Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HJT log for Trojan.Cachecachekit

Started by bxd20 , Nov 08 2005 09:18 AM

  • Please log in to reply

#1
bxd20
Posted 08 November 2005 - 09:18 AM

bxd20

    New Member

  • Member
  • Pip
  • 1 posts
Norton couldn't do anything with it.

Scan type: Auto-Protect Scan
Event: Threat Found!
Threat: Trojan.Cachecachekit
File: C:\WINNT\system32\rdriv.sys
Location: C:\WINNT\system32
Computer: ###########
User: SYSTEM
Action taken: Clean failed : Quarantine failed : Delete succeeded : Access denied
Date found: Tuesday, November 08, 2005 9:10:24 AM

Please help me clean this. It is on an important server that I have unplugged from the network. Log file is below.
THANKS!!
Brian


Logfile of HijackThis v1.99.1
Scan saved at 9:55:36 AM, on 11/8/2005
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Dell\SysMgt\dataeng\bin\dcevt32.exe
C:\Program Files\Dell\SysMgt\dataeng\bin\dcstor32.exe
C:\Program Files\SAV\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\system32\cba\pds.exe
C:\Program Files\Dell\SysMgt\sm\mr2kserv.exe
C:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe
C:\Program Files\Shavlik Technologies\NetChk Patch\5.1.0.237\HfNetChkProService.exe
E:\Monitoring\NSClient\pNSClient.exe
C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
C:\Program Files\Dell\SysMgt\oma\bin\omsad32.exe
C:\Program Files\Dell\OpenManage\Drac\client\RacAddrs.exe
C:\Program Files\Dell\SysMgt\iws\bin\win32\omaws32.exe
C:\WINNT\System32\snmp.exe
C:\Program Files\SAV\Rtvscan.exe
C:\Program Files\Dell\SysMgt\Array Manager\VxSvc.exe
C:\Program Files\Artisoft\WinBEEP 32\Shared\WirelessServer.exe
C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ams_ii\hndlrsvc.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\system32\ams_ii\iao.exe
C:\WINNT\system32\cba\xfr.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Dell\OpenManage\Drac\client\CmdSrvr.exe
C:\PROGRA~1\SAV\VPTray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Documents and Settings\mcneillp\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O4 - HKLM\..\Run: [CYBERRAC] C:\Program Files\Dell\OpenManage\Drac\client\CmdSrvr.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SAV\VPTray.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinBEEP 32 Paging Server Startup.lnk = C:\Program Files\Artisoft\WinBEEP 32\Shared\Islaunch.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121176552945
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124385201831
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = oec.oeconnection.com
O17 - HKLM\Software\..\Telephony: DomainName = oec.oeconnection.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{C48DBA7D-0B46-4D3E-B16A-82C888CD10A0}: NameServer = 172.17.17.20,172.17.17.21
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = oec.oeconnection.com
O20 - Winlogon Notify: dimsntfy - C:\WINNT\SYSTEM32\dimsntfy.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
O23 - Service: Systems Management Event Manager (dcevt32) - Dell Inc. - C:\Program Files\Dell\SysMgt\dataeng\bin\dcevt32.exe
O23 - Service: Systems Management Data Manager (dcstor32) - Dell Inc. - C:\Program Files\Dell\SysMgt\dataeng\bin\dcstor32.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\SAV\DefWatch.exe
O23 - Service: Intel Alert Handler - Intel® Corporation - C:\WINNT\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - Intel® Corporation - C:\WINNT\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINNT\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINNT\system32\cba\pds.exe
O23 - Service: Chong3 Me (MlCR0SOFTS UPDATEe) - Unknown owner - C:\WINNT\N0rtan.exe
O23 - Service: mr2kserv - LSI Logic Corporation - C:\Program Files\Dell\SysMgt\sm\mr2kserv.exe
O23 - Service: NetChk Patch Service (NetChkPatch) - Unknown owner - C:\Program Files\Shavlik Technologies\NetChk Patch\5.1.0.237\HfNetChkProService.exe
O23 - Service: Nagios Agent (NSClient) - ClearCentral Software Inc - E:\Monitoring\NSClient\pNSClient.exe
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
O23 - Service: OM Common Services (omsad) - Dell Inc. - C:\Program Files\Dell\SysMgt\oma\bin\omsad32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: DRAC AddressBook Server (RacAddrBook) - American Megatrends Inc. - C:\Program Files\Dell\OpenManage\Drac\client\RacAddrs.exe
O23 - Service: DRAC CardObject Server (RacObject) - American Megatrends Inc. - C:\Program Files\Dell\OpenManage\Drac\client\MStation.exe
O23 - Service: Secure Port Server (Server Administrator) - Dell Computer Corporation - C:\Program Files\Dell\SysMgt\iws\bin\win32\omaws32.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\SAV\Rtvscan.exe
O23 - Service: Disk Management Service (vxsvc) - VERITAS Software Corp. - C:\Program Files\Dell\SysMgt\Array Manager\VxSvc.exe
O23 - Service: WinBEEP 32 Paging Server - Artisoft, Inc. - C:\Program Files\Artisoft\WinBEEP 32\Shared\WirelessServer.exe
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP