Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32.conhook.bg


  • Please log in to reply
1 reply to this topic

#1 Tony_Shelly

Tony_Shelly

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 09 December 2007 - 12:32 PM

i followed the guide i could not clean out my temp files or temp internet files, because either the cleanmgr would crash or if i went through internet options would crash.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:12:40 AM, on 11/10/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\explore.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Shelley\Desktop\HiJackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: {498D520C-88E1-4F11-861D-B70A69F53691} - {35AE97B3-7276-4AC0-A2EB-6C84DF073837} - C:\WINDOWS\System32\mlljigh.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe"
O4 - HKLM\..\Run: [sysalgg] C:\WINDOWS\System32\sysalgg.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DoNotDelete] C:\WINDOWS\System32\explore.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe
O4 - HKCU\..\Run: [DoNotDelete] C:\WINDOWS\System32\explore.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Policies\Explorer\Run: [{B04096C4-0891-1033-0731-030512200001}] "C:\Program Files\Common Files\{B04096C4-0891-1033-0731-030512200001}\Update.exe" mc-110-12-0000228
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: info.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: info.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: BIDEXT - C:\WINDOWS\SYSTEM32\BIDEXT.dll
O22 - SharedTaskScheduler: hydrodictyon - {b166be07-30a4-4d38-b781-44528a630706} - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://c.myspace.com/Groups/00006/63/32/6242336_l.jpg
O24 - Desktop Component 1: (no name) - http://us.i1.yimg.com/us.yimg.com/i/ww/thm/1/grd-1px_1.1.gif

--
End of file - 4664 bytes

I got Jotti to work


Service load:
0% 100%
File: BIDEXT.dll
Status:
INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: d57b1f401608c59d2c05275886382184
Packers detected:
-
Bit9 reports: High threat detected (more info)
Scanner results
Scan taken on 10 Dec 2007 04:30:04 (GMT)
A-Squared
Found nothing
AntiVir
Found TR/Dldr.ConHook.Gen
ArcaVir
Found Trojan.Downloader.Conhook.Bg
Avast
Found Win32:Vundo-gen51
AVG Antivirus
Found Obfustat.ITY
BitDefender
Found Trojan.Downloader.Conhook.BG
ClamAV
Found nothing
CPsecure
Found Troj.Downloader.W32.ConHook.bg
Dr.Web
Found Trojan.Virtumod
F-Prot Antivirus
Found W32/Downldr2.QME
F-Secure Anti-Virus
Found Trojan-Downloader.Win32.ConHook.bg
Fortinet
Found W32/ConHook.BG!tr.dldr
Ikarus
Found MemScanTrojan.Juan.V
Kaspersky Anti-Virus
Found Trojan-Downloader.Win32.ConHook.bg
NOD32
Found a variant of Win32/Adware.Virtumonde application
Norman Virus Control
Found W32/ConHook.DW
Panda Antivirus
Found Trj/ConHook.AH
Rising Antivirus
Found Trojan.DL.Win32.ConHook.bg
Sophos Antivirus
Found Mal/Generic-A
VirusBuster
Found nothing
VBA32
Found Trojan-Downloader.Win32.ConHook.bg

Edited by Tony_Shelly, 09 December 2007 - 11:34 PM.


BC AdBot (Login to Remove)

 


#2 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 PM

Posted 15 December 2007 - 02:11 PM

Download the latest version of ComboFix from Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users