Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problems With Proxy.horst.an , Help Please :(


  • This topic is locked This topic is locked
3 replies to this topic

#1 andresito

andresito

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 24 April 2006 - 08:52 PM

hi, since a few days i have some files infected with proxy.horst.an and downloader.agent.ajd

in documents and settings\user\temp i have found some exe files, variations of exmodul32.exe ex: 20exmodul32.exe, 84exmodul32.exe, etc. i have desinfected these files with ewido, here is ewido report and last hijackthis report, thanks, so much, bye

Logfile of HijackThis v1.99.1
Scan saved at 21:38:19, on 24-04-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\User\Desktop\Aplicaciones\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: A2NPopUpKiller Class - {8A321C7D-9CED-45A8-870D-DAE843A45FD0} - C:\Program Files\Armor2net\Armor2net Personal Firewall\PopUpKiller.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Armor2net] C:\Program Files\Armor2net\Armor2net Personal Firewall\Armor2net.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - http://www.riffinteractive.com/setup/RiffLick.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135617614671
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe


ewido:


ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 21:30:29, 24-04-2006
+ Report-Checksum: 6B7A007F

+ Scan result:

C:\!KillBox\20exmodul32.exe( 8)( 19) -> Proxy.Horst.an : Cleaned with backup
C:\!KillBox\20exmodul32.exe( 8)( 36) -> Proxy.Horst.an : Cleaned with backup
C:\!KillBox\20exmodul32.exe( 8)( 53) -> Proxy.Horst.an : Cleaned with backup
C:\!KillBox\20exmodul32.exe( 8)( 7) -> Proxy.Horst.an : Cleaned with backup
C:\!KillBox\85exmodul32.exe( 2)( 6)( 14) -> Proxy.Horst.an : Cleaned with backup
C:\!KillBox\85exmodul32.exe( 2)( 6)( 2) -> Proxy.Horst.an : Cleaned with backup
C:\!KillBox\85exmodul32.exe( 2)( 6)( 31) -> Proxy.Horst.an : Cleaned with backup
C:\!KillBox\85exmodul32.exe( 2)( 6)( 48) -> Proxy.Horst.an : Cleaned with backup
:mozilla.10:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\y60ow9t6.Default User\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.11:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\y60ow9t6.Default User\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\39exssd32a.exe -> Downloader.Agent.ajd : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\44exssd32a.exe -> Downloader.Agent.ajd : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\49exssd32a.exe -> Downloader.Agent.ajd : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\86exssd32a.exe -> Downloader.Agent.ajd : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\89exssd32a.exe -> Downloader.Agent.ajd : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\92exssd32a.exe -> Downloader.Agent.ajd : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\96exssd32a.exe -> Downloader.Agent.ajd : Cleaned with backup

BC AdBot (Login to Remove)

 


#2 andresito

andresito
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 25 April 2006 - 04:08 PM

ayuda por favor :thumbsup:

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:48 PM

Posted 30 April 2006 - 10:21 AM

Hi,

The forums are really busy, that explains why logs get behind. We start with the oldest logs first. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look. :thumbsup:

Please post a hijackthislog made in normal mode. :flowers:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:48 PM

Posted 05 May 2006 - 05:24 PM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users