Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan BackDoor.Generic.XYH

Started by EricT , Jan 23 2006 01:49 PM

  • Please log in to reply

#1
EricT
Posted 23 January 2006 - 01:49 PM

EricT

    New Member

  • Member
  • Pip
  • 1 posts
Here is my HiJack This log:
Logfile of HijackThis v1.99.1
Scan saved at 11:41:10 AM, on 1/23/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\msdtc.exe
C:\PROGRA~1\DIALOGIC\BIN\ANMLOGGERSERVER.exe
C:\PROGRA~1\DIALOGIC\BIN\ANMSUPPLIERSERVER.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
D:\sandi\lib\cd_svc.exe
C:\PROGRA~1\Dialogic\bin\ctbbserv.exe
C:\PROGRA~1\DIALOGIC\OOC\BIN\NTEVEN~1.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\system32\vanquish\Winit\EXPLORER\ssonsvrs.exe
c:\MySQL\Bin\mysqld-nt.exe
C:\PROGRA~1\DIALOGIC\OOC\BIN\NTNAME~1.EXE
C:\WINNT\system32\vanquish\tmp\ncshell.exe
C:\WINNT\system32\vanquish\tmp\nc.exe
C:\Nuance\V8.5.0\bin\win32\watcher-daemon-win32-service.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
D:\sandi\lib\seneca_mapi_svc.exe
D:\sandi\lib\seneca_mgr_svc.exe
C:\Nuance\V8.5.0\bin\win32\nlm.exe
D:\sandi\lib\seneca_sec_svc.exe
C:\Nuance\V8.5.0\bin\win32\nlm.exe
C:\WINNT\Slave.exe
C:\WINNT\system32\svchost.exe
C:\Nuance\V8.5.0\bin\win32\resource-manager.exe
C:\PROGRA~1\DIALOGIC\BIN\ANMCHANNELFACTORYSERVER.exe
C:\PROGRA~1\DIALOGIC\BIN\ANMCHANNELSERVER.exe
C:\WINNT\system32\Dfssvc.exe
C:\PROGRA~1\Dialogic\bin\dlgc_srv.exe
C:\Nuance\V8.5.0\bin\win32\compilation-server.exe
C:\Nuance\V8.5.0\bin\win32\recserver.exe
D:\sandi\lib\seneca_svc.exe
C:\WINNT\system32\javaw.exe
D:\SANDi\SANDiFax.exe
C:\WINNT\system32\javaw.exe
C:\Nuance\Vocalizer4.0\bin\win32\vocalizer.exe
C:\WINNT\System32\svchost.exe
D:\SANDi\Lib\SenecaCore.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Atiptaxx.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\SANDi\Lib\avstSysMgr.exe
C:\MySQL\bin\winmysqladmin.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\seneca\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.avstgroup.com/
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [PRONoMgrWired] c:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Update] C:\WINNT\
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - Global Startup: Seneca System Manager.lnk = D:\SANDi\Lib\avstSysMgr.exe
O4 - Global Startup: WinMySQLAdmin.lnk = C:\MySQL\bin\winmysqladmin.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://tsweb.voicepro.com/msrdp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BB69535-4ED5-4671-BCF9-981CF8692016}: NameServer = 206.13.28.12,206.13.29.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{7BB69535-4ED5-4671-BCF9-981CF8692016}: NameServer = 206.13.28.12,206.13.29.12
O17 - HKLM\System\CS2\Services\Tcpip\..\{7BB69535-4ED5-4671-BCF9-981CF8692016}: NameServer = 206.13.28.12,206.13.29.12
O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll
O23 - Service: AnmChannelFactoryServer - Dialogic Corporation - C:\PROGRA~1\DIALOGIC\BIN\ANMCHANNELFACTORYSERVER.exe
O23 - Service: AnmChannelServer - Dialogic Corporation - C:\PROGRA~1\DIALOGIC\BIN\ANMCHANNELSERVER.exe
O23 - Service: AnmLoggerServer - Dialogic Corporation - C:\PROGRA~1\DIALOGIC\BIN\ANMLOGGERSERVER.exe
O23 - Service: AnmSupplierServer - Dialogic Corporation - C:\PROGRA~1\DIALOGIC\BIN\ANMSUPPLIERSERVER.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Dialogic Boardserver (Boardserver) - Intel Corp. - C:\WINNT\SYSTEM32\BOARDS~1.EXE
O23 - Service: Seneca Compile Daemon (cd_svc) - Unknown owner - D:\sandi/lib/cd_svc.exe
O23 - Service: CT Bus Broker (CTBusBroker) - Dialogic Corporation - C:\PROGRA~1\Dialogic\bin\ctbbserv.exe
O23 - Service: Dialogic System Service (Dialogic) - Dialogic Corporation - C:\PROGRA~1\Dialogic\bin\dlgc_srv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ORBacus Event Service (EventService) - Unknown owner - C:\PROGRA~1\DIALOGIC\OOC\BIN\NTEVEN~1.EXE
O23 - Service: faxinit - Unknown owner - C:\WINNT\bfax\runfaxin.exe
O23 - Service: FireDaemon Service: msagent (msagent) - Sublime Solutions Pty Ltd - C:\WINNT\security\FireDaemon.exe
O23 - Service: Secondary Logins (mstscs) - Cat Soft - C:\WINNT\system32\vanquish\Winit\EXPLORER\ssonsvrs.exe
O23 - Service: MySql - Unknown owner - c:\MySQL\Bin\mysqld-nt.exe
O23 - Service: ORBacus Naming Service (NamingService) - Unknown owner - C:\PROGRA~1\DIALOGIC\OOC\BIN\NTNAME~1.EXE
O23 - Service: NetCat - Unknown owner - C:\WINNT\system32\vanquish\tmp\ncshell.exe
O23 - Service: FireDaemon Service: netclient (netclient) - Sublime Solutions Pty Ltd - C:\WINNT\security\FireDaemon.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Nuance Watcher Daemon - Unknown owner - C:\Nuance\V8.5.0\bin\win32\watcher-daemon-win32-service.exe
O23 - Service: Windows Remote Procedure Call Monitoring Service (rpcsvc) - Unknown owner - C:\WINNT\system32\rpcsvc.exe (file missing)
O23 - Service: Seneca MAPI Service - Unknown owner - D:\sandi/lib/seneca_mapi_svc.exe
O23 - Service: Seneca API Server (seneca_mgr_svc) - Unknown owner - D:\sandi/lib/seneca_mgr_svc.exe
O23 - Service: Seneca Security (seneca_sec_svc) - Unknown owner - D:\sandi/lib/seneca_sec_svc.exe
O23 - Service: Seneca (seneca_svc) - Unknown owner - D:\sandi/lib/seneca_svc.exe
O23 - Service: RA Server (Slave) - TWD Industries SAS - C:\WINNT\Slave.exe
O23 - Service: FireDaemon Service: winsecure (winsecure) - Sublime Solutions Pty Ltd - C:\WINNT\security\FireDaemon.exe
  • 0

Advertisements

#2
Wizard
Posted 24 January 2006 - 07:05 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hi EricT and Welcome to GeekstoGo!

First off,can you tell me what this PC is used for?

Work or Personal(Home)?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP