Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Scanningprocess.exe And Other Processes Slows My Computer!


  • This topic is locked This topic is locked
11 replies to this topic

#1 Phantasy

Phantasy

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 29 August 2007 - 09:42 AM

I need help im still a bit noob in computers but lets give it a try.
ok heres my problem
scanningprocess.exe and monitor.exe and some called trojans are running on my computer process.
please HELP! on how to remove it.
and a question is winlogon.exe and svchost a trojan? because in my scans it is a trojan


Logfile of HijackThis v1.99.1
Scan saved at 8:26:48 PM, on 8/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\ZONELABS\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ZONELABS\avsys\ScanningProcess.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Installers\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\svchost.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [scApp] C:\WINDOWS\system32\wmiprvse.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{43D019DA-BA4E-4099-BB20-AB32EB611E4C}: NameServer = 202.78.97.41 210.4.2.61
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

THX

BC AdBot (Login to Remove)

 


#2 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:49 PM

Posted 30 August 2007 - 10:37 AM

Hello and welcome to BC.

You have three posts for the same problem. Please do not multiple post. This is akin to spamming. I am going to close all but one.

http://www.bleepingcomputer.com/forums/t/106252/please-help-diagnose-and-clean-to-remove-unknown-firewall/
http://www.bleepingcomputer.com/forums/t/106236/scanningprocessexe-from-zonelabs-greatly-slows-my-computer-and-blocks-my-games-and-internet/
http://www.bleepingcomputer.com/forums/t/106249/scanningprocessexe-and-other-processes-slows-my-computer/

Please download ComboFix

Note: It is important that it is saved directly to your desktop.

Close all browsers.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log for you. Post that log in your next reply along with a fresh HijackThis log.
  • Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.


#3 Phantasy

Phantasy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 03 September 2007 - 06:32 AM

ComboFix 07-08-30.3 - "user" 2007-09-03 19:29:14.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.213 [GMT 8:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\svchost.exe


((((((((((((((((((((((((( Files Created from 2007-08-03 to 2007-09-03 )))))))))))))))))))))))))))))))


2007-09-03 19:25 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-09-02 13:01 <DIR> d-------- C:\TDdownload
2007-09-02 12:59 <DIR> d-------- C:\Program Files\Giganology
2007-08-31 20:21 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\MailFrontier
2007-08-31 18:29 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-08-31 18:28 <DIR> d-------- C:\WINDOWS\system32\Zonelabs
2007-08-29 16:01 512 --a------ C:\ScanSectorLog.dat
2007-08-29 10:55 <DIR> d-------- C:\Program Files\Macrogaming
2007-08-28 19:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-08-28 17:03 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-08-25 11:54 <DIR> d-------- C:\WINDOWS\cache
2007-08-17 12:36 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\Google
2007-08-15 11:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-08-11 21:30 86,016 --a------ C:\WINDOWS\system32\gigagetbho_v10.dll
2007-08-11 19:41 <DIR> d-------- C:\WINDOWS\Behemoth-Revival
2007-08-10 16:27 <DIR> d-------- C:\Program Files\e-Games
2007-08-09 14:38 65,536 --a------ C:\WINDOWS\IFinst27.exe
2007-08-07 21:24 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-08-06 20:45 <DIR> d--h----- C:\WINDOWS\PIF
2007-08-03 13:24 400 --a------ C:\DOCUME~1\user\score.dat


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-03 18:32 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-09-03 18:32 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-09-03 18:32 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-09-03 18:32 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-08-28 19:22 87684 --ahs---- C:\WINDOWS\system32\mgrShell.exe
2007-08-02 18:33 --------- d-------- C:\Program Files\LimeWire
2007-08-01 20:51 --------- d-------- C:\Program Files\Common Files\Scanner
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-29 21:27 --------- d-------- C:\DOCUME~1\user\APPLIC~1\Apple Computer
2007-07-29 21:26 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-07-27 01:20 --------- d-------- C:\DOCUME~1\user\APPLIC~1\Yahoo!
2007-07-27 00:15 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
2007-07-09 18:54 --------- d-------- C:\DOCUME~1\user\APPLIC~1\PCToolsFirewallPlus
2007-07-09 18:09 --------- d-------- C:\DOCUME~1\user\APPLIC~1\Alien Skin
2007-07-07 09:46 --------- d-------- C:\DOCUME~1\user\APPLIC~1\WinRAR
2007-07-05 20:26 --------- d-------- C:\DOCUME~1\user\APPLIC~1\Help
2007-06-26 23:13 851968 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 22:09 658944 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-26 14:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 14:08 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-24 22:49 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-06-24 22:49 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-06-19 21:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 21:31 282112 --a------ C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-17 17:32 1700352 --a------ C:\WINDOWS\system32\gdiplus.dll
2007-06-15 02:09 96256 --a------ C:\WINDOWS\system32\dllcache\inseng.dll
2007-06-15 02:09 615424 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-15 02:09 55808 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-15 02:09 532480 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-15 02:09 474112 --a------ C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-15 02:09 449024 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-15 02:09 39424 --a------ C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-06-15 02:09 357888 --a------ C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-06-15 02:09 3058688 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-06-15 02:09 251392 --a------ C:\WINDOWS\system32\dllcache\iepeers.dll
2007-06-15 02:09 205312 --a------ C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-06-15 02:09 16384 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-15 02:09 151040 --a------ C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-15 02:09 1494528 --a------ C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-15 02:09 146432 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-15 02:09 1054208 --a------ C:\WINDOWS\system32\dllcache\danim.dll
2007-06-15 02:09 1023488 --a------ C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-14 22:07 18432 --a------ C:\WINDOWS\system32\dllcache\iedw.exe
2007-06-14 19:37 315392 --a------ C:\WINDOWS\HideWin.exe
2007-06-13 18:23 1033216 --a------ C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 18:23 1033216 --a------ C:\WINDOWS\explorer.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-16 15:35]
"NvMediaCenter"="NvMCTray.dll" [2006-08-16 15:35 C:\WINDOWS\system32\nvmctray.dll]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 C:\WINDOWS\SkyTel.exe]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-01-08 14:29]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"scApp"="C:\WINDOWS\system32\wmiprvse.exe" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-20 16:30]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00PCTFW]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
C:\WINDOWS\VM_STI.EXE A4 Tech USB PC Camera

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvchost]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winlogon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PCToolsFirewallPlus"=2 (0x2)
"ray"=2 (0x2)

R1 BIOS;BIOS;\??\C:\WINDOWS\system32\drivers\BIOS.sys
S3 projectx1;projectx1;\??\D:\Project X\FelipeZe.sys
S4 ray;ray;C:\WINDOWS\systen.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ed69390-5454-11dc-89e9-00e04d23d8a1}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Desktop.exe
Explore\Command- F:\Desktop.exe
Open\Command- F:\Desktop.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5674e40-1c9e-11dc-88b4-00e04d23d8a1}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Desktop.exe
Explore\Command- F:\Desktop.exe
Open\Command- F:\Desktop.exe

*Newly Created Service* - CATCHME

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-03 19:30:16
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
scApp = C:\WINDOWS\system32\wmiprvse.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-09-03 19:30:45
C:\ComboFix-quarantined-files.txt ... 2007-09-03 19:30

--- E O F ---


Logfile of HijackThis v1.99.1
Scan saved at 7:32:32 PM, on 9/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
D:\Installers\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [scApp] C:\WINDOWS\system32\wmiprvse.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{43D019DA-BA4E-4099-BB20-AB32EB611E4C}: NameServer = 202.78.97.41 210.4.2.61
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe


HiJackThis Log
Need Reply please

#4 Phantasy

Phantasy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 03 September 2007 - 06:56 AM

:thumbsup: Sorry for the spam >.<

#5 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:49 PM

Posted 03 September 2007 - 10:48 AM

Hi,


I am sorry to inform you that you are infected with a couple of dangerous malware, i.e. key logging backdoor trojans, giving intruders complete control of your computer, logging key strokes, stealing information, etc. I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to alert them to your situation.

Though the Trojans have been identified and can be killed, because of their backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. In all honesty, if this were to be my computer, I would reformat and reinstall Windows XP.

Please read these for more information:

Danger: Remote Access Trojans
http://www.microsoft.com/technet/security/...o/virusrat.mspx

When should I re-format? How should I reinstall?
http://www.dslreports.com/faq/10063

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
http://www.dslreports.com/faq/10451

However, if you do not have the resources to reinstall your computer and would like me to attempt to clean it, I will be happy to do so but it is not fully guaranteed that your computer will be completely rid of malware regardless of what anyone can really do.

#6 Phantasy

Phantasy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 04 September 2007 - 06:31 AM

I don't know someone who can reformat it.
maybe you can help me with this.

#7 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:49 PM

Posted 04 September 2007 - 07:44 AM

Hi,

This forum only deals with malware, but you can get help from the XP forum if needed.The techs in that forum specialize in matters pertaining to the operating system, performance and applications.

Also please check the following link.

http://spyware-free.us/tutorials/reformat/

Good luck!

Edit: It's very important that you back up all your personal data prior to reformat. Otherwise they'll be lost.

Edited by amateur, 04 September 2007 - 08:35 AM.


#8 Phantasy

Phantasy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 05 September 2007 - 04:57 AM

i thought you was the one who is gonna help me

#9 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:49 PM

Posted 05 September 2007 - 06:28 AM

Do you have your XP installations disk and did it come with SP2?

#10 Phantasy

Phantasy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 09 September 2007 - 08:55 AM

no i dont have the xp installations cd but im pretty sure its SP2

and one more thing sir amateur
i think theres a brand new virus in my computer

#11 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:49 PM

Posted 09 September 2007 - 10:33 AM

Hi,

no i dont have the xp installations cd but im pretty sure its SP2


If you don't have an installation cd fro XP, you cannot reformat and reinstall. The SP2 I was referring to was the one that comes with the installation cd, not what you have on your system.

Since you don't have the installation cd and cannot reformat and reinstall, we can attempt to clean the system but we cannot guarantee that it will ever be trustworthy. Let me work on it and get back to you with some instructions later. In the mean time, keep this computer off any network and off the internet please.

Also, please follow this WGA troubleshooting procedure:
Please post (reply) with the results.

#12 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:49 PM

Posted 14 September 2007 - 09:44 PM

Due to lack of response, this thread will now be closed. If you need this topic reopened, please PM me with the address of the thread.and we will reopen it for you. This applies only to the original topic starter. Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users