Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HJT log for Trojan.Cachecachekit


  • Please log in to reply

#1
bxd20

bxd20

    New Member

  • Member
  • Pip
  • 1 posts
Norton couldn't do anything with it.

Scan type: Auto-Protect Scan
Event: Threat Found!
Threat: Trojan.Cachecachekit
File: C:\WINNT\system32\rdriv.sys
Location: C:\WINNT\system32
Computer: ###########
User: SYSTEM
Action taken: Clean failed : Quarantine failed : Delete succeeded : Access denied
Date found: Tuesday, November 08, 2005 9:10:24 AM

Please help me clean this. It is on an important server that I have unplugged from the network. Log file is below.
THANKS!!
Brian


Logfile of HijackThis v1.99.1
Scan saved at 9:55:36 AM, on 11/8/2005
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Dell\SysMgt\dataeng\bin\dcevt32.exe
C:\Program Files\Dell\SysMgt\dataeng\bin\dcstor32.exe
C:\Program Files\SAV\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\system32\cba\pds.exe
C:\Program Files\Dell\SysMgt\sm\mr2kserv.exe
C:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe
C:\Program Files\Shavlik Technologies\NetChk Patch\5.1.0.237\HfNetChkProService.exe
E:\Monitoring\NSClient\pNSClient.exe
C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
C:\Program Files\Dell\SysMgt\oma\bin\omsad32.exe
C:\Program Files\Dell\OpenManage\Drac\client\RacAddrs.exe
C:\Program Files\Dell\SysMgt\iws\bin\win32\omaws32.exe
C:\WINNT\System32\snmp.exe
C:\Program Files\SAV\Rtvscan.exe
C:\Program Files\Dell\SysMgt\Array Manager\VxSvc.exe
C:\Program Files\Artisoft\WinBEEP 32\Shared\WirelessServer.exe
C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ams_ii\hndlrsvc.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\system32\ams_ii\iao.exe
C:\WINNT\system32\cba\xfr.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Dell\OpenManage\Drac\client\CmdSrvr.exe
C:\PROGRA~1\SAV\VPTray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Documents and Settings\mcneillp\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O4 - HKLM\..\Run: [CYBERRAC] C:\Program Files\Dell\OpenManage\Drac\client\CmdSrvr.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SAV\VPTray.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinBEEP 32 Paging Server Startup.lnk = C:\Program Files\Artisoft\WinBEEP 32\Shared\Islaunch.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121176552945
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124385201831
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = oec.oeconnection.com
O17 - HKLM\Software\..\Telephony: DomainName = oec.oeconnection.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{C48DBA7D-0B46-4D3E-B16A-82C888CD10A0}: NameServer = 172.17.17.20,172.17.17.21
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = oec.oeconnection.com
O20 - Winlogon Notify: dimsntfy - C:\WINNT\SYSTEM32\dimsntfy.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
O23 - Service: Systems Management Event Manager (dcevt32) - Dell Inc. - C:\Program Files\Dell\SysMgt\dataeng\bin\dcevt32.exe
O23 - Service: Systems Management Data Manager (dcstor32) - Dell Inc. - C:\Program Files\Dell\SysMgt\dataeng\bin\dcstor32.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\SAV\DefWatch.exe
O23 - Service: Intel Alert Handler - Intel® Corporation - C:\WINNT\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - Intel® Corporation - C:\WINNT\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINNT\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINNT\system32\cba\pds.exe
O23 - Service: Chong3 Me (MlCR0SOFTS UPDATEe) - Unknown owner - C:\WINNT\N0rtan.exe
O23 - Service: mr2kserv - LSI Logic Corporation - C:\Program Files\Dell\SysMgt\sm\mr2kserv.exe
O23 - Service: NetChk Patch Service (NetChkPatch) - Unknown owner - C:\Program Files\Shavlik Technologies\NetChk Patch\5.1.0.237\HfNetChkProService.exe
O23 - Service: Nagios Agent (NSClient) - ClearCentral Software Inc - E:\Monitoring\NSClient\pNSClient.exe
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
O23 - Service: OM Common Services (omsad) - Dell Inc. - C:\Program Files\Dell\SysMgt\oma\bin\omsad32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: DRAC AddressBook Server (RacAddrBook) - American Megatrends Inc. - C:\Program Files\Dell\OpenManage\Drac\client\RacAddrs.exe
O23 - Service: DRAC CardObject Server (RacObject) - American Megatrends Inc. - C:\Program Files\Dell\OpenManage\Drac\client\MStation.exe
O23 - Service: Secure Port Server (Server Administrator) - Dell Computer Corporation - C:\Program Files\Dell\SysMgt\iws\bin\win32\omaws32.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\SAV\Rtvscan.exe
O23 - Service: Disk Management Service (vxsvc) - VERITAS Software Corp. - C:\Program Files\Dell\SysMgt\Array Manager\VxSvc.exe
O23 - Service: WinBEEP 32 Paging Server - Artisoft, Inc. - C:\Program Files\Artisoft\WinBEEP 32\Shared\WirelessServer.exe
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP