Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Virus Or Rootkit Existing After Formatting Hd.


  • This topic is locked This topic is locked
2 replies to this topic

#1 trackintammy

trackintammy

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 14 June 2008 - 07:41 PM

I recently formatted my hard drive and reinstalled a fresh copy of XP Home Edition because my hard drive had a lot of viruses, trojans, etc. I am pretty sure that something must still exist (even after formatting) and need help to find out. Also, what steps do I need to take next? Thanks in advance for any help you might be able to give me. This is the steps I have taken so far. Should I have ran HJT at startup? Tammy

I was able to download and install DDS and the program begins running but when it reaches the point of cleaning out my temporary files, everything stops and I get a popup box with the option to send a report to microsoft, which I refused. I then manually deleted, temp internet files, cookies, and history and tried to run DDS again but nothing I did made a difference. It still stopped at the same point where it said deleting Temp Internet Files and popped up box with option to send report to Microsoft which I refused again.

So I manually downloaded copy of HJT to desktop, ran it, and here are the log results :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:13:17 PM, on 6/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
D:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
D:\Program Files\Common Files\AOL\ACS\AOLDial.exe
D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
D:\Program Files\America Online 9.0\waol.exe
D:\PROGRA~1\COMMON~1\AOL\121330~1\EE\AOLHOS~1.EXE
D:\PROGRA~1\COMMON~1\AOL\121330~1\EE\AOLServiceHost.exe
D:\Program Files\America Online 9.0\shellmon.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Tammy Deaton\Desktop\SETUPS\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [HostManager] D:\Program Files\Common Files\AOL\1213306482\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] D:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [AOL Fast Start] "D:\Program Files\America Online 9.0\AOL.EXE" -b
O8 - Extra context menu item: &AOL Toolbar search - res://D:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: www.tagged.com
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - D:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - D:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 2902 bytes

BC AdBot (Login to Remove)

 


#2 Rodav

Rodav

  • Members
  • 388 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 06 July 2008 - 12:22 PM

Hi trackintammy,

I'm sorry we couldn't help you sooner but as you can see the forums are extremely busy and our volunteer helpers are at full capacity. I'm subscribed to this topic now and will help you with any malware issues you may have.

Since it has been a while since you posted last and changes may have been made to your system please run HijackThis and post a new log in your next reply.

#3 Rodav

Rodav

  • Members
  • 388 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 14 July 2008 - 02:39 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users