 [Resolved] Trojans, Popups |
Welcome! Register for a free account (or login) > How does it work?
|
|
 Jan 11 2008, 03:05 PM
Post
#1
|
|
|
New Member  Group: New Member Posts: 14 Joined: 11-January 08 Member No.: 75,873 Operating System: windows XP  |
Hi,
My PC had a trojans detected by avast, put in chest. Then l started receiving popup stating my computer is infected. recommend special spyware tools. This popup has a yellow triangle w/explanation point in it. Along with Internet speed Monitor.and QDRModule11 wanting access. Ran avast, Adware, Spybot, removed threats. Yellow triange still in taskbar . Downloaded SuperAntispyware.Found Trojan.Vundo/varient,and Trojan.Winfixer, Trojan. unclassified/Fakealert. Internet Speed monitor disappeared. Downloaded and ran VundoFix.(nothing found) Now weird thing are happening Pc allows all cookies, my search page wants to change, and can no longer connect to outlook explorer. Yellow triange still in taskbar Ran SmitfraudFix on 1/8 . Log is below after reading on the forum decided to run HJT and ask for help. Please SmitFraudFix v2.274 Scan done at 21:11:43.40, Tue 01/08/2008 Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix.exe by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{247F9EAB-0971-4CFC-AB7B-CAF49B3E1E7D}: DhcpNameServer=10.0.0.3 HKLM\SYSTEM\CCS\Services\Tcpip\..\{AE96172A-A3B1-4562-ACC9-454AF8CF4445}: DhcpNameServer=10.0.0.3 HKLM\SYSTEM\CS1\Services\Tcpip\..\{247F9EAB-0971-4CFC-AB7B-CAF49B3E1E7D}: DhcpNameServer=10.0.0.3 HKLM\SYSTEM\CS1\Services\Tcpip\..\{AE96172A-A3B1-4562-ACC9-454AF8CF4445}: DhcpNameServer=10.0.0.3 HKLM\SYSTEM\CS2\Services\Tcpip\..\{247F9EAB-0971-4CFC-AB7B-CAF49B3E1E7D}: DhcpNameServer=10.0.0.3 HKLM\SYSTEM\CS2\Services\Tcpip\..\{AE96172A-A3B1-4562-ACC9-454AF8CF4445}: DhcpNameServer=10.0.0.3 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.3 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.3 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.3 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "DefaultDomainName"="GATEWAY_SYSTEM" "System"="" "AltDefaultDomainName"="GATEWAY_SYSTEM" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End VundoFix V6.7.7 Checking Java version... Sun Java not detected Scan started at 9:25:09 AM 1/11/2008 Listing files found while scanning.... No infected files were found. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:05:16 PM, on 1/11/2008 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\QuickTime\qttask .exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Documents and Settings\Owner\Application Data\jtnhrtydtphz.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\System32\HPZipm12.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\notepad.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/rlidOfficeUpdate?clid=1033 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe O4 - HKLM\..\Run: [843c3fa7] rundll32.exe "C:\WINDOWS\System32\csmwqskl.dll",b O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [Microsft Windows Adapter 5.1.3013] C:\Documents and Settings\Owner\Application Data\deox.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 4940 bytes |
 |
 
|
|
Replies
|
Jan 12 2008, 07:19 AM
Post
#2
|
|
 Forum God  Group: Root Admin Posts: 48,364 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276 
|
You have a few infection which infects legitimate files, it can be a bit of a pain
1. Download RenV.exe by sUBs to your desktop 2. Double click on it to run it It will search your system drive looking for any modified .exe file and will produce a log for you. 3. Please copy and paste this report to your reply |
|
|
|
Posts in this topic
lorah90 [Resolved] Trojans, Popups Jan 11 2008, 03:05 PM
LDTate Hello and Welcome to the forum.
Any reason you ha... Jan 11 2008, 06:05 PM lorah90 Thank you so much for your time.
I did as you said... Jan 11 2008, 10:27 PM lorah90 this explain the missing shortcuts on the desktop.... Jan 12 2008, 08:25 AM LDTate Now please run a new combofix scan
Close any o... Jan 12 2008, 08:30 AM lorah90 Thanks for taking time out of your Sat.
Here are t... Jan 12 2008, 09:15 AM LDTate Open notepad and copy/paste the text in the Codebo... Jan 12 2008, 09:26 AM lorah90 The computer seems to be running alot better, fast... Jan 12 2008, 10:05 AM LDTate These may look like duplicts but they're not. ... Jan 12 2008, 10:29 AM lorah90 Here is the RenV log
CODERan on Sat 01/12/2008 -... Jan 12 2008, 11:16 AM LDTate Your Zonealarm and Avast4 will need to be re-insta... Jan 12 2008, 11:24 AM lorah90 Having a bit of a problem.
When the computer resta... Jan 12 2008, 12:06 PM LDTate OK. I'll post a new fix in a minute or two Jan 12 2008, 12:08 PM LDTate Open notepad and copy/paste the text in the quoteb... Jan 12 2008, 12:13 PM lorah90 After reboot same Run Dll error came up.
Here are ... Jan 12 2008, 12:44 PM LDTate Close all windows and browsers.
Open HijackThis
... Jan 12 2008, 12:53 PM lorah90 deleted file on reboot am still not able to get u... Jan 12 2008, 01:31 PM LDTate 1.Click Start > Settings > Control Panel.
2... Jan 12 2008, 01:35 PM lorah90 Logfile of Trend Micro HijackThis v2.0.2
Scan save... Jan 12 2008, 02:53 PM LDTate Did you try to update windows? Jan 12 2008, 03:03 PM lorah90 yes 2 times said updates were installed Jan 12 2008, 03:04 PM LDTate Well it didn't work.
Your HJT log would look ... Jan 12 2008, 03:07 PM lorah90 tried again to update SP1 showed 0 files
ran HJ... Jan 12 2008, 03:41 PM
LDTate QUOTE (lorah90 @ Jan 12 2008, 03:41 PM) t... Jan 13 2008, 07:00 AM lorah90 Hi.
Last night I ran Avast this is the only protec... Jan 13 2008, 12:53 PM LDTate Good job
Click START then RUN Now type Combof... Jan 13 2008, 12:57 PM lorah90 Thank You for all your help and time.I am now inst... Jan 13 2008, 03:16 PM LDTate I use Sygate myself.
Go with one of the older vers... Jan 13 2008, 03:34 PM LDTate Great job
You're more then welcome.
Glad ... Jan 13 2008, 04:04 PM LDTate Since this issue appears to be resolved ... this T... Jan 13 2008, 04:04 PM |
Similar Topics
| Topic Title | Replies | Topic Starter | Views | Last Action | |||
|---|---|---|---|---|---|---|---|
 |
29 | Stormicats | 1,198 | Today, 03:58 PM Last post by: extremeboy |
|||
 |
9 | lin0056 | 124 | Today, 02:34 PM Last post by: LDTate |
|||
|
3 | dadafount | 39 | Today, 02:18 PM Last post by: dadafount |
|||
|
12 | km1234 | 169 | Yesterday, 11:41 PM Last post by: Tomk |
|||
|
Time is now: 17th March 2010 - 06:11 PM |
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy
