|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
|||
|
|||
Trojan Horse Downloader Keenval.N
Please can someone help? I have a Trojan Horse Downloader Keenval.N and can't get shut of it. I have windows XP and when i run AVG 7 the infected file shows but AVG will not heal it. This is driving me mad so any help would be gratefully appreciated.Logfile of HijackThis v1.98.2
Scan saved at 12:13:54, on 11/12/2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\gsicon.exe C:\WINDOWS\system32\dslagent.exe C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\WINDOWS\kdx\KHost.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\LVComS.exe C:\PROGRA~1\PESTPA~1\PPControl.exe C:\PROGRA~1\PESTPA~1\PPMemCheck.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\AOL 9.0a\aoltray.exe C:\Program Files\Paltalk\pnetaware.exe C:\Program Files\AOL 9.0a\waol.exe C:\Program Files\AOL 9.0a\shellmon.exe C:\Program Files\Common Files\AOL\aoltpspd.exe C:\Documents and Settings\Gary Hyslop\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar3_28.dll O3 - Toolbar: (no name) - {224530A0-C9CB-4AEE-9C0F-54AC1B533211} - (no file) O3 - Toolbar: (no name) - {499EC06F-BD6A-4738-A61E-2EB12C4E78D1} - (no file) O3 - Toolbar: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar3_28.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SUPASTATUS] C:\Program Files\Internet Explorer\Connection Wizard\status.exe O4 - HKLM\..\Run: [Reg Check] C:\WINDOWS\System32\lpt.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O12 - Plugin for .mp4: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...192437fc021adc O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/ga...mmon/ieell.cab O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/comput...up/qdiagcc.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molb...4/mcinsctl.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} - http://www.surfsecret.com/inst/PPInstaller.exe O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole...rcadeRdxIE.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molb...21/mcgdmgr.cab O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4D4751E6-00BF-401D-8677-31C22ED18E59}: NameServer = 152.163.0.26 205.188.64.153 O17 - HKLM\System\CCS\Services\Tcpip\..\{624C178D-F147-4FFE-BC62-1B557161C7EC}: NameServer = 195.93.48.134 |
#2
|
|||
|
|||
Hi,
Don't let HijackThis on your desktop, but create a new folder only for it (example : c:\HJT). --------- Close all browser windows, run only HijackThis and check: R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe O3 - Toolbar: (no name) - {224530A0-C9CB-4AEE-9C0F-54AC1B533211} - (no file) O3 - Toolbar: (no name) - {499EC06F-BD6A-4738-A61E-2EB12C4E78D1} - (no file) O3 - Toolbar: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar3_28.dll O4 - HKLM\..\Run: [Reg Check] C:\WINDOWS\System32\lpt.exe Click "Fix checked". Then, reboot in safe mode, make sure that you can see the hidden files and folders and delete: C:\Program Files\QuickSearch <-the folder C:\WINDOWS\System32\lpt.exe Empty the recycle bin. In which file does AVG report this trojan ? Post a new log, please. |
#3
|
|||
|
|||
Many thanks Acrobaze, i think i've got shut of it. Once again ta very much.
|
#4
|
|||
|
|||
You're welcome, Gaz777 !
|
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
Trojan horse Downloader.VB.4.F | capturethehorse | Malware Removal | 49 | September 3rd, 2004 12:23 PM |
I have a trojan horse downloader keenval | maineroses | Malware Removal | 1 | July 3rd, 2004 01:59 AM |
Trojan downloader.keenval.c | FSU Dude | Malware Removal | 3 | June 28th, 2004 01:38 AM |
trojan horse downloader keenval.c found on system . help please | scotyb_33 | Malware Removal | 1 | June 19th, 2004 03:00 AM |
2 Trojan Horses: Downloader Small.4.BQ and Keenval.C | kymba48166 | Malware Removal | 2 | April 12th, 2004 01:46 AM |
All times are GMT +1. The time now is 04:06 AM.