-Download.Agent, located in C:\Documents And Settings\Jono\Local Settings\Temp\THI5202.tmp\polall1l.exe
and
-Torjan Horse Dropper, located in C:\temp\installer2
AVG detects the viruses but is unable to heal or quarantine the files, and my Trend Micro virus scanner doesn't detect them at all.
I've run Search & Destroy and deleted anything it picked up. I was unable to run the latest version of Adaware SE, because the program locks up after scanning about 1000 files, don't know what the problem is there.
The viruses don't seem to be doing anything drastic to my system, except that my internet connection status always seems to show that I'm sending and receiving a lot of bytes, even when I'm not browsing or running any software that requries the internet.
Any help would be greatly appreciated.
Here is my Hijack this log.
Logfile of HijackThis v1.97.7
Scan saved at 6:28:43 PM, on 4/10/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\Windows SyncroAd\SyncroAd.exe
C:\WINNT\system32\WMP23.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\WinNTinit32.exe
C:\Program Files\Windows SyncroAd\WinSync.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_SICN03.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smh.com.au/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Microsoft Updatting] miroupdate.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] Winregs32.exe
O4 - HKLM\..\Run: [Plug And Play] msnmsg.exe
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [Windows Service Update] winsysupdate.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft WinUpdate] WinNTinit32.exe
O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
O4 - HKLM\..\Run: [Windows Media Player] WMP23.exe
O4 - HKLM\..\RunServices: [Microsoft Updatting] miroupdate.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] Winregs32.exe
O4 - HKLM\..\RunServices: [Plug And Play] msnmsg.exe
O4 - HKLM\..\RunServices: [Windows Service Update] winsysupdate.exe
O4 - HKLM\..\RunServices: [Microsoft WinUpdate] WinNTinit32.exe
O4 - HKLM\..\RunServices: [Windows Media Player] WMP23.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Microsoft Updatting] miroupdate.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] Winregs32.exe
O4 - HKCU\..\Run: [Plug And Play] msnmsg.exe
O4 - HKCU\..\Run: [Windows Service Update] winsysupdate.exe
O4 - HKCU\..\Run: [Microsoft WinUpdate] WinNTinit32.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.windowsupdate.com
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windup...43f7497194f6505
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8232.1861226852
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.media-mo...t/cabs/mmed.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E72E2FA7-7EF1-44E9-BC79-41226803448A}: NameServer = 203.88.255.99 203.88.240.88