Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Soon Going Mad


  • Please log in to reply
1 reply to this topic

#1 Dollargrin

Dollargrin

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:08 AM

Posted 14 April 2006 - 10:34 AM

Hey,
a few days ago I got some kind of virus/trojan or something in to my computer. After a few attempts to get rid of whatever it was, I bought a totally new hard drive. I installed Windows XP on the new one, but the damned thing wasn't gone. (How that happened is beyond my understanding. But just so you get all the facts, my first hard drive was devided in three parts (don't know the english word for that - sorry) and when I ran f-secure for the other two parts, the ones where my operating system wasn't installed, I got no sign of infection. Therefore I copied those two to my new hard drive. Had some very important and private stuff there.)
Anyway, here's a log file from Hijack this. It's from my new hard drive.
If anyone can give me some tips about what to do and how to get a healty computer again, I would be most greatful.
The absolute most important thing is that some parts of the files that I copied isn't ruined. But as far as I can tell all those are fine - on both hard drives.

-------------

Logfile of HijackThis v1.99.1
Scan saved at 17:16:52, on 2006-04-14
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\userinit.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\System32\rundll32.exe
H:\Program\Java\jre1.5.0_06\bin\jusched.exe
H:\Program\Messenger\msmsgs.exe
H:\WINDOWS\System32\ctfmon.exe
H:\Documents and Settings\Peter\ch32.exe
H:\Documents and Settings\Peter\Lokala inställningar\Temp\Temporär katalog 3 för hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vlt.se/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - H:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [zxwin] rundll32.exe H:\WINDOWS\System32\zxwin.dll,start
O4 - HKLM\..\Run: [SunJavaUpdateSched] H:\Program\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "H:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [hostserv] hostserv.exe
O4 - HKCU\..\Run: [Free Download Manager] H:\Program\Free Download Manager\fdm.exe -autorun
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - H:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - H:\WINDOWS\web\related.htm
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab


-----------------

Thanks in advance. I hope you understood what I wrote at the top.
Cheers
Peter in Sweden

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:10:08 PM

Posted 22 April 2006 - 10:52 AM

Hello Dollargrin and welcome to the BC HijackThis forum. The first thing we need to do is update the operating system on this computer.

Your operating system is extremely out of date. By not keeping the OS updated the computer is vulnerable to every infection on the net and in emails today and trying to repair an unpatched system is virtually impossible. For update purposes, Microsoft has even stopped supporting a system that is this far out of date. Go to the Microsoft Windows XP Service Pack 1.a site and install Service Pack 1a.

Once that is done, go back to the Windows Update site and install all available Critical Updates but do not install SP2 at this time. This will patch the system with the most current security fixes and plug all the known holes which are present on this system. If you are not on a broadband connection the Service Pack can be obtained from Microsoft for a nominal shipping fee.

After all of the updates have been performed post a new HijackThis log back here using the Add Reply button and I will review it when it comes in.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users