Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

MSN virus


  • Please log in to reply

#1
superflygirl

superflygirl

    Member

  • Member
  • PipPip
  • 63 posts
Sorry guys...I posted this in operating systems (double post ;) )



Well I'm back and geez am I bugged !

I'm not sure, but I think this might have started through msn. Apparently I sent someone files and they sent me files, trusting eachother we asked no questions and just accepted them and tried to open them. The one I got came through as a MS-DOS extension. I tried to get task manager to run but ctrl/alt/delete isn't doing the trick. I choose task manager but it never opens !

I did a scan at HouseCall and found 2 cases of EXPL IFRAMBO.A and one TROJ LASTA.A. EXPL was found in temp internet files so I deleted all 6,890 files in that folder. The TROJ is in my drivers....RecoveryGenius\YZDLL32.DLL. I get nervous when I see anything DLL32 so I left that alone.

I don't know if it's these virus' that are causing the troubles with my task manager or if it's something I'm missing. Here's a hijackthis scan I just did...I had a look at it myself but being the geek in training I'm seeking the help of you guys (again !)

here's the scan:

Logfile of HijackThis v1.98.2
Scan saved at 9:52:25 PM, on 02/02/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\mnmsrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\PROGRA~1\ALIANT~1\HIGH-S~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINNT\system32\wuauclt.exe
C:\PROGRA~1\ALIANT~1\HIGH-S~1\app\EnterNet.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Aliant\Net Assistant\SmartBridge\MotiveSB.exe
C:\Documents and Settings\soulier\My Documents\My Received Files\RichBaby\naked_drunk.pif
C:\Documents and Settings\soulier\My Documents\My Received Files\RichBaby\naked_drunk.pif
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINNT\system32\msnj.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\winis.exe
C:\WINNT\system32\fgfd.exe
C:\WINNT\system32\fdsgdgdsf.exe
C:\WINNT\system32\nsm.exe
C:\WINNT\system32\msn.exe
C:\WINNT\system32\msnus.exe
C:\Documents and Settings\soulier\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [CorelDRAW ESSENTIALS14] C:\Program Files\Corel\CorelDRAW ESSENTIALS 2\Register\Registration.exe /title="CorelDRAW ESSENTIALS" /date=012905 serial=ES02WBD-0090061-FBU
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Aliant\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [update] winis.exe
O4 - HKLM\..\RunServices: [update] winis.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Xolox] "C:\Program Files\Xolox\Xolox.exe" -min
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Net Assistant.lnk = C:\Program Files\Aliant\Net Assistant\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab27571.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

all that sticks out to me is the proxy override.....helllllllllllllllllllp ! :tazz:
  • 0

Advertisements


#2
ilago

ilago

    Visiting Staff

  • Visiting Consultant
  • 363 posts
Hi superflygirl

You have a new worm Symantec call it W32.bropia.

Can you run this removal tool from Symantec. Follow the instructions on the page. Ask if you have any questions.

http://securityrespo...moval.tool.html

Then do an online virus scan here:

http://housecall.trendmicro.com/

Reboot if required.

Do a new HijackThis log and post it.

Edited by ilago, 03 February 2005 - 11:42 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP