Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

TROJAN.ADMINCASH

Started by CKOLSTOE , Feb 18 2005 03:43 PM

  • Please log in to reply

#1
CKOLSTOE
Posted 18 February 2005 - 03:43 PM

CKOLSTOE

    New Member

  • Member
  • Pip
  • 2 posts
I am wondering if someone could please help me with removing a virus. It is trojan.admincash and it is really pissing me off. I have all kinds of spware because of it and i keep running ad-ware and i keep deleting files but they keep building up in there. It also hijacked my homepage and goes to about:blank. I have windows 2000 professinal. Thank you
  • 0

Advertisements

#2
Besttechie
Posted 18 February 2005 - 04:51 PM

Besttechie

    Visiting Staff

  • Member
  • PipPipPip
  • 386 posts
Hi,

Please download, install, update and run,

Spybot Search and Destroy
http://www.snapfiles...get/spybot.html

Then, run the following scan:

http://housecall.antivirus.com/

After that, download and run,

HijackThis 1.99.1 (Direct Download)
run it, hit scan now, hit save log, then copy the logfile here myself or someone who knows how to analyze HJT logs.

Make sure you put HijackThis in a permanent folder such as, C:\HijackThis\HijackThis.exe

Good luck! :tazz:

B
  • 0

#3
CKOLSTOE
Posted 03 March 2005 - 10:04 AM

CKOLSTOE

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
This is the log file that i saved from hijack this.

Logfile of HijackThis v1.98.2
Scan saved at 9:56:55 AM, on 3/3/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\chris\Local Settings\Temp\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O15 - Trusted Zone: *.frame.crazywinnings.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai...uditControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = OFE.COM
O17 - HKLM\System\CCS\Services\Tcpip\..\{26157FEB-61B9-4A9A-91D3-1A0B79E02F30}: NameServer = 10.10.4.10,10.10.4.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = OFE.COM
  • 0
Back to Windows XP, 2000, 2003, NT · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Windows XP, 2000, 2003, NT

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP