Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Troj/Rustok-N and who knows what else


  • This topic is locked This topic is locked
2 replies to this topic

#1 Thomas00

Thomas00

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 13 February 2009 - 06:22 PM

On some sights it says that I can't use thier website because I have Troj/Rustok-N and it will infect thier website also. So I downloaded malware bytes and did a full system scan and It found 127 :thumbup2: infections. I also ran a Hijack this log Just to make sure everything's all right. So here it is... Also Before running malware bytes my number of processes running when I turned on the comp was 34+ now its down to 29 :)


also how can I get rid of all my temp files because the delete temp files on internet explorer doesn't delete all of them and I know I have a lot because the most time the malware byte scan was on was the temporary folder.

heres my log: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:20:01 PM, on 2/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_4D911F3F6C81CCC0.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - C:\Program Files\FlashCapture\fciext.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - {f748b308-972c-4f94-9246-be2e1985c6f6} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: KeepV - Video Detector - {f748b308-972c-4f94-9246-be2e1985c6f6} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {f748b308-972c-4f94-9246-be2e1985c6f7} - (no file)
O9 - Extra 'Tools' menuitem: KeepV - Send Video - {f748b308-972c-4f94-9246-be2e1985c6f7} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://echat.bellsouth.net/sdccommon/download/tgctlcm.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteA...bridge-c446.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image Viewer) - http://192.35.96.219/home/SonySncRz30View.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095622755479
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://212.92.19.221/activex/AMC.cab
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} - http://imlive.com/chatsource/ImlCID.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab
O16 - DPF: {C15B7EA2-A360-43E8-A591-5FAEDC7C4E1D} - http://www.altnet.com/install/adm4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flash...ent/swflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://webcam.erieyachtclub.org/activex/AMC.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - file://D:\games\WebDriverFullInstall.exe
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_4D911F3F6C81CCC0.dll
O20 - AppInit_DLLs: c:\windows\system32\spool32.dll c:\windows\system32\rundll32.dll javaw.dll C:\WINDOWS\system32\userinit.dll
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
O24 - Desktop Component 10: (no name) - http://images.animationfactory.com/animati...iring_sm_wm.gif
O24 - Desktop Component 11: (no name) - http://images.animationfactory.com/animati...lking_sm_wm.gif
O24 - Desktop Component 12: (no name) - http://images.animationfactory.com/animati...antha_sm_wm.gif
O24 - Desktop Component 13: (no name) - http://images.animationfactory.com/animati...green_sm_wm.gif
O24 - Desktop Component 14: (no name) - http://images.animationfactory.com/animati...nning_sm_wm.gif
O24 - Desktop Component 15: (no name) - http://images.animationfactory.com/animati...splay_sm_wm.gif
O24 - Desktop Component 16: (no name) - http://images.animationfactory.com/animati...horse_sm_wm.gif
O24 - Desktop Component 17: (no name) - http://images.animationfactory.com/animati...racas_sm_wm.gif
O24 - Desktop Component 18: (no name) - http://images.animationfactory.com/animati...blue_sm_nwm.gif
O24 - Desktop Component 19: (no name) - http://images.animationfactory.com/animati...g_pan_sm_wm.gif
O24 - Desktop Component 20: (no name) - http://images.animationfactory.com/animati...torch_sm_wm.gif
O24 - Desktop Component 21: (no name) - http://images.animationfactory.com/animati...oilet_sm_wm.gif
O24 - Desktop Component 22: (no name) - http://images.animationfactory.com/animati...ng_pc_sm_wm.gif
O24 - Desktop Component 23: (no name) - http://images.animationfactory.com/animati...plode_sm_wm.gif
O24 - Desktop Component 24: (no name) - http://images.animationfactory.com/animati...r_egg_sm_wm.gif
O24 - Desktop Component 25: (no name) - http://www.runescape.com/img/varrock/besti...kdragonanim.gif
O24 - Desktop Component 26: (no name) - http://smileys.smileycentral.com/cat/3/3_8_10.gif
O24 - Desktop Component 27: (no name) - http://smileys.smileycentral.com/cat/new/8_22/3_3_22.gif
O24 - Desktop Component 28: (no name) - http://smileys.smileycentral.com/cat/new/8_22/3_3_23.gif
O24 - Desktop Component 29: (no name) - http://smileys.smileycentral.com/cat/new/8_22/7_4_17.gif
O24 - Desktop Component 30: (no name) - http://smileys.smileycentral.com/cat/3/3_8_13.gif
O24 - Desktop Component 31: (no name) - http://smileys.smileycentral.com/cat/3/3_8_14.gif
O24 - Desktop Component 32: (no name) - http://smileys.smileycentral.com/cat/3/3_8_1.gif
O24 - Desktop Component 33: (no name) - http://smileys.smileycentral.com/cat/3/3_8_4.gif
O24 - Desktop Component 34: (no name) - http://smileys.smileycentral.com/cat/3/3_8_3.gif
O24 - Desktop Component 35: (no name) - http://smileys.smileycentral.com/cat/new/8_22/15_3_27.gif
O24 - Desktop Component 36: (no name) - http://www.runescape.com/img/varrock/besti...keletonanim.gif
O24 - Desktop Component 37: (no name) - http://smileys.smileycentral.com/cat/a05/36_7_26.gif
O24 - Desktop Component 38: (no name) - http://smileys.smileycentral.com/cat/36/36_2_48.gif
O24 - Desktop Component 39: (no name) - http://smileys.smileycentral.com/cat/3/3_4_12.gif
O24 - Desktop Component 40: (no name) - http://smileys.smileycentral.com/cat/new/8_22/7_9_7.gif
O24 - Desktop Component 41: (no name) - http://smileys.smileycentral.com/cat/new/8_22/23_11_55.gif
O24 - Desktop Component 42: (no name) - http://images.animationfactory.com/imagedi...t_up_md_wht.gif
O24 - Desktop Component 43: (no name) - http://smileys.smileycentral.com/cat/new/8_22/7_6_8.gif
O24 - Desktop Component 44: (no name) - http://www.roomwithamoose.com/adopt_gir7_1.gif
O24 - Desktop Component 45: (no name) - http://images.animationfactory.com/imagedi..._out_md_wht.gif
O24 - Desktop Component 46: (no name) - http://www.runescape.com/img/title/rslogo.gif
O24 - Desktop Component 47: (no name) - http://www.runescape.com/img/title2/rslogosnow.gif
O24 - Desktop Component 48: (no name) - http://www.runescape.com/img/varrock/besti...tspideranim.gif
O24 - Desktop Component 49: (no name) - http://www.runescape.com/img/varrock/bestiary/ghostanim.gif
O24 - Desktop Component 50: (no name) - http://www.runescape.com/img/varrock/besti...erdemonanim.gif
O24 - Desktop Component 51: (no name) - http://www.runescape.com/lang/en/aff/runescape/img/bg2.jpg
O24 - Desktop Component 52: (no name) - http://www.coolbuddy.com/icon/School/School031.gif
O24 - Desktop Component 53: (no name) - http://www.coolbuddy.com/icon/School/School004.gif
O24 - Desktop Component 54: (no name) - http://www.tip.it/runescape/styles/images/left_bar.gif
O24 - Desktop Component 55: (no name) - http://img144.imageshack.us/img144/743/1015061345ma0.jpg
O24 - Desktop Component 56: (no name) - http://a93.ac-images.myspacecdn.com/images...5c59e055f44.jpg
O24 - Desktop Component 57: (no name) - http://a339.ac-images.myspacecdn.com/image...0c3eb2a6752.jpg














When I try to hit fix on all of those desktop components that I don't want, for some reason they still show up in the next scan even after I hit fix.






EDIT also I'm planning on running a threat fire scan and a superantispyware scan sooner or later.

Edited by Thomas00, 13 February 2009 - 06:24 PM.


BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:32 AM

Posted 21 February 2009 - 10:34 AM

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh hjt log, please.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:32 AM

Posted 27 February 2009 - 12:59 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users