this is my log and bitdefender log:

Logfile of HijackThis v1.99.1
Scan saved at 2:03:38 PM, on 11/2/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\wuapi.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\slserv.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Documents and Settings\Colomba O'Doherty\Desktop\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINNT\System32\scvhost.exe
C:\WINNT\System32\winIogon.exe
C:\WINNT\Explorer.exe
C:\WINNT\Q29sb21iYSBPJ0RvaGVydHk\command.exe
c:\regular_plugin.exe
C:\PROGRA~1\COMMON~1\oriq\oriqm.exe
C:\PROGRA~1\COMMON~1\oriq\oriqa.exe
c:\windows\sp2update00.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdlite.exe
C:\Documents and Settings\Colomba O'Doherty\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btbroadbandstart.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [Internet Help Svc] IHSVC.EXE
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [NeroFilter] NeroFilterCheck.EXE
O4 - HKLM\..\Run: [Configuration Loader] scvhost.exe
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINNT\System32\winIogon.exe
O4 - HKLM\..\Run: [msresearch] c:\windows\msresearch.exe
O4 - HKLM\..\Run: [sp2update] c:\windows\sp2update00.exe
O4 - HKLM\..\Run: [System service78] C:\WINNT\\\etb\\pokapoka78.exe
O4 - HKLM\..\RunServices: [Internet Help Svc] IHSVC.EXE
O4 - HKLM\..\RunServices: [NeroFilter] NeroFilterCheck.EXE
O4 - HKLM\..\RunServices: [Configuration Loader] scvhost.exe
O4 - HKCU\..\Run: [Internet Help Svc] IHSVC.EXE
O4 - HKCU\..\RunServices: [Internet Help Svc] IHSVC.EXE
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Documents and Settings\Colomba O'Doherty\Desktop\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EFF0D385-2B0B-4C49-A161-5C025E1858CD}: NameServer = 194.74.65.68 194.72.0.114
O20 - Winlogon Notify: ModuleUsage - C:\WINNT\system32\lrrmonui.dll
O23 - Service: Automatic Update Service (Automatic Update) - Unknown owner - C:\WINNT\System32\wuapi.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\Q29sb21iYSBPJ0RvaGVydHk\command.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINNT\SYSTEM32\slserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)




//-----------------------------------------------------------------
//
// Product: BitDefender 8 Free Edition
// Version: 8.0
//
// Created on: 02/11/2005 13:28:52
//
//-----------------------------------------------------------------


Statistics

Scan path : C:\
Folders : 3648
Files : 269063
Archives : 8906
Packed files : 27007
Identified viruses : 16
Infected files : 25
Warnings : 0
Suspect files : 1
Disinfected files : 0
Deleted files : 13
Copied files : 0
Moved files : 11
Renamed files : 0
I/O errors : 19
Scan time : 00:55:54
Scan speed (files/sec) : 80

Virus definitions : 232371
Scan plugins : 13
Archive plugins : 39
Unpack plugins : 4
Mail plugins : 6
System plugins : 1

Scan options

Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user

Scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: vscan.log
[ ] Append to existing report

Summary:

C:\113_dollarrevenue_4_0_3_9.exe=>wise0008 Infected Trojan.Downloader.TSUpdate.J
C:\113_dollarrevenue_4_0_3_9.exe=>wise0008 Deleted
C:\113_dollarrevenue_4_0_3_9.exe Update failed
C:\Documents and Settings\Colombina O'Doherty\Local Settings\Application Data\Identities\{9C7F974E-BBB1-428E-8F76-2633EE1100EC}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 2)=>[Subject: Thank you!][Date: Wed, 19 Mar 2003 14:20:30 -0000]=>(MIME part)=>thank_you.pif Infected Win32.Sobig.F@mm
C:\Documents and Settings\Colombina O'Doherty\Local Settings\Application Data\Identities\{9C7F974E-BBB1-428E-8F76-2633EE1100EC}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 2)=>[Subject: Thank you!][Date: Wed, 19 Mar 2003 14:20:30 -0000]=>(MIME part)=>thank_you.pif Deleted
C:\Documents and Settings\Colombina O'Doherty\Local Settings\Application Data\Identities\{9C7F974E-BBB1-428E-8F76-2633EE1100EC}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 2)=>[Subject: Thank you!][Date: Wed, 19 Mar 2003 14:20:30 -0000]=>(MIME part) Update
C:\Documents and Settings\Colombina O'Doherty\Local Settings\Application Data\Identities\{9C7F974E-BBB1-428E-8F76-2633EE1100EC}\Microsoft\Outlook Express\Deleted Items.dbx=>(message 2) Update
C:\Documents and Settings\Colombina O'Doherty\Local Settings\Application Data\Identities\{9C7F974E-BBB1-428E-8F76-2633EE1100EC}\Microsoft\Outlook Express\Deleted Items.dbx Update failed
C:\Documents and Settings\Default User.WINNT\Local Settings\Temporary Internet Files\Content.IE5\1CDKF0FI\drsmartload[1].exe Infected Trojan.Downloader.VB.RI
C:\Documents and Settings\Default User.WINNT\Local Settings\Temporary Internet Files\Content.IE5\1CDKF0FI\drsmartload[1].exe Disinfection failed
C:\Documents and Settings\Default User.WINNT\Local Settings\Temporary Internet Files\Content.IE5\1CDKF0FI\drsmartload[1].exe Moved
C:\Documents and Settings\Default User.WINNT\Local Settings\Temporary Internet Files\Content.IE5\MJ31N8WA\113_dollarrevenue_4_0_3_9[1].exe=>wise0008 Infected Trojan.Downloader.TSUpdate.J
C:\Documents and Settings\Default User.WINNT\Local Settings\Temporary Internet Files\Content.IE5\MJ31N8WA\113_dollarrevenue_4_0_3_9[1].exe=>wise0008 Deleted
C:\Documents and Settings\Default User.WINNT\Local Settings\Temporary Internet Files\Content.IE5\MJ31N8WA\113_dollarrevenue_4_0_3_9[1].exe Update failed
C:\Documents and Settings\Default User.WINNT\Local Settings\Temporary Internet Files\Content.IE5\VE6KMRWI\sp2update00[1].exe Infected Trojan.Downloader.Vb.NH
C:\Documents and Settings\Default User.WINNT\Local Settings\Temporary Internet Files\Content.IE5\VE6KMRWI\sp2update00[1].exe Disinfection failed
C:\Documents and Settings\Default User.WINNT\Local Settings\Temporary Internet Files\Content.IE5\VE6KMRWI\sp2update00[1].exe Moved
C:\drsmartload.exe Infected Trojan.Downloader.VB.RI
C:\drsmartload.exe Disinfection failed
C:\drsmartload.exe Moved
C:\hsis32.exe Suspect Trojan.Downloader.Win32.Adload.J
C:\hsis32.exe Disinfection failed
C:\hsis32.exe Moved
C:\Program Files\Common Files\oriq\oriqa.exe Infected Trojan.Downloader.Tsupdate.L
C:\Program Files\Common Files\oriq\oriqa.exe Disinfection failed
C:\Program Files\Common Files\oriq\oriqa.exe Moved
C:\Program Files\Common Files\oriq\oriql.exe Infected Trojan.Downloader.TSUpdate.J
C:\Program Files\Common Files\oriq\oriql.exe Deleted
C:\Program Files\Common Files\oriq\oriqm.exe Infected Trojan.Downloader.TSUpdate.K
C:\Program Files\Common Files\oriq\oriqm.exe Deleted
C:\windows\sp2update00.exe Infected Trojan.Downloader.Vb.NH
C:\windows\sp2update00.exe Disinfection failed
C:\windows\sp2update00.exe Moved
C:\WINNT\etb\nt_hide78.dll Infected Trojan.EliteBar.G
C:\WINNT\etb\nt_hide78.dll Deleted
C:\WINNT\etb\pokapoka78.exe Infected Trojan.EliteBar.G
C:\WINNT\etb\pokapoka78.exe Deleted
C:\WINNT\system32\bleh.exe Infected Backdoor.Gaobot.ABR
C:\WINNT\system32\bleh.exe Disinfection failed
C:\WINNT\system32\bleh.exe Moved
C:\WINNT\system32\lrrmonui.dll Infected Trojan.Candebe.CZ
C:\WINNT\system32\lrrmonui.dll Disinfection failed
C:\WINNT\system32\lrrmonui.dll Moved
C:\WINNT\system32\NeroFilterCheck.EXE Infected Backdoor.RBot.7B8B58AC
C:\WINNT\system32\NeroFilterCheck.EXE Deleted
C:\WINNT\system32\scvhost.exe Infected Backdoor.Gaobot.ABR
C:\WINNT\system32\scvhost.exe Disinfection failed
C:\WINNT\system32\scvhost.exe Moved
C:\WINNT\system32\VSStatmn8.exe Infected Backdoor.SDBot.E7A727AB
C:\WINNT\system32\VSStatmn8.exe Deleted
C:\WINNT\system32\winIogon.exe Infected Trojan.Dropper.Paradrop.A
C:\WINNT\system32\winIogon.exe Disinfection failed
C:\WINNT\system32\winIogon.exe Moved
C:\WINNT\system32\wuapi.exe Infected GenPack:Backdoor.SDBot.C9E1A051
C:\WINNT\system32\wuapi.exe Disinfection failed
C:\WINNT\system32\wuapi.exe Move failed
C:\WINNT\Temp\GLF1CGLF1C.EXE=>wise0008 Infected Trojan.Downloader.TSUpdate.J
C:\WINNT\Temp\GLF1CGLF1C.EXE=>wise0008 Deleted
C:\WINNT\Temp\GLF1CGLF1C.EXE Update failed
C:\WINNT\Temp\k_36B5.tmp Infected Trojan.EliteBar.F
C:\WINNT\Temp\k_36B5.tmp Disinfection failed
C:\WINNT\Temp\k_36B5.tmp Moved
C:\WINNT\Temp\tsinstall_4_0_3_8_b17.exe=>wise0010 Infected Trojan.Downloader.Targetsaver.D
C:\WINNT\Temp\tsinstall_4_0_3_8_b17.exe=>wise0010 Disinfection failed
C:\WINNT\Temp\tsinstall_4_0_3_8_b17.exe=>wise0010 Move failed
C:\WINNT\Temp\tsinstall_4_0_3_8_b17.exe=>wise0011 Infected Trojan.Downloader.TSUpdate.K
C:\WINNT\Temp\tsinstall_4_0_3_8_b17.exe=>wise0011 Deleted
C:\WINNT\Temp\tsinstall_4_0_3_8_b17.exe Update failed
C:\WINNT\Temp\tsinstall_4_0_3_8_b17.exe=>wise0012 Infected Trojan.Downloader.TSUpdate.J
C:\WINNT\Temp\tsinstall_4_0_3_8_b17.exe=>wise0012 Deleted
C:\WINNT\Temp\tsinstall_4_0_3_8_b17.exe Update failed
C:\WINNT\Temp\tsinstall_4_0_3_8_b17.exe=>wise0013 Infected Trojan.Downloader.TSUpdate.L
C:\WINNT\Temp\tsinstall_4_0_3_8_b17.exe=>wise0013 Deleted
C:\WINNT\Temp\tsinstall_4_0_3_8_b17.exe Update failed

Share this topic:


Page 1 of 1