Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with "Win32:Small-CHC [Trj]"


  • Please log in to reply
4 replies to this topic

#1 miss_chm

miss_chm

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 11 December 2009 - 02:55 AM

Hello,

How can I get rid of this "Win32:Small-CHC [Trj]"? My AVAST Antivirus detects that more or less every 10 minutes.

Posted Image

Please help me with this. Thank you very much!

BC AdBot (Login to Remove)

 


#2 azfreetech

azfreetech

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mesa, AZ
  • Local time:04:05 AM

Posted 11 December 2009 - 03:18 AM

Are you still connected to the internet while Avast is popping up these windows? If so then most likely it's using svchost.exe to try and "phone home" and that's why your AV keeps indicating its presence. I would try running Malwarebytes first. You can get it HERE . Install, update and run it. If you have problems installing it then try renaming the file before saving it to your desktop. I like renaming it to bgmama.

Remove what MBAM finds and then install and run ATF Cleaner (for WINdows XP and 2000 only!). Check the box for select all and then click the button Empty Selected. This will help clear out temp files, cookies and other junk that clutters up Windows.

Next install, update and run SUPERAntiSpyware. Get rid of what it finds. Finally update and run your antivirus program and get rid of anything that it finds.
DJ Digital Gem

I gave up on computers and now I just DJ!

#3 miss_chm

miss_chm
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 11 December 2009 - 04:05 AM

@azfreetech

:: Hi sir! Thank you for the reply and solutions you gave, but..

Are you still connected to the internet while Avast is popping up these windows?


:: Yes, I am still connected to the internet when avast is popping up.

I would try running Malwarebytes first. You can get it HERE . Install, update and run it. If you have problems installing it then try renaming the file before saving it to your desktop. I like renaming it to bgmama.


:: I did this but the result was, "No malicious items were detected." And so on to the next solutions you gave me. That mighty, smart malware/virus/or whatever it is, would still popup the next 10 minutes, up to now.


@All

:: Are there any other possible solutions than these? Please help me, it's annoying me. I can't work properly with my computer. Thank you very much.

Edited by miss_chm, 11 December 2009 - 04:06 AM.


#4 azfreetech

azfreetech

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mesa, AZ
  • Local time:04:05 AM

Posted 11 December 2009 - 05:12 AM

You may want to check for a possible rootkit infection using Root Repeal.

Download Root Repeal and save it to your desktop. Here are some direct download links:

LINK 1
LINK 2
LINK 3
LINK 4

Once you have Root Repeal saved to your desktop, double click to open it. Click on the Report tab and then click scan. Check all seven boxes and click OK. Check the box for your main drive (c: in most cases) and then click OK. Let the Root Repeal scan run and once itís complete (this may take some time) click on Save Report. Save the log to your desktop and then please post it in your response.
DJ Digital Gem

I gave up on computers and now I just DJ!

#5 miss_chm

miss_chm
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 11 December 2009 - 05:34 AM

@azfreetech

Hi sir, this is the report after the scan of RootRepeal:

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:		2009/12/11 18:22
Program Version:		Version 1.3.5.0
Windows Version:		Windows XP SP2
==================================================

Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA9218000	Size: 49152	File Visible: No	Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\Documents and Settings\All Users\Application Data\Pure Networks\Network Magic\371E4854d01
Status: Locked to the Windows API!

Path: c:\documents and settings\all users\application data\pure networks\network magic\log\logfile.nmsrvc_exe.txt
Status: Size mismatch (API: 61996, Raw: 61682)

Path: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oaqt5h2s.default\sessionstore.js
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oaqt5h2s.default\urlclassifierkey3.txt
Status: Visible to the Windows API, but not on disk.

Path: c:\documents and settings\administrator\local settings\application data\mozilla\firefox\profiles\oaqt5h2s.default\cache\_cache_001_
Status: Size mismatch (API: 499903, Raw: 492648)

Path: c:\documents and settings\administrator\local settings\application data\mozilla\firefox\profiles\oaqt5h2s.default\cache\_cache_002_
Status: Size mismatch (API: 689024, Raw: 684039)

Path: c:\documents and settings\administrator\local settings\application data\mozilla\firefox\profiles\oaqt5h2s.default\cache\_cache_003_
Status: Size mismatch (API: 1196793, Raw: 1172258)

Path: C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\oaqt5h2s.default\Cache\86102317d01
Status: Visible to the Windows API, but not on disk.

SSDT
-------------------
#: 025	Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa0126b8

#: 041	Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa012574

#: 065	Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa012a52

#: 068	Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa01214c

#: 119	Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa01264e

#: 122	Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa01208c

#: 128	Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa0120f0

#: 177	Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa01276e

#: 204	Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa01272e

#: 247	Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaa0128ae

#: 257	Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xaa0cf0b0

==EOF==





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users