Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Infected By Several Trojan And Backdoor Viruses

  • This topic is locked This topic is locked
2 replies to this topic

#1 novirusplease


  • Members
  • 142 posts
  • Local time:01:10 AM

Posted 30 January 2006 - 12:13 PM

I use WinXP and run AVG, Spyware Doctor and ZoneAlarm to protect my PC. I scan with the online Ewido and Bitdefender on a regular basis.
My PC behave in a strange manner lately. It suddenly slows down when opening IE. The CPU activity rises to 100% and finally it is not even possible to fill in an online form (it was a hell of a pain to write this log). Closing an IE windows in not possible neither. I had to log at least 20 times to post this log. My Hijackthis log is as follows:

Logfile of HijackThis v1.99.1
Scan saved at 18:11:03, on 30.01.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\Programme\ewido anti-malware\ewidoctrl.exe
C:\Programme\ewido anti-malware\ewidoguard.exe
C:\Programme\Spyware Doctor\sdhelp.exe
C:\Programme\IC Card Reader Driver v1.8e2\Disk_Monitor.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\Spyware Doctor\swdoctor.exe
C:\Programme\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\Programme\Microsoft Office\Office\OSA.EXE
C:\Programme\Microsoft Office\Office\MSOFFICE.EXE
C:\Programme\Microsoft Office\Office\FINDFAST.EXE
C:\Programme\Outlook Express\msimn.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Microsoft Office\Office\Winword.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Disk Monitor] C:\Programme\\IC Card Reader Driver v1.8e2\Disk_Monitor.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programme\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Programme\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Démarrage d'Office.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Gestionnaire Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137936183467
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD4D0C42-C427-4D66-B9F7-02C6E4C746C1}: NameServer =
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido anti-malware\ewidoguard.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programme\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe (file missing)

Any help is appreciated. Many thanks in advance.

BC AdBot (Login to Remove)



#2 OldTimer


    Malware Expert

  • Members
  • 11,092 posts
  • Gender:Male
  • Location:North Carolina
  • Local time:02:10 AM

Posted 04 February 2006 - 01:16 PM

Hello novirusplease and welcome to the BC HijackThis forum. The first thing we need to do is update the operating system on this computer.

Your operating system is extremely out of date. By not keeping the OS updated the computer is vulnerable to every infection on the net and in emails today and trying to repair an unpatched system is virtually impossible. For update purposes, Microsoft has even stopped supporting a system that is this far out of date. Go to the Microsoft Windows XP Service Pack 1.a site and install Service Pack 1a.

Once that is done, go back to the Windows Update site and install all available Critical Updates but do not install SP2 at this time. This will patch the system with the most current security fixes and plug all the known holes which are present on this system. If you are not on a broadband connection the Service Pack can be obtained from Microsoft for a nominal shipping fee.

After all of the updates have been performed post a new HijackThis log back here using the Add Reply button and I will review it when it comes in.


I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.

Posted Image

#3 Scarlett


    Bleeping Diva

  • Members
  • 7,479 posts
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:01:10 AM

Posted 27 March 2006 - 05:55 PM

Due to the fact that, novirusplease has re-posted this particular topic,
and including the lack of activity here, this thread will now be closed.

~ Scarlett

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users