Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Doubleclick, Avenue A, Mediaplex


  • Please log in to reply
1 reply to this topic

#1 AustinHoney

AustinHoney

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:04 AM

Posted 20 February 2006 - 09:38 AM

I just had to install a new harddrive on Wednesday, so you can imagine my dismay at having crap on the machine already. I do know how some got here. Not sure about the rest. The old hard drive crapped out but is currently connected for data salvage purposes. So at the moment I am scanning both drives.

I have run Hijack this and see nothing. I did follow the directions in the self-help section for cydoor, which was on the machine and it seems to be gone now.

I have run adaware and spybot, and am running bit defender standard. Have installed XP service pack 2 and all office updates.

When I run the scans, I clean everything, reboot and then rescan and still have stuff. This is what I currently deleted (and fully expect to be back on the system at reboot:
DSO Exploit (according to another thread..this poses no threat???)
DoubleClick
Avenue A
MediaPlex

Hijack this log for good measure:
Logfile of HijackThis v1.99.1
Scan saved at 10:15:31 PM, on 2/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
F:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
F:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
F:\Program Files\Softwin\BitDefender9\vsserv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\progra~1\softwin\bitdef~1\bdmcon.exe
F:\progra~1\softwin\bitdef~1\bdnagent.exe
F:\progra~1\softwin\bitdef~1\bdswitch.exe
F:\Program Files\MailSanctity\MSTray.exe
F:\Program Files\D-Tools\daemon.exe
F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
F:\WINDOWS\system32\hphmon03.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\eFax Messenger 4.1\J2GTray.exe
F:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
F:\Program Files\WinZip\WZQKPICK.EXE
F:\WINDOWS\system32\HPHipm09.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\downloads\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NVMixerTray] "F:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BDMCon] f:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] "F:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "F:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKLM\..\Run: [MailSanctity] "F:\Program Files\MailSanctity\MSTray.exe" /startup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] F:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] F:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eFax 4.1] "F:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" /R
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: eFax 4.1.lnk = F:\Program Files\eFax Messenger 4.1\J2GTray.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = F:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://F:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://F:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://F:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://F:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140038986499
O23 - Service: Adobe LM Service - Unknown owner - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - F:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - F:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - F:\WINDOWS\system32\HPHipm09.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - F:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - F:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Suggestions???

Thanks in advance.

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:04 PM

Posted 24 February 2006 - 05:12 PM

Hello AustinHoney and welcome to the BC HijackThis forum. I do not see any signs of viruses or malware in this log. It is clean.

The older versions of Spybot always found a DSO exploit. I have not seen it in the latest version. Check to make sure that you are using version 1.4.

For the other problems being found, can you post the log from the program that is finding the problems back here so I can see what is being found and where it is located? Then we can go from there.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users