Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hijack log - virus/spyware help


  • This topic is locked This topic is locked
3 replies to this topic

#1 Tykal

Tykal

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 22 May 2005 - 03:59 PM

so i was using bitcomet the day before last (god i will never use that program again, tried twice and twice got infected), & when i woke up my browser (firefox) was on a different home page than what i had it set at, & my usual virus program wmav from mwti had been reading as corrupt & unreadable for a few days beforehand. i use adaware, & it works on a smart system scan, but when i do the full scan it freezes at a systeme volume information/_restore point. spybot froze if i had the system restore point activated, so i deactivated that & it found 1 xupiter entry, 1 gator entry, 1 alexa related entry, & the 4 dso exploit entries. i've also run several other programs, ace utilities (which was unable to clear the recycle bin), avg free edition (which became corrupt & unreadable when running), mwav (which did the same), noadware, spysweeper (also became corrupt). cwshredder didn't find anything.

then after i ran those programs & cleaned up everything, when i ran firefox it wouldn't work anymore, i deleted & reinstalled it but all that happens is a little window appears with this in red script:

title="&mainWindow.title;"
---------------^

the other problem i'm having is that several of my downloads on soulseek would become corrupt & unreadable as soon as they were downloaded, & one of the folders i deleted out of there wouldn't delete from my recycle bin, & then another folder, & several of the corrupt files keep reappearing in my recycle bin & when i try to clear the recycle bin it says cannot remove folder Dc353 (but the number keeps changing like Dc354, Dc362, Dc381), the directory is not empty. chkdsk freezes when i run it & it comes across the corrupt files & says they're cross allocated, & will not run at all with the fix on. i also started the computer in safe mode & ran adaware & it froze at the same point.

internet explorer works fine. i have spysweeper & pccillin2005 running. finally i just ran hijack this & looked for an online forum to interpret the log file copied below for me & found this forum again. many many thanks in advance for any help or direction you may be able to provide.

:-)

Logfile of HijackThis v1.99.1
Scan saved at 4:24:56 PM, on 5/22/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\locator.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\SoulSeek\slsk.exe
C:\Documents and Settings\Ricky\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: Webshots.lnk = G:\writing ol stuff etc\Webshots\WebshotsTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O14 - IERESET.INF: SearchAssistant=
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:17 PM

Posted 23 May 2005 - 03:22 PM

Hi Tykal and welcome to the BC forums. After reviewing your log I see no signs of viruses or malware at this time. Your log is clean.

If you are getting messages pertaining to cross-allocated files then that means that the system with which the drive keeps track of files has become corrupted. This can be caused by a system fault or it can be caused by a failing hard drive. If you have any important files on this drive I highly recommend that you back them up to prevent losing them.

Next, I recommend that you post this problem in the Hardware forum here:

http://www.bleepingcomputer.com/forums/Hardware-f7.html

They will be able to help diagnose and attempt to recover the hard drive.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 Tykal

Tykal
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 23 May 2005 - 11:56 PM

thanks OT, really appreciate the info & help. i'll try the hardware forum & see where it takes me from there.

:thumbsup:

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:17 PM

Posted 24 May 2005 - 01:06 PM

You're very welcome Tykal. I hope they can guide you in the right direction.

Now that your issues have been resolved here I will close this topic. If you have any new issues in the future then please start a new topic.

Cheers.

Keep on computing!

OT :thumbsup:
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users