Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Torgan Horse Looktome


  • Please log in to reply
1 reply to this topic

#1 Muhammad Yahya Waqas

Muhammad Yahya Waqas

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 11 May 2006 - 09:37 AM

Logfile of HijackThis v1.99.1
Scan saved at 7:36:52 PM, on 5/11/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Apache Group\Apache\Apache.exe
C:\Program Files\Apache Group\Apache\Apache.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\oracle\ora92\BIN\TNSLSNR.exe
c:\oracle\ora92\bin\ORACLE.EXE
c:\oracle\ora92\bin\ORACLE.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\defender1.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINNT\system32\ctfmon.exe
C:\D-Link\AirPlusG+\AirPlus.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\mmc.exe
C:\WINNT\system32\msiexec.exe
c:\oracle\ora92\bin\oidservice.exe
c:\oracle\ora92\bin\oidldapd.exe
c:\oracle\ora92\bin\oidldapd.exe
D:\e2esp\Oracle CoreID\as_windows_x86_coreid_access_id_7040\COREid7_0_4_Win32_ISAPI_WebPass.exe
C:\DOCUME~1\WaqasY\LOCALS~1\Temp\LRE1A.tmp\bin\jre.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = iris:8080
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [defender] C:\\defender1.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: D-Link AirPlus G+ Wireless Utility.lnk = C:\D-Link\AirPlusG+\AirPlus.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2006\spy.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2006\spy.htm
O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2006\spy.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/pro...631382D2D2D.exe
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = e2esp.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E9D7015-6A6E-4B20-B4F2-7634062E86D6}: NameServer = 192.168.0.201,192.168.0.200
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = e2esp.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{3E9D7015-6A6E-4B20-B4F2-7634062E86D6}: NameServer = 192.168.0.201,192.168.0.200
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Shell Extensions - C:\WINNT\system32\MLIMTF.DLL (file missing)
O20 - Winlogon Notify: Uninstall - C:\WINNT\system32\dheml.dll (file missing)
O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NetPoint COREid Server (coreid_service) (ObOISServer-coreid_service) - Unknown owner - C:\Program Files\NetPoint\identity\oblix\apps\common\bin\ois_server.exe
O23 - Service: OracleDirectoryService_coreID - Unknown owner - c:\oracle\ora92\bin\oidservice.exe
O23 - Service: OracleDirectoryService_coreid2 - Unknown owner - c:\oracle\ora92\bin\oidservice.exe
O23 - Service: OracleOraHome92Agent - Oracle Corporation - c:\oracle\ora92\bin\agntsrvc.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - c:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: OracleOraHome92HTTPServer - Unknown owner - c:\oracle\ora92\Apache\Apache\apache.exe" --ntservice (file missing)
O23 - Service: OracleOraHome92SNMPPeerEncapsulator - Unknown owner - c:\oracle\ora92\BIN\ENCSVC.EXE
O23 - Service: OracleOraHome92SNMPPeerMasterAgent - Unknown owner - c:\oracle\ora92\BIN\AGNTSVC.EXE
O23 - Service: OracleOraHome92TNSListener - Unknown owner - c:\oracle\ora92\BIN\TNSLSNR.exe
O23 - Service: OracleServiceCOREID - Oracle Corporation - c:\oracle\ora92\bin\ORACLE.EXE
O23 - Service: OracleServiceCOREID2 - Oracle Corporation - c:\oracle\ora92\bin\ORACLE.EXE

BC AdBot (Login to Remove)

 


#2 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:23 AM

Posted 13 May 2006 - 06:50 AM

Please download Look2Me-Destroyer.exe to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
  • Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users