Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Downloader In D Drive ?


  • This topic is locked This topic is locked
1 reply to this topic

#1 nomonkeytricks

nomonkeytricks

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 22 July 2007 - 06:21 AM

Hello, Friends

I ran a BitDefender online scan and found this warning about Trojan Downloader in D drive, but later ran SuperAntiSpyware in SafeMode and didn't turn up too much. I've also posted my recent HJT log. I don't really understand exactly what D drive is, anyway. Thanking you in advance !

BitDefender Online Scanner



Scan report generated at: Sat, Jul 21, 2007 - 19:47:00





Scan path: A:\;C:\;D:\;E:\;F:\;







Statistics

Time
00:54:47

Files
54223

Folders
2679

Boot Sectors
4

Archives
939

Packed Files
4045




Results

Identified Viruses
1

Infected Files
1

Suspect Files
2

Warnings
0

Disinfected
0

Deleted Files
2




Engines Info

Virus Definitions
639849

Engine build
AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\System Volume Information\_restore{63BD18D1-38A9-4DB1-B978-32AA2ED123BF}\RP760\A0094488.dll
Infected with: Generic.Malware.SIMDWYNVdprn.D9407F4E

C:\System Volume Information\_restore{63BD18D1-38A9-4DB1-B978-32AA2ED123BF}\RP760\A0094488.dll
Disinfection failed

C:\System Volume Information\_restore{63BD18D1-38A9-4DB1-B978-32AA2ED123BF}\RP760\A0094488.dll
Deleted

C:\System Volume Information\_restore{63BD18D1-38A9-4DB1-B978-32AA2ED123BF}\RP760\A0094489.dll
Suspected of: Generic.Malware.L!.637395CE

C:\System Volume Information\_restore{63BD18D1-38A9-4DB1-B978-32AA2ED123BF}\RP760\A0094489.dll
Disinfection failed

C:\System Volume Information\_restore{63BD18D1-38A9-4DB1-B978-32AA2ED123BF}\RP760\A0094489.dll
Deleted

D:\Installer\Core\APConfig.dll
Suspected of: Trojan.Downloader.Gen

D:\Installer\Core\APConfig.dll
Disinfection failed

D:\Installer\Core\APConfig.dll
Delete failed




SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/22/2007 at 00:08 AM

Application Version : 3.9.1008

Core Rules Database Version : 3272
Trace Rules Database Version: 1283

Scan type : Complete Scan
Total Scan Time : 03:29:59

Memory items scanned : 150
Memory threats detected : 0
Registry items scanned : 4173
Registry threats detected : 0
File items scanned : 21546
File threats detected : 1

Adware.Tracking Cookie
C:\Documents and Settings\Viviane\Cookies\viviane@partner2profit[2].txt




Logfile of HijackThis v1.99.1
Scan saved at 5:55:28 AM, on 7/22/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\notepad.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

BC AdBot (Login to Remove)

 


#2 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:39 PM

Posted 05 August 2007 - 01:19 PM

Hi nomonkeytricks, :flowers:

If you still need help please post a fresh HijackThis log and I'll be happy to look at it for you.

A new version of HijackThis has now been released, so before you repost your log please download and install the new version by following the instructions in Step 9 of the Preparation Guide For Use Before Posting A Hijackthis Log. Note that it is unnecessary to uninstall the old version because the new one will be copied to a different folder.

Thanks for your patience! :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users