Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spybot Shows Torpig And Smitfraud


  • Please log in to reply
1 reply to this topic

#1 swale

swale

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:25 PM

Posted 15 November 2006 - 08:50 PM

I have ran Spybot S&D several times and it can't seem to eliminate these two. Here is my lof can someone please help?

Swale

Logfile of HijackThis v1.99.1
Scan saved at 5:38:51 PM, on 11/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Updater.exe
C:\WINDOWS\system32\services.exe
C:\EDS\I-DEAS10\sec\lmgrd.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\EDS\I-DEAS10\Iona\OrbixE2A\asp\5.1\bin\itconfig_rep.exe
C:\EDS\I-DEAS10\sec\eds_id10.exe
C:\EDS\I-DEAS10\mf\mfjobman\bin\mfjobman.exe
C:\WINDOWS\system32\msasvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\EDS\I-DEAS10\Iona\OrbixE2A\asp\5.1\bin\itlocator.exe
C:\EDS\I-DEAS10\Iona\OrbixE2A\asp\5.1\bin\itnode_daemon.exe
C:\EDS\I-DEAS10\Iona\OrbixE2A\asp\5.1\bin\itnaming.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: - {05d011c9-f8c0-4f89-a26e-0a2aa38f3ad1} - C:\WINDOWS\system32\hocx.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [WinMedia] C:\112090218.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1117866173218
O16 - DPF: {894B8712-11F1-48A7-899F-36D6C695D9D8} - http://service.sympatico.ca/codebaby/core/codebaby.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://blacks.pnimedia.com/upload/activex/...tupv2.0.0.9.cab?
O20 - AppInit_DLLs: C:\WINDOWS\system32\systf61.dll e1.dll icmufecl.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: FLEXlm Service 1 IDEAS - GLOBEtrotter Software Inc. - C:\EDS\I-DEAS10\sec\lmgrd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IT iona_services.config_rep.s-0ckukjurq3hac cfr-MyDomain - Unknown owner - C:\EDS\I-DEAS10\Iona\OrbixE2A\asp\5.1\bin\itconfig_rep.exe" -ORBproduct_dir "C:\EDS\I-DEAS10\Iona\OrbixE2A" -ORBlicense_file "C:\EDS\I-DEAS10\Iona\OrbixE2A\Licenses.txt" -ORBconfig_dir "C:\EDS\I-DEAS10\Iona\OrbixE2A\etc" -ORBconfig_domains_dir "C:\EDS\I-DEAS10\Iona\OrbixE2A\etc\domains" -ORBdomain_name cfr-MyDomain -ORBname iona_services.config_rep.s-0ckukjurq3hac -plugin=config_rep it_jump_start (file missing)
O23 - Service: IT iona_services.locator.s-0ckukjurq3hac MyDomain - Unknown owner - C:\EDS\I-DEAS10\Iona\OrbixE2A\asp\5.1\bin\itlocator.exe" -ORBproduct_dir "C:\EDS\I-DEAS10\Iona\OrbixE2A" -ORBlicense_file "C:\EDS\I-DEAS10\Iona\OrbixE2A\Licenses.txt" -ORBconfig_dir "C:\EDS\I-DEAS10\Iona\OrbixE2A\etc" -ORBconfig_domains_dir "C:\EDS\I-DEAS10\Iona\OrbixE2A\etc\domains" -ORBdomain_name MyDomain -ORBname iona_services.locator.s-0ckukjurq3hac -plugin=locator it_jump_start (file missing)
O23 - Service: IT iona_services.naming.s-0ckukjurq3hac MyDomain - Unknown owner - C:\EDS\I-DEAS10\Iona\OrbixE2A\asp\5.1\bin\itnaming.exe" -ORBproduct_dir "C:\EDS\I-DEAS10\Iona\OrbixE2A" -ORBlicense_file "C:\EDS\I-DEAS10\Iona\OrbixE2A\Licenses.txt" -ORBconfig_dir "C:\EDS\I-DEAS10\Iona\OrbixE2A\etc" -ORBconfig_domains_dir "C:\EDS\I-DEAS10\Iona\OrbixE2A\etc\domains" -ORBdomain_name MyDomain -ORBname iona_services.naming.s-0ckukjurq3hac -plugin=naming it_jump_start (file missing)
O23 - Service: IT iona_services.node_daemon.s-0ckukjurq3hac MyDomain - Unknown owner - C:\EDS\I-DEAS10\Iona\OrbixE2A\asp\5.1\bin\itnode_daemon.exe" -ORBproduct_dir "C:\EDS\I-DEAS10\Iona\OrbixE2A" -ORBlicense_file "C:\EDS\I-DEAS10\Iona\OrbixE2A\Licenses.txt" -ORBconfig_dir "C:\EDS\I-DEAS10\Iona\OrbixE2A\etc" -ORBconfig_domains_dir "C:\EDS\I-DEAS10\Iona\OrbixE2A\etc\domains" -ORBdomain_name MyDomain -ORBname iona_services.node_daemon.s-0ckukjurq3hac -plugin=node_daemon it_jump_start (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Moldflow Job Manager (mfjobman) - Unknown owner - C:\EDS\I-DEAS10\mf\mfjobman\bin\mfjobman.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 17 November 2006 - 04:27 PM

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). We’ll get them next step.
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
===============================

Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.com/consumer/products/s...4129&ac=tsg

(It's a 2 week trial.)

* Click the Try Spy Sweeper for FreeDownload the trial link.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.

Also post a new Hijack This log.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users