Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Trogan.gen


  • Please log in to reply
1 reply to this topic

#1 alf1220

alf1220

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 09 December 2007 - 04:33 AM

Spysweeper seems to continuously detect trogan.gen running in memory even after finding it in memory and quarinteening it. Ive followed the instructions on what to do before posting a log but those efforts have not been met with success. I have seen other posts about this particular trogan on bleeping computer and it would seem that the community was able to help out. Thanks in advance. My log file as follows:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:31:45 AM, on 12/9/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
H:\Program Files\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\System32\nvraidservice.exe
D:\Program Files\QuickTime\qttask.exe
D:\WINDOWS\System32\atwtusb.exe
D:\Program Files\Webroot\Desktop Firewall\WebrootDesktopFirewall.exe
H:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
D:\WINDOWS\System32\RunDLL32.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
H:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\Webroot\Desktop Firewall\WDFDataService.exe
D:\Program Files\Webroot\Desktop Firewall\FirewallNTService.exe
D:\WINDOWS\System32\wbem\unsecapp.exe
H:\PROGRA~1\MICROS~3\rapimgr.exe
D:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Webroot\Spy Sweeper\SSU.EXE
D:\WINDOWS\explorer.exe
D:\PROGRA~1\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Edward\Desktop\HiJackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRaidService] D:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [atwtusb] "atwtusb.exe" beta
O4 - HKLM\..\Run: [WebrootDesktopFirewall] "D:\Program Files\Webroot\Desktop Firewall\WebrootDesktopFirewall.exe" -t
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpySweeper] D:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\RunOnce: [SpybotDeletingA1631] command /c del "D:\WINDOWS\system32\dlh9jkd1q8.exe_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3453] cmd /c del "D:\WINDOWS\system32\dlh9jkd1q8.exe_tobedeleted"
O4 - HKCU\..\Run: [H/PC Connection Agent] "H:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] "D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: gwum.lnk = D:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - H:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O15 - Trusted Zone: *.sxload.net (HKLM)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: 0D27BF57 - Unknown owner - D:\WINDOWS\System32\27722D50.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - H:\Program Files\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Card Adapter (NETDown) - Unknown owner - D:\WINDOWS\smss.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Desktop Firewall Data Service (WebrootDesktopFirewallDataService) - Webroot Software, Inc. - D:\Program Files\Webroot\Desktop Firewall\WDFDataService.exe
O23 - Service: Webroot Desktop Firewall (WebrootFirewall) - Unknown owner - D:\Program Files\Webroot\Desktop Firewall\FirewallNTService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 6511 bytes

BC AdBot (Login to Remove)

 


m

#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:09:51 AM

Posted 12 December 2007 - 11:39 PM

We can definitely help you, but first you need to help us.
The first step in this process is to apply Service Pack 1a for Windows XP.

Without this update, you're wide open to re-infection, and we're both just wasting our time.

Click HERE. Apply the update, reboot, and post a fresh Hijack This log.

Install all critical updates except Service Pack 2.
Some hijacks interfere with the installation of Service Pack 2, so please wait until your computer is clean before installing it.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users