Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Explorer Hanging


  • Please log in to reply
1 reply to this topic

#1 zaid

zaid

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 18 November 2004 - 03:50 AM

Hi,

I can not open my internet explorer and windows explorer, i think my pc is infected with such a spyware or adware, also there is a proccess called binas.exe which takes 99% of my cpu and i cann't kill it, it seems that there another process which start it always, i used the hijack and here is the log file :

Hope you can help me ASAP Please. :thumbsup:

NOTE: i have searched about the binas.exe and did not found it, also there a registry key named RunOnce that contains the file path c:\winnt\fonts\binas.exe rerun.

Logfile of HijackThis v1.98.2
Scan saved at 8:34:23 PM, on 11/17/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\ffpsrv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\taskmgr.exe
C:\welchi\HijackThis.exe
C:\WINNT\Fonts\binas.exe

O1 - Hosts: m
O1 - Hosts: m
O1 - Hosts: om
O1 - Hosts: com
O1 - Hosts: 27.0.0.1 tv.180solution
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BHO - {06CAD548-14DD-4fa3-9EA9-05F83C18CBD7} - C:\WINNT\System32\mspxs32.dll
O2 - BHO: CATLEvents Object - {3EC8E271-FAB9-418a-8A8E-65AEB4029E64} - C:\DOCUME~1\aboud\LOCALS~1\Temp\smssv.dat
O2 - BHO: CATLEvents Object - {55E301E5-BA44-4095-BB0B-14E0123CCF71} - C:\DOCUME~1\user\LOCALS~1\Temp\sar.dat
O2 - BHO: CATLEvents Object - {60112085-E1CE-4e0e-823A-EBB1AD98804C} - C:\DOCUME~1\SALAMZ~1.002\LOCALS~1\Temp\smssv.dat
O2 - BHO: CATLEvents Object - {8109AF33-6949-4833-8881-43DCC232B7B2} - C:\DOCUME~1\SALAMZ~1.002\LOCALS~1\Temp\smssv.dat
O2 - BHO: CATLEvents Object - {870B70D4-F6DA-47AE-9158-D146440A0A4D} - C:\DOCUME~1\user\LOCALS~1\Temp\sanib.dat
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: CATLEvents Object - {F32F8ECD-6CF3-459D-82F2-9738392C85A8} - C:\DOCUME~1\SALAMZ~1.002\LOCALS~1\Temp\smssv.dat
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: DashBar Toolbar - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - C:\Program Files\DashBar\DashBar15.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [THOffice] C:\Program Files\THOffice\THOffice.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINNT\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVCOMS] C:\WINNT\System32\LVCOMS.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [SysUpd] C:\WINNT\sysupd.exe
O4 - HKLM\..\Run: [vssms] C:\WINNT\system\vssms.exe
O4 - HKLM\..\Run: [*vssms] C:\WINNT\system\vssms.exe
O4 - HKLM\..\Run: [*vbweb] C:\WINNT\ServicePackFiles\vbweb.exe
O4 - HKLM\..\Run: [*olecom] C:\WINNT\olecom.exe
O4 - HKLM\..\Run: [*bakrun] C:\WINNT\bakrun.exe
O4 - HKLM\..\Run: [*adsvr] C:\WINNT\system\adsvr.exe
O4 - HKLM\..\Run: [*crdns] C:\WINNT\Web\crdns.exe
O4 - HKLM\..\Run: [*odbcole] C:\WINNT\repair\odbcole.exe
O4 - HKLM\..\Run: [Wampagent] C:\WINNT\Winampagent.exe
O4 - HKLM\..\Run: [*libodbc] C:\WINNT\Tasks\libodbc.exe
O4 - HKLM\..\Run: [*inetdb] C:\WINNT\repair\inetdb.exe
O4 - HKLM\..\Run: [*ras] C:\WINNT\Speech\ras.exe
O4 - HKLM\..\Run: [*avpc] C:\WINNT\system\avpc.exe
O4 - HKLM\..\Run: [*crreg] C:\WINNT\Tasks\crreg.exe
O4 - HKLM\..\Run: [*binas] C:\WINNT\Fonts\binas.exe
O4 - HKLM\..\Run: [Win32SystemMonitor] C:\WINNT\Pqo.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\RunOnce: [*binas] C:\WINNT\Fonts\binas.exe rerun
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Win32SystemMonitor] C:\WINNT\Pqo.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Start HTML Search Server.lnk = F:\WebSphere\SQLLIB\bin\db2nq.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = zaid.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = zaid.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = zaid.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = zaid.com

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,612 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:14 PM

Posted 18 November 2004 - 09:44 PM

Please download and install Trojan Hunter and then run it and remove all it finds. You can download it here:

http://www.trojanhunter.com/products/TrojanHunter.exe

Then do the following:

Please run two online virus scans:

http://housecall.antivirus.com/
http://www.pandasoftware.com/activescan/

Then let us know if its working better and what the scans found.

Finally post another log




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users