Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Bad pings bcz of a spyware?


  • Please log in to reply

#1
viper151

viper151

    Member

  • Member
  • PipPip
  • 47 posts
2 hours before i downloaded something..nod wanted to terminate the access but i anted this file so much :tazz:

so i have a trojan now and cant find it..

when i log on windows shows up a window with my connections saying that pc wants to connect to an address with the extension .ru


this is my hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 8:44:05 μμ, on 7/11/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WINPAT~1.EXE
C:\DOCUME~1\viper151\LOCALS~1\Temp\Rar$EX30.938\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1033
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{628E080D-C907-4784-A324-CD89396F7F74}: NameServer = 193.92.150.3 194.219.227.2
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

and nod when i didnt push the button terminate showed up this


Time	Module	Object	Name	Threat	Action	User	Information
7/11/2005 19:26:23 ìì	IMON	archive	http://w02.easy-sharing.com/61165/zZPyUWUv3cG497A58K7B/crack.zip	a variant of Win32/TrojanDropper.Agent.YZ trojan	quarantined	SIMOS\viper151	


thanks in advance

Edited by viper151, 07 November 2005 - 12:51 PM.

  • 0

Advertisements


#2
viper151

viper151

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Scan performed at: 7/11/2005 19:31:10 ìì
Date: 7.11.2005 Time: 19:31:12
Scanned disks, folders and files: C:\Documents and Settings\viper151\Desktop\crack.zip
C:\Documents and Settings\viper151\Desktop\crack.zip »ZIP »keygen.exe - a variant of Win32/TrojanDropper.Agent.YZ trojan
Number of scanned files: 2
Number of threats found: 1
Number of active threats: 1
Time of completion: 19:31:23 Total scanning time: 11 sec (00:00:11)

and thats the trojan direct from the file i download..

Edited by viper151, 07 November 2005 - 02:09 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP