Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan-downloader


  • Please log in to reply
11 replies to this topic

#1 PhoenixReneau

PhoenixReneau

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 17 August 2007 - 01:28 AM

So My computer has been running great until today. I ran a virus scan and Zone Alarm came up with this "Trojan-downloader.BAT.Ftp.ab" It said it had quarantined it, when I clicked of my comp froze up. It has done this ever time I scan. My sound also goes out and I have to reboot to get it back to working.

Here is my hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 11:28:09 PM, on 8/16/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Computer Alarm Clock] C:\PROGRA~1\COMPUT~1\cac.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Edited by PhoenixReneau, 17 August 2007 - 04:08 PM.


BC AdBot (Login to Remove)

 


#2 PhoenixReneau

PhoenixReneau
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 17 August 2007 - 06:36 PM

Still needing help

#3 sjpritch25

sjpritch25

  • Security Colleague
  • 909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:06:50 PM

Posted 19 August 2007 - 08:14 PM

Sorry for the delay.

Welcome to BC :thumbsup:

Panda Activescan
http://www.pandasoftware.com/products/activescan.htm
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on Local Disks to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Microsoft MVP Consumer Security--2007-2010

#4 PhoenixReneau

PhoenixReneau
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 19 August 2007 - 11:55 PM

Here is the report.


Incident Status Location

Virus:Trj/Sfc.A.mod Disinfected Operating system

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\DarkAntagony\Application Data\Mozilla\Firefox\Profiles\rxobnlxn.default\cookies.txt[.doubleclick.net/]

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\DarkAntagony\Application Data\Mozilla\Firefox\Profiles\rxobnlxn.default\cookies.txt[.2o7.net/]

Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\DarkAntagony\Application Data\Mozilla\Firefox\Profiles\rxobnlxn.default\cookies.txt[.goclick.com/]

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\DarkAntagony\Application Data\Mozilla\Firefox\Profiles\rxobnlxn.default\cookies.txt[ad.yieldmanager.com/]

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\DarkAntagony\Application Data\Mozilla\Firefox\Profiles\rxobnlxn.default\cookies.txt[.tribalfusion.com/]

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\DarkAntagony\Application Data\Mozilla\Firefox\Profiles\rxobnlxn.default\cookies.txt[ad.yieldmanager.com/]

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\DarkAntagony\Application Data\Mozilla\Firefox\Profiles\rxobnlxn.default\cookies.txt[.atdmt.com/]

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\DarkAntagony\Application Data\Mozilla\Firefox\Profiles\rxobnlxn.default\cookies.txt[.realmedia.com/]

Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\DarkAntagony\Application Data\Mozilla\Firefox\Profiles\rxobnlxn.default\cookies.txt[.ccbill.com/]

Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\DarkAntagony\Application Data\Mozilla\Firefox\Profiles\rxobnlxn.default\cookies.txt[.statcounter.com/]

Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\DarkAntagony\Application Data\Mozilla\Firefox\Profiles\rxobnlxn.default\cookies.txt[.yadro.ru/]

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\DarkAntagony\Application Data\Mozilla\Firefox\Profiles\rxobnlxn.default\cookies.txt[.mediaplex.com/]

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\DarkAntagony\Application Data\Mozilla\Firefox\Profiles\rxobnlxn.default\cookies.txt[.fastclick.net/]

Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\DarkAntagony\Application Data\Mozilla\Firefox\Profiles\rxobnlxn.default\cookies.txt[.trafficmp.com/]

Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\DarkAntagony\Application Data\Mozilla\Firefox\Profiles\rxobnlxn.default\cookies.txt[.adrevolver.com/]

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\DarkAntagony\Application Data\Mozilla\Firefox\Profiles\rxobnlxn.default\cookies.txt[.zedo.com/]

Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\DarkAntagony\Application Data\Mozilla\Firefox\Profiles\rxobnlxn.default\cookies.txt[.adrevolver.com/]

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\DarkAntagony\Application Data\Mozilla\Firefox\Profiles\rxobnlxn.default\cookies.txt[.zedo.com/]

Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\DarkAntagony\Application Data\Mozilla\Firefox\Profiles\rxobnlxn.default\cookies.txt[.adrevolver.com/]

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\DarkAntagony\Application Data\Mozilla\Firefox\Profiles\rxobnlxn.default\cookies.txt[.zedo.com/]

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\DarkAntagony\Application Data\Mozilla\Firefox\Profiles\rxobnlxn.default\cookies.txt[.advertising.com/]

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\DarkAntagony\Application Data\Mozilla\Firefox\Profiles\rxobnlxn.default\cookies.txt[.atwola.com/]

Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\DarkAntagony\Application Data\Mozilla\Firefox\Profiles\rxobnlxn.default\cookies.txt[.casalemedia.com/]

Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\DarkAntagony\Application Data\Mozilla\Firefox\Profiles\rxobnlxn.default\cookies.txt[.ads.addynamix.com/]

Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\DarkAntagony\Application Data\Mozilla\Firefox\Profiles\rxobnlxn.default\cookies.txt[.questionmarket.com/]

Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\DarkAntagony\Application Data\Mozilla\Firefox\Profiles\rxobnlxn.default\cookies.txt[.bluestreak.com/]

Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\DarkAntagony\Application Data\Mozilla\Firefox\Profiles\rxobnlxn.default\cookies.txt[.ads.pointroll.com/]

Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\DarkAntagony\Application Data\Mozilla\Firefox\Profiles\rxobnlxn.default\cookies.txt[statse.webtrendslive.com/]

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\DarkAntagony\Application Data\Mozilla\Firefox\Profiles\rxobnlxn.default\cookies.txt[.serving-sys.com/]

Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\DarkAntagony\Application Data\Mozilla\Firefox\Profiles\rxobnlxn.default\cookies.txt[.bs.serving-sys.com/]

Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\DarkAntagony\Application Data\Mozilla\Firefox\Profiles\rxobnlxn.default\cookies.txt[.revenue.net/]

Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\DarkAntagony\Application Data\Mozilla\Firefox\Profiles\rxobnlxn.default\cookies.txt[searchportal.information.com/]

Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\DarkAntagony\Application Data\Mozilla\Firefox\Profiles\rxobnlxn.default\cookies.txt[.anm.co.uk/]

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\DarkAntagony\Application Data\Mozilla\Firefox\Profiles\rxobnlxn.default\cookies.txt[.overture.com/]

Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\DarkAntagony\Application Data\Mozilla\Firefox\Profiles\rxobnlxn.default\cookies.txt[.azjmp.com/]

Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\DarkAntagony\Application Data\Mozilla\Firefox\Profiles\rxobnlxn.default\cookies.txt[.perf.overture.com/]

Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\DarkAntagony\Application Data\Mozilla\Firefox\Profiles\rxobnlxn.default\cookies.txt[.burstnet.com/]

Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\DarkAntagony\Application Data\Mozilla\Firefox\Profiles\rxobnlxn.default\cookies.txt[www.burstbeacon.com/]

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe

#5 PhoenixReneau

PhoenixReneau
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 20 August 2007 - 04:06 PM

My sound now seems to work fine, but after a unknown period of time I can not open anything. You can click and it will act like it is going to open but never does.

Here is a new Hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 5:04:51 PM, on 8/20/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\DivXsm.exe
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DivX video codec library - Unknown owner - C:\WINDOWS\DivXsm.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#6 sjpritch25

sjpritch25

  • Security Colleague
  • 909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:06:50 PM

Posted 20 August 2007 - 07:57 PM

How much memory do you have???


Download rootchk by Ejvindh to your desktop.
  • Temporarily Disable Real Time Monitoring Programs you have running that are listed here, such as TeaTimer, Adwatch, and HIPs programs like Prevx, while we complete the fixes (see **Note below).
  • Disconnect from the internet
  • Double click rootchk.exe to run the program
  • After a short time a logfile will open.
  • Copy the contents of the log into your next reply.
  • Re-enable active protection on any program you have disabled while completing the scan
**Note:If you are using the ZoneAlarm Pro firewall or any other security program that protects your registry (Teatimer, Adwatch, Prevx), rootchk may produce false positives. That is why it is important for you to disable these programs before running a rootchk scan. To prevent ZoneAlarm Pro conflicts, first enable the Windows Firewall (click start | Control Panel | Windows Firewall and select the checkbox to turn it on). Then disable ZoneAlarm Pro before running the rootchk. Also, disable any other active protection programs including HIPs that block registry write access. After the scan, be sure re-enable ZoneAlarm Pro and any other active protection programs you have temporarily disabled.
Microsoft MVP Consumer Security--2007-2010

#7 PhoenixReneau

PhoenixReneau
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 20 August 2007 - 10:40 PM

I have a gig of Ram, and here is the log.

********************************* ROOTCHK-(18-08-07)-LOG, by ejvindh
Mon 08/20/2007 23:35:11.50

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-20 23:35:11
Windows 5.1.2600 Service Pack 1
scanning hidden processes ...

scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40]
"ujdew"=hex:20,02,00,00,e1,bd,f0,ec,3a,3d,d0,5c,31,cd,d8,36,19,d6,62,83,4c,..
"ljej40"=hex:bd,17,9d,14,8e,91,ce,42,44,8a,75,f7,dd,b6,91,c7,03,20,63,6c,53,..

scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120(Trial Version)"

scanning hidden files ...

hidden processes: 0
hidden files: 0

It has not acted up today. I hope that is a sign of it being back to normal.

#8 sjpritch25

sjpritch25

  • Security Colleague
  • 909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:06:50 PM

Posted 21 August 2007 - 12:24 PM

Open Hijackthis, Click Open the Misc tools section Then click the Open Uninstall Manager... button.
The Add/Remove Programs Manager panel should appear.
In this panel click the Save list button.
Save the uninstall_list.txt file to your desktop and copy and paste the contents back in your next reply.
Microsoft MVP Consumer Security--2007-2010

#9 PhoenixReneau

PhoenixReneau
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 21 August 2007 - 03:18 PM

Adobe AIR 1.0 Beta 1
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Stock Photos 1.0
Apple Software Update
BitComet 0.91
Delsim Dialer
DivX Content Uploader
DivX Web Player
Game Cam
HijackThis 1.99.1
Java™ 6 Update 2
Java™ SE Runtime Environment 6 Update 1
K-Lite Codec Pack 2.88 Full
Last.fm 1.3.1.1
MailFrontier Desktop
Microsoft .NET Framework 2.0
Microsoft Office XP Professional with FrontPage
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Mozilla Firefox (2.0.0.6)
Nero OEM
NVIDIA Drivers
Panda ActiveScan
Pownce
QuickTime
Sony Media Manager 2.2
Sony Vegas 7.0
SoundMAX
Steam
Unreal Tournament G.O.T.Y. Edition
Update for Windows XP (KB898461)
Ventrilo Client
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows XP Hotfix - KB823980
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB842773
Windows XP Service Pack 1a
WinRAR archiver
World of Warcraft
Xfire (remove only)
Yahoo! Messenger
ZoneAlarm Security Suite

#10 sjpritch25

sjpritch25

  • Security Colleague
  • 909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:06:50 PM

Posted 22 August 2007 - 12:01 PM

Please uninstall the following program via Add/Remove Programs in your Control Panel:
Delsim Dialer




=====================================

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Microsoft MVP Consumer Security--2007-2010

#11 PhoenixReneau

PhoenixReneau
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 25 August 2007 - 09:59 PM

Ok, did that, but I do have an idea to what the problem is. When I start my computer now I have an error message about DivXsm.eve being missing. Any ideas?

#12 sjpritch25

sjpritch25

  • Security Colleague
  • 909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:06:50 PM

Posted 26 August 2007 - 09:54 PM

Go ahead witht the super anti-spyware scan, post that log and a fresh Hijackthis log.
Microsoft MVP Consumer Security--2007-2010




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users