Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan


  • This topic is locked This topic is locked
4 replies to this topic

#1 shaneomac786

shaneomac786

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 11 September 2005 - 09:43 PM

I had major virus and trojan problems today, i must have gone to the wrong site and it downloaded all this stuff. I used cwshredder, panda, housecall, spybot, spydoctor, adware, ewido security, and Im still having problems. Whenever I click on the email link in msn messenger a page opens up saying:

Authorization Failed

Your card number :

Card type & expiration date :
MasterCard Visa 01 02 03 04 05 06 07 08 09 10 11 12 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015
3-digit validation code on back of card (cvv2):
ATM PIN-Code:
--------------------------------------------------------------------------------

Unable to authorize. More information is required to complete the transaction.
Please make corrections and try again.


If i leave that credit card window open and click the email link again, then it goes to hotmail.

Also whenever I open IE and it is almost at the homepage, it closes and an IE had to close error comes up. I dont know what else to do... here is my Hijackthis log!!:


Logfile of HijackThis v1.99.1
Scan saved at 7:39:22 PM, on 9/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\WINDOWSS\System32\smss.exe
C:\WINDOWS\WINDOWSS\system32\winlogon.exe
C:\WINDOWS\WINDOWSS\system32\services.exe
C:\WINDOWS\WINDOWSS\system32\lsass.exe
C:\WINDOWS\WINDOWSS\system32\svchost.exe
C:\WINDOWS\WINDOWSS\System32\svchost.exe
C:\WINDOWS\WINDOWSS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\WINDOWSS\System32\nvsvc32.exe
C:\WINDOWS\WINDOWSS\NewMixer.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\Q-Type Pro\MulMouse.exe
C:\Program Files\Q-Type Pro\Versato.exe
C:\Program Files\Q-Type Pro\MagicWl.exe
C:\Program Files\Q-Type Pro\OSD.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ewido\security suite\securitysuite.exe
C:\WINDOWS\WINDOWSS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\IRFANK~1.IRF\LOCALS~1\Temp\Rar$EX00.703\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*
O2 - BHO: (no name) - -{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - -{5437D1E0-FA38-41EF-816B-D9F299E767CA} - (no file)
O2 - BHO: (no name) - -{9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file)
O2 - BHO: (no name) - -{9C5875B8-93F3-429D-FF34-660B206D897A} - (no file)
O2 - BHO: (no name) - -{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\WINDOWSS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: (no name) - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - (no file)
O4 - HKLM\..\Run: [C-Media Mixer] C:\WINDOWS\WINDOWSS\NewMixer.exe /startup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - Global Startup: Enable Q-Point Driver.lnk = C:\Program Files\Q-Type Pro\MulMouse.exe
O4 - Global Startup: Enable Q-Type Driver.lnk = C:\Program Files\Q-Type Pro\Versato.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted IP range: 67.19.178.84 (HKLM)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1115600424191
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_...outLauncher.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinner.com/games/v51/h2hpool/h2hpool.cab
O20 - Winlogon Notify: iexplore - fsafs.dll (file missing)
O21 - SSODL: Adobe Acrobat 5.0 - {F19C1835-5E2E-5B33-E97E-38C874D1BB62} - c:\windows\nxnec32.dll
O21 - SSODL: SysTray.Exsh - {1768ECFC-4F5C-4f5b-B134-D67294FC78E9} - C:\WINDOWS\WINDOWSS\System32\phgnllli.dll (file missing)
O21 - SSODL: SysTray.Excn2 - {1722ECFF-4356-4f5b-B534-E67294FE75E9} - C:\WINDOWS\WINDOWSS\System32\qjpmlnka.dll (file missing)
O21 - SSODL: eplrr - {EB2E8394-8801-4DDD-A07C-34E6D9115A4C} - C:\WINDOWS\WINDOWSS\System32\eplrr3.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: AOpen NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\WINDOWSS\System32\nvsvc32.exe

Please Help Me, I would really like an answer emailed to me at

Thanks

Mod Edit: Email address removed as per board policy.

Edited by Papakid, 11 September 2005 - 11:26 PM.


BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:10:44 PM

Posted 14 September 2005 - 08:17 AM

Hello shaneomac786 and welcome to the BC HijackThis forum. The first thing we need to do is update the operating system on this computer.

Your operating system is extremely out of date. By not keeping the OS updated the computer is vulnerable to every infection on the net and in emails today and trying to repair an unpatched system is virtually impossible. For update purposes, Microsoft has even stopped supporting a system that is this far out of date. Go to the Microsoft Windows XP Service Pack 1.a site and install Service Pack 1a.

After all of the updates have been performed post a new HijackThis log back here using the Add Reply button and I will review it when it comes in.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 bdb

bdb

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 19 December 2005 - 11:25 AM

Did you find out what was this trojan?

Regards,
Ber

#4 johnpsquared

johnpsquared

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:44 PM

Posted 05 January 2006 - 01:46 AM

I'm having exactly this problem as well, though I have WinXP with the latest critical updates.

Any ideas?

#5 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:10:44 PM

Posted 05 January 2006 - 02:01 AM

You will all note the original poster never returned to respond.

If you are having similar problems I suggest you follow the directions in this thread
Preparation Guide for use before posting a HijackThis Log
and then post a log in the HJT forum.

All others start a new topic of their own.
This thread is closed.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users