Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Log and another question


  • Please log in to reply
1 reply to this topic

#1 muzzles

muzzles

  • Members
  • 265 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:49 PM

Posted 03 March 2005 - 08:14 PM

I received a warning from symantec enterprise that it had id'd a trojan but couldn't delete or quarentine and did nothing the file was ifect[1].anr and some searchs had this: ifect[1].anr infected by "Exploit.Win32.IMG-ANI.c" Virus
I have run norton, adaware, spybot and spy sweeper
running in safe mode here is the log:
Logfile of HijackThis v1.97.7

Scan saved at 2:04:47 PM, on 27-Feb-05

Platform: Windows 98 Gold (Win9x 4.10.1998)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)



Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\MSCONFIG.EXE

C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\UPC32.EXE

C:\MY DOCUMENTS\HIJACKTHIS.EXE



R1 –

HKCU\Software\Microsoft\Windows\CurrentVersions\Internet

Settings,ProxyOverride = 127.0.0.1

02 – BHO: (no name) –

{B8674292-F993-7AAF-F8DF-AE96008A363D} –

C:\WINDOWS\SYSTEM\NTCY.DLL

03 – Toolbar: &Radio –

{8E718888-423F-11D2-876E-00A0C9082467} –

C:\WINDOWS\SYSTEM\MSDXM.OCX

04 – HKLM\..\Run: [SystemTray} SysTray.Exe

04 – HKLM\...\Run: {DiskIcon} CKProgram Files\USB MEMORY

BAR\diskicon.exe

04 – HKLM\..\Run: {ccApp} “C:\Program Files\Common

Files\Symantec Shared\ccApp.exe”

04 – HKLM\..\Run: {vptray}

C:\PROGRA~1\symant~1\VPTRAY.EXE

04 – HKLM\...\Run: [QuickTime task]

“C:\WINDOWS\SYSTEM\QTTASK.EXE” – ATBOOTTIME

04 – HKLM\..\Run: {D3WY.EXE} C:\WINDOWS\SYSTEM\D3WY.EXE

04 – HKLM\..\RunServices: [ccEvtMgr] “C:\Program

Files\Common Files\Symantec Shared\ccEvtMgr.exe”

04 – HKLM\..\RunServices: [ccSetMgr] “C:\Program

Files\Common Files\Symantec Chared\ccSetMgr.exe”

04 – HKLM\..\RunServices: [defwatch]

C:\PROGRAM~1\symant~1\DEFWATCH.EXE

04 – HKLM\..\RunServices: [rtvscn95]

C:\PROGRAM~1\SYMANT~1\RTVSCN95.EXE

04 – HKLM\..\RunServices: [IPLC.EXE] C:\WINDOWS\IPLC.EXE

04 – HKCU\..\Run: [Window Washer] C:\Program

Files\Webroot\Washer\wwDisp.exe

09 – Extra button: AIM (HKLM)

016 – DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7}

(DmiReader Class) –

Http://support.dell.com/us/en/systemprofiler/SysprofLCD.

CAB

016 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}

(Shockwave Flash Object) –

http://download.macromedia.com/pub/shockwave/cabs/flash/

swflash.cab

016 – DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F}

(Update Class) –

http://v4.windowsupdate.microsoft.com/CAB/...7884.2473148148

016 – DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F}

(RealArcadeRdxIE Class) –

http://games-dl.real.com/gamesconsole/Bund...ArcadeRdxIE.cab

016 – DPF:{F58E1CEF –A068-4C15-BA5E-587CAF3EE8C6} (MSN

Chat Control 4.5) –

http://chat.msn.com/bin/msnchat45.cab

016 – DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2}

(FlashXControl Object) –

http://allslots.micrograming.com/allslots/FlashAX.cab

016 – DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}

(YInstStarter Class) –

http://download.yahoo.com/dl/installs/yinstc.cab

016 – DPF: {166B1BCA-3F9C-11CF-9075-444553540000}

(Shockwave ActiveX Control) –

http://download.macromedia.com/pub/shockwave/cabs/direct

or/swdir.cab

016 – DPF: {140F03AE-0588-11D4-BD45-0050048A82Bf}

(eShare Web Collaboration Class) –

http://ec112.ecicorp.com/netagent/objects/emagic.cab

016 – DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498}

(Yahoo! Audio Conferencing) –

http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/y

acscom.cab

016 – DPF:{74D05D43-3236-11D4-BDCD-00C04F9A3B61}

(HouseCall Control) –

http://a840.g.akamai.net/7/840/537/2004061001/housecall.

Trendmicro.com/housecall/xscan53.cab

016 – DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} –

HTTP://BIN.MCAFEE.COM/MOLBIN/SHARED/MCINSC...84/mcinsctl.cab

016 – DPF: Yahoo! Chat –

http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

016- DPF: {D27CDB6E-AE6D-11CF-96B8-000000000000} –

HTTP://download.macromedia.com/pub/shockwa...ash/swflash.cab

016 – DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32}

(DD_v4.DDv4) – http://www.drivershq.com/DD_v4.CAB

016 – DPF:{00000162-99800010-8000-00AA00389B71} –

http://download.microsoft.com/download/0/B/B/0BB06A5C-86

11-4840-86B3-54DDDD0344B9/wma9dmo.cab

016 – DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73}

(Yahoo! AudioUI1) –

http://chat.yahoo.com/cab/yacsui.cab

016 – DPF: {E504EE63-47C6-11D5-B8AB-00D0B78F3D48}

(Yahoo! Webcam Viewer Wrapper) –

http://chat.yahoo.com/cab/yvwrctl.cab

016 – DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8}

(Sekurel0gin.SekureKontrol) –

http://secure2.comned.com/signuptemplates/AktiveSekurity.cab

016 – DPF: {4C39376E-FA9D-4339-BACC-D305C1750EF3}

(EPUImageControl Class) –

http://tools.ebayimg.com/eps/w1/activex/EP...l_v1-0-3-17.cab

016 – DPF: {644E432F-49D3-41A1-9DD5-E099162EEEC5}

(Symantec RuFSI Utility Class) –

http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

016 – DPF: {99B6E512-3893-4155-9964-8EB8E06099CB}

(WebSpyWareKiller Class) –

http://download.zonelabs.com/bin/promotion...ctor/WebSWK.cab

016 – DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658}

(Installer Class) –

http://www.ysbweb.com/iost/softwares/v4.0/ysb_regular.cab

016 – DPF: {33a88341-AFCB-45F0-A856-C2BAEY4F878E}

(InstallX Class) –

http://www.20x2p.com/5750b7c2/enter.cab

018 – Protocol: wavetop –

{2828353E-8B60-11D1-821D-00609820131C} – C:\Program

Files\WaveTop\Bin\WaveProt.d11


Thank you very much.

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,536 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:49 AM

Posted 05 March 2005 - 12:30 AM

Can you please report your log so there are not so many gaps between the lines. hard to do a log like that




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users