[Closed] Help me to remove a trojan called ngg[1].js

Computer forums for help with removing malicious software (malware) and improving computer security

Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

What the Tech > Spyware / Malware / Virus Removal > HijackThis™ Logs and Infections Removal

[Closed] Help me to remove a trojan called ngg[1].js

Options

Danne View Member Profile	Aug 5 2008, 12:57 AM Post #1
New Member Group: New Member Posts: 1 Joined: 5-August 08 Member No.: 80,763 Operating System: xp	Hi! When I surfed around the web I got a virus warning from AVG but it couldn't remove it. I would be very happy if anyone can help me remove this virus before something serious happens to my work computer. As I read on this forum I have copyed info from HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:45:28, on 2008-08-05 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program\Intel\Wireless\Bin\EvtEng.exe C:\Program\Intel\Wireless\Bin\S24EvMon.exe C:\Program\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Program\Grisoft\AVG7\avgamsvr.exe C:\Program\Grisoft\AVG7\avgupsvc.exe C:\Program\Grisoft\AVG7\avgemc.exe C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\Tablet.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\WTablet\TabUserW.exe C:\WINDOWS\system32\Tablet.exe C:\WINDOWS\Explorer.EXE C:\Program\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Program\ATI Technologies\ATI.ACE\cli.exe C:\Program\Synaptics\SynTP\SynTPEnh.exe C:\Program\Dell\QuickSet\quickset.exe C:\Program\Intel\Wireless\bin\ZCfgSvc.exe C:\Program\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program\Delade filer\InstallShield\UpdateService\issch.exe C:\Program\Dell\MediaDirect\PCMService.exe C:\Program\Grisoft\AVG7\avgcc.exe C:\Program\Windows Defender\MSASCui.exe C:\Program\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program\NetWaiting\netwaiting.exe C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program\Skype\Phone\Skype.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\Messenger\msmsgs.exe C:\Program\Windows Live\Messenger\MsnMsgr.Exe C:\Program\Digital Line Detect\DLG.exe C:\Program\Skype\Plugin Manager\skypePM.exe C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program\ATI Technologies\ATI.ACE\cli.exe C:\Program\Windows Live\Messenger\usnsvc.exe C:\Program\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program\Grisoft\AVG7\avgwb.dat C:\Program\Internet Explorer\iexplore.exe C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program\Adobe\Adobe Photoshop CS2\Photoshop.exe C:\WINDOWS\system32\svchost.exe C:\DOCUME~1\Daniel\LOKALA~1\Temp\Adobelm_Cleanup.0001 C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe C:\DOCUME~1\Daniel\LOKALA~1\Temp\Adobelm_Cleanup.0001 C:\Program\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=6070321 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.korthuset.se/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row&channel=se&ibd=6070321 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.se/ig/dell?hl=sv&cli...amp;ibd=6070321 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program\BAE\BAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [PCMService] "C:\Program\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKCU\..\Run: [ModemOnHold] C:\Program\NetWaiting\netwaiting.exe O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\Program\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: GARO Status Monitor.lnk = C:\Program\Canon\GAROStatusMonitor\cnwism.exe O4 - Global Startup: imagePROGRAF Status Monitor.lnk = C:\Program\Canon\GAROStatusMonitor\cnwism.exe O4 - Global Startup: Logo Calibration Loader.lnk = C:\Program\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe O4 - Global Startup: ProfileReminder.lnk = C:\Program\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://korthuset.seavus.com/ImageUploader4.cab O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.se/ImageUploader4.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3F44F417-6554-46DD-84FD-D5CC7E897759}: NameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{792A85DD-BA53-4C80-8BB5-403C41DFE337}: NameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{3F44F417-6554-46DD-84FD-D5CC7E897759}: NameServer = 192.168.1.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\Program\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgemc.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 12744 bytes Regards /Daniel This post has been edited by Danne: Aug 5 2008, 05:03 AM

LDTate View Member Profile	Aug 9 2008, 05:41 PM Post #2
Forum God Group: Root Admin Posts: 40,571 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Sorry about the delay in responding If you still need help, Scan again with HijackThis, and "copy/paste" a new log file into this thread. Also please describe how your computer behaves at the moment.

LDTate View Member Profile	Aug 21 2008, 04:39 PM Post #3
Forum God Group: Root Admin Posts: 40,571 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log

« Next Oldest · HijackThis™ Logs and Infections Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies	Topic Starter	Views	Last Action
HijackThis™ Logs and Infections Removal Malware.Trace Trojan.Vundo Tried several solutions none worked 123» 6	85	TMPLGE	1,135	22 minutes ago Last post by: TMPLGE
HijackThis™ Logs and Infections Removal {closed} Malware / Adware	12	Jared 908B	295	59 minutes ago Last post by: Jared 908B
HijackThis™ Logs and Infections Removal Backdoor.Graybird!Gen and Trojan.Horse	1	cvan	13	Today, 09:09 AM Last post by: Rorschach112
HijackThis™ Logs and Infections Removal [Closed] harison13	4	harison13	86	Today, 08:16 AM Last post by: RatHat