Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tanspy Virus Problem


  • This topic is locked This topic is locked
6 replies to this topic

#1 littlewhat

littlewhat

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 27 August 2007 - 09:59 AM

I have been infected by the tanspy virus and my computer seems to be slowly shutting down.
Here is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 10:03:00 PM, on 8/22/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LxrJD31s.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Network ICE\BlackICE\blackice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe
C:\Program Files\Palm\Hotsync.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINNT\system32\svchost.exe
D:\Antivirus\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://networld.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE /P30 "EPSON Stylus Photo R340 Series" /O6 "USB002" /M "Stylus Photo R340"
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Palm Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: BlackICE Agent.lnk = ?
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1187754415924
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.....;/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1187754346634
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
O20 - Winlogon Notify: klogon - C:\WINNT\system32\klogon.dll
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINNT\SYSTEM32\LxrJD31s.exe
O23 - Service: Microsoft Exchange Routing Eng - Unknown owner - C:\WINNT\System32\interinfo.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

Please let me know what my next step should be. (I have to post from my work computer since my home system won't allow any outgoing messages.)

BC AdBot (Login to Remove)

 


#2 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:57 PM

Posted 04 September 2007 - 10:24 AM

Hi littlewhat

Which program finds that? Spyware Doctor?

If so, please post its report here :thumbsup:
Microsoft MVP Consumer Security
Posted Image

Posted Image

#3 littlewhat

littlewhat
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 04 September 2007 - 11:21 AM

Yes, but I won't be able to post the report for a few days, (I'm going out of town). I will try to get it to you later this week. TANX

#4 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:57 PM

Posted 04 September 2007 - 11:37 AM

Hi

Ok, I'll be waiting :thumbsup:
Microsoft MVP Consumer Security
Posted Image

Posted Image

#5 littlewhat

littlewhat
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 06 September 2007 - 08:43 PM

Here is the log from Spydoctor (the free version):
Spyware Doctor Activity Report
Generated on 2007-09-05 16:09:02 Spyware Doctor Homepage PC Tools Homepage Technical Support


Scans (basic information only):

Scan Results:
scan start: 2007-09-05 19:00:00
scan stop: 2007-09-05 20:08:58
scanned items: 116305
found items: 18
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner



Infection Name Location Risk
Adware.Advertising cookies.txt - Line #12 Low
Adware.Advertising cookies.txt - Line #13 Low
Adware.Advertising cookies.txt - Line #14 Low
Application.TrackingCookies cookies.txt - Line #15 Low
Adware.Advertising cookies.txt - Line #17 Low
Adware.Advertising cookies.txt - Line #18 Low
Adware.Advertising cookies.txt - Line #19 Low
Adware.Advertising cookies.txt - Line #20 Low
Adware.Advertising cookies.txt - Line #21 Low
Adware.Advertising cookies.txt - Line #42 Low
Adware.Advertising cookies.txt - Line #43 Low
Adware.Advertising cookies.txt - Line #44 Low
Adware.Advertising cookies.txt - Line #45 Low
Spyware.Known_Bad_Sites cookies.txt - Line #48 High
Spyware.Known_Bad_Sites cookies.txt - Line #49 High
Adware.Advertising cookies.txt - Line #52 Low
Trojan-PWS.Tanspy HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\load High
Trojan-PWS.Tanspy HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\load## High

Scan Results:
scan start: 2007-09-06 19:00:01
scan stop: 2007-09-06 19:39:34
scanned items: 116414
found items: 18
found and ignored: 0
tools used: General Scanner, Process Scanner, LSP Scanner, Startup Scanner, Registry Scanner, Browser Scanner, Browser Activity Scanner, Disk Scanner, ActiveX Scanner



Infection Name Location Risk
Adware.Advertising cookies.txt - Line #10 Low
Adware.Advertising cookies.txt - Line #11 Low
Adware.Advertising cookies.txt - Line #12 Low
Adware.Advertising cookies.txt - Line #13 Low
Adware.Advertising cookies.txt - Line #23 Low
Adware.Advertising cookies.txt - Line #24 Low
Adware.Advertising cookies.txt - Line #25 Low
Application.TrackingCookies cookies.txt - Line #26 Low
Adware.Advertising cookies.txt - Line #40 Low
Adware.Advertising cookies.txt - Line #41 Low
Adware.Advertising cookies.txt - Line #42 Low
Adware.Advertising cookies.txt - Line #43 Low
Spyware.Known_Bad_Sites cookies.txt - Line #46 Low
Spyware.Known_Bad_Sites cookies.txt - Line #47 Low
Adware.Advertising cookies.txt - Line #50 Low
Adware.Advertising cookies.txt - Line #9 Low
Trojan-PWS.Tanspy HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\load High
Trojan-PWS.Tanspy HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\load## High


Other Sections:








Copyright ? 2003 PC Tools. All rights reserved. Legal Notice



The D-trojanator is also helping me on this problem thru another post. Thanks for your help.

#6 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:57 PM

Posted 06 September 2007 - 11:25 PM

Hi

If D-Trojanator helps you already with this issue, this thread will be closed.

Or which one of us you want to continue helping?
Microsoft MVP Consumer Security
Posted Image

Posted Image

#7 littlewhat

littlewhat
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 08 September 2007 - 10:53 PM

I agree, I will let D-trojanator finish this up.
Thanks for your help.
We can close this one.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users