|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
![]() |
|
Topic Tools |
#1
|
|||
|
|||
Trojan Virus....Hijack This Log...
After running a Symantec scan today I found the virus and it could not be deleted, quarantined or fixed. The results:
The compressed file sup.reg within C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\APT27YXO\caliba(1).exe is infected with the IRC trojan virus. I am a novice on the pc, so any instructions will have to be very simple, basically a step by step...sorry, still learning. I ran a log file: Logfile of HijackThis v1.99.1 Scan saved at 6:10:14 PM, on 3/26/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe C:\WINDOWS\System32\hphmon04.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\HSN\bar\1.bin\hsnSkPly.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\HPHipm11.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bellsouth.net/ R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: hsnBar BHO - {57ECFB51-CD00-4b9d-961A-704E762AC529} - C:\Program Files\HSN\bar\1.bin\HSNBAR.DLL O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &HSN ShopBar - {57ECFB59-CD00-4b9d-961A-704E762AC529} - C:\Program Files\HSN\bar\1.bin\HSNBAR.DLL O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [HSN Skin Tools Alerts] "C:\Program Files\HSN\bar\1.bin\hsnSkPly.exe" Alerts O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...a/LSSupCtl.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.yorkphoto.com/YorkActivia.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Windows XP...thank you, Kislanya |
#2
|
||||
|
||||
Hello Kislanya,
Click Start>Run then type cleanmgr This will open Disk Cleanup program - allow it to Temporary Internet Files and Temporary Files Reboot is SAFE MODE and scan with Symantec again. Reboot and post the results of the scan. |
#3
|
|||
|
|||
Quote:
I want to know as in further reading at the board, it was suggested after getting rid of a virus to 'wash out system restore' or words to that effect. Do I need to do that and if so, how? Thank you so much...Kislanya |
#4
|
||||
|
||||
Yes, it is good to clean out your System Restore (in case you need to use it that you do not reinfect yourself)
First, you need to TURN OFF System Restore by following these steps: Click START - Then right-click on My Computer and select Properties Click the System Restore tab. Place a check mark next to Turn off System Restore on all drives Click Apply > Yes REBOOT Follow the same steps to TURN ON System Restore. |
#5
|
|||
|
|||
Sytem restore..
Quote:
Well even I can follow those instructions....thanks so much, this board is amazing....best wishes, Kislanya ![]() |
#6
|
||||
|
||||
You are very welcome
![]() |
#7
|
|||
|
|||
Recommendations needed....
Now that you have helped me get rid of the virus, I am wondering about my pc's anti-virus protection coverage overall.
I have the Symantec, Spyware Blaster and Spybot software which I update constantly and run weekly. Is there any other software that you would recommend besides these? Thank you, Kislanya |
#8
|
||||
|
||||
That is fairly good protection. Does your Symantec include a firewall?
Basic suggestions for security: One firewall One Anti-virus 1-2 AntiSpyware I would suggest that if Symantec doesn't include a firewall that you get one. I would also suggest getting another anti-spyware program (AVG AntiSpyware, SUPERAntiSpyware, Dr. Web's CureIt, Windows Defender, to name a few) There is a good post to read here |
#9
|
|||
|
|||
Firewall but...
Quote:
Kislanya ![]() |
#10
|
||||
|
||||
It depends on the firewall and how it is setup. I have had no problems ZoneAlarm
|
#11
|
|||
|
|||
Quote:
Kislanya ![]() |
#12
|
||||
|
||||
ZoneAlarm is very user-friendly. Others are not. Some firewalls block whatever the programmer decides. ZoneAlarm is customizable after it is downloaded to allow you to download. I would be EXTREMELY careful downloading ANYTHING through Limewire since most things on there are illegal copies or malware.
|
#13
|
|||
|
|||
Boy that's what I don't want to read...
They charge to be a member there and I run that kind of a risk? So then I am guessing that a firewall pretty much won't help against that kind of issue. It's outrageous that they charge if members can infect their pc's so easily...KIslanya
|
#14
|
||||
|
||||
Yes, it is. They charge in order to pay for the storage space, speed, updates, etc. They don't control what people upload or download. A firewall does help though - and the newest version of Limewire helps with firewalls
|
![]() |
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
![]() |
||||
Topic | Topic Starter | Forum | Replies | Last Post |
HIjack Log (Trojan.ZLOB virus) | danielrp | Malware Removal | 1 | July 23rd, 2006 01:01 PM |
please help get rid of trojan virus. hijack this inside | youngmonc | Malware Removal | 10 | May 21st, 2006 05:25 AM |
Hijack This Log- Virus/Trojan? | badatcomputers | Malware Removal | 5 | April 9th, 2006 01:15 AM |
Hijack This Log - Trojan, Virus Troubles | pepplerpee | Malware Removal | 5 | December 8th, 2005 12:41 PM |
PLEASE HELP. mllmj.dll has trojan virus (Hijack This log inside) | mel1978 | Malware Removal | 31 | September 25th, 2005 01:47 PM |
All times are GMT +1. The time now is 11:48 PM.