Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Bad pings bcz of a spyware?

Started by viper151 , Nov 07 2005 12:49 PM

  • Please log in to reply

#1
viper151
Posted 07 November 2005 - 12:49 PM

viper151

    Member

  • Member
  • PipPip
  • 47 posts
2 hours before i downloaded something..nod wanted to terminate the access but i anted this file so much :tazz:

so i have a trojan now and cant find it..

when i log on windows shows up a window with my connections saying that pc wants to connect to an address with the extension .ru


this is my hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 8:44:05 μμ, on 7/11/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WINPAT~1.EXE
C:\DOCUME~1\viper151\LOCALS~1\Temp\Rar$EX30.938\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1033
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{628E080D-C907-4784-A324-CD89396F7F74}: NameServer = 193.92.150.3 194.219.227.2
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
and nod when i didnt push the button terminate showed up this


Time	Module	Object	Name	Threat	Action	User	Information
7/11/2005 19:26:23 ìì	IMON	archive	http://w02.easy-sharing.com/61165/zZPyUWUv3cG497A58K7B/crack.zip	a variant of Win32/TrojanDropper.Agent.YZ trojan	quarantined	SIMOS\viper151

thanks in advance

Edited by viper151, 07 November 2005 - 12:51 PM.

  • 0

Advertisements

#2
viper151
Posted 07 November 2005 - 02:07 PM

viper151

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Scan performed at: 7/11/2005 19:31:10 ìì
Date: 7.11.2005 Time: 19:31:12
Scanned disks, folders and files: C:\Documents and Settings\viper151\Desktop\crack.zip
C:\Documents and Settings\viper151\Desktop\crack.zip »ZIP »keygen.exe - a variant of Win32/TrojanDropper.Agent.YZ trojan
Number of scanned files: 2
Number of threats found: 1
Number of active threats: 1
Time of completion: 19:31:23 Total scanning time: 11 sec (00:00:11)

and thats the trojan direct from the file i download..

Edited by viper151, 07 November 2005 - 02:09 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP