Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tojan Horse Generic6.ums


  • This topic is locked This topic is locked
4 replies to this topic

#1 Brandy is Confused

Brandy is Confused

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan
  • Local time:01:41 AM

Posted 22 August 2007 - 04:58 PM

Alright, I posted this in a different topic, and was told to create a log. Here we go...

While Running AVG Free Edition Anti-Virus, I had an alert come up for this:

Tojan horse Generic6.UMS

There were 5 things that popped up...4 during a scan, and the 5th later, while I was online, looking for help. These are the two I can remember:

ISSetup.dll
_is10.exe

I can't recall what the others were, but I remember trying to search for them, and all I got were message boards where people WANTED to download this thing so they could play a game of some sort.

Placed in AVG Free virus vault, then wiped clean...said they were "backup files" and unhealable.

Ran Ad-Aware, AVG Free, Cookie Cleaner...downloaded PC Tools Antivirus, to no avail, did not have time to let definitions download. Am working on that currently.

Scanning with AVG Free today at 12:49 AM.......nothing unusual, except that it's taking 1+ hour to scan, when it usually only takes 20.
It seems mostly to be scanning in the WINDOWS section, and it's never taken this long before. I don't remember seeing quite so many files to be scanned, either...finished at 1:54 PM. It also took Ad-Aware quite awhile to scan. Everything came up as "No Errors", but I'm still really wary.

Problems had with virus: when trying to minimize a window, it would pop up again, rapidly. The mouse was double-speed, no matter how much I tried to adjust it in the settings...I'd click on something once, and it would pop open! Also, when using more than 1 window for the same website...when I try to close one window, the other closes, too. The floppy drive lights us and acts like it wants to read a disk, when there's nothing in there to read...online and offline.
Also, when I'm online and trying to load a page (especially bleepingcomputer.com), I'll get an error message saying that the page cannot be loaded - when it's already loaded!

Right now, my machine is actually behaving, which is kind of unnerving. Again, I'm not finding any threats, but I'm still worried that something might be hiding somewhere.

I was ESPECIALLY unnerved about this because my dad used his credit card online before I ran AVG and this all was detected...I stayed up crying last night, because I didn't know if this was a harmful virus that could yoink his information.

Here is my log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:03 AM, on 8/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ArcSoft\Polaroid iZone PhotoBase\iZone Monitor.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.glccomputers.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.glccomputers.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: iZone Monitor.lnk = C:\Program Files\ArcSoft\Polaroid iZone PhotoBase\iZone Monitor.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.glccomputers.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9F15EBE-5DFD-4D2A-939B-9F71F8159383}: NameServer = 66.129.32.1 66.129.32.10
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe

--
End of file - 4514 bytes

Thank you!!!!

Edited by Brandy is Confused, 22 August 2007 - 11:45 PM.

"Virus Alert!/Delete immediately before someone gets hurt/Forward this message to everybody..." - Weird Al.

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:41 AM

Posted 30 August 2007 - 09:51 AM

Hi,

I can't see anything suspicious here, but I do notice that you have two Antivirus installed. AVG and PC Tools AntiVirus.

Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously!
The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time.
Also because more than one Antivirus and Firewall installed are not compatible with eachother, it can cause system performance problems and a serious system slowdown. - It may also cause strange Windows Behavior.

So you have to make a decision here and keep the Antivirus you prefer and uninstall the other one.
Then reboot after uninstalling.

Second Note... I see you have the Yahoo Toolbar installed. Many people are having issues with their internet Explorer behavior after installing the Yahoo Toolbar, for example, when they want to open a second Window, the first one closes - Windows won't minimize or maximize etc..
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Brandy is Confused

Brandy is Confused
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan
  • Local time:01:41 AM

Posted 04 September 2007 - 09:19 PM

Hi there!

I didn't realize that you'd replied! I feel so bad about that...

PC Tools was downloaded in a fit of panic. ^_^;
I figured that the real-time might mess things up, but I turned that off after I'd installed it. Since AVG was kind enough to diagnose the trojan the first time around, that it's reliable enough to keep around. I'll probably un-install PC Tools.

The Yahoo Toolbar ended up being installed when I installed Cookie Cleaner. I accidentially forgot to check out the options of what to and what not to install.

So, I uninstall PC Tools...can I uninstall the Yahoo toolbar? I'll have to poke around...

My mouse is still double-clicking at inoppritune times, though. I did try to adjust the clicking speed, but that didn't help.
Also...you mentioned Yahoo Toolbar messing with open windows...could it also make certain web pages come up with errors?

Thanks so much for your reply and your insight! I really appreciate it! My mom has a really nice machine here, and I want to keep it running as best I can!

Thank you again! :thumbsup:
"Virus Alert!/Delete immediately before someone gets hurt/Forward this message to everybody..." - Weird Al.

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:41 AM

Posted 05 September 2007 - 02:19 AM

I'll probably un-install PC Tools.

You should. Or you uninstall PC Tools, or you uninstall AVG. As I already said, more than one Antivirus are not compatible - even though you disabled one.

can I uninstall the Yahoo toolbar? I'll have to poke around...

Yes, you can. You can do this via software > add/remove programs.

My mouse is still double-clicking at inoppritune times, though. I did try to adjust the clicking speed, but that didn't help.

This is an issue with your mouse itself. Too sensitive. I have the same as well and even though I tried to adjust speed, it didn't make any difference. I am using another mouse now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:41 AM

Posted 17 September 2007 - 08:25 AM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users