| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 136471 | 2014-03-03 05:59:00 | Possible Trojan? | Poppa John (284) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1369192 | 2014-03-03 05:59:00 | Hi All. Toshiba L10 Laptop. XP Home SP3. I have mistakenly downloaded a program that purported to be from Windows. I cannot get rid of it. It is not in Add/remove. Whenever I click on an icon I get a warning from this programme telling me that I am infected by something or other. I have got the following details off it. Activate. Windows Advanced Security Centre. Windows Antivirus Booster. Windows United development. Is anyone familiar with this problem? PJ |
Poppa John (284) | ||
| 1369193 | 2014-03-03 06:40:00 | Ok...panic over. It has"come right" all by itself. PJ | Poppa John (284) | ||
| 1369194 | 2014-03-03 06:44:00 | Dont count on it. Those things dont go away on their own. Depending on what AV you have, it may have caught it. Other wise go to malwaretips.com option 2 & 3 then also run www.bleepingcomputer.com |
wainuitech (129) | ||
| 1369195 | 2014-03-03 07:46:00 | Could some on check this for mw please, before I do as W says? Thanks. PJ Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:25:52 p.m., on 3/03/2014 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe C:\WINDOWS\system32\igfxext.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.bing.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.bing.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = websearch.searchguru.info R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = websearch.searchguru.info R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = www.bing.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.bing.com O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\s wg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [LaunchApp] launchapp O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [CommonToolkitTray] C:\Program Files\Fighters\Tray\FightersTray.exe O4 - HKLM\..\Run: [sfagent] C:\Program Files\Fighters\SPAMfighter\sfagent.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [EPSON TX300F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIE JP.EXE /FU "C:\WINDOWS\TEMP\E_SA.tmp" /EF "HKCU" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LightShot] C:\Documents and Settings\User\Local Settings\Application Data\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue O4 - HKCU\..\Run: [se] C:\Users\user\AppData\Roaming\SkypEmoticons\SE.exe /minimized O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [FAV-S] C:\Documents and Settings\User\Application Data\svc-gkgn.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/stg_drm.ocx O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - www.myheritage.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - www.update.microsoft.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - www.update.microsoft.com O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/armhelper.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe O23 - Service: Macrium Reflect Image Mounting Service (ReflectService.exe) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\Fighters\SPAMfighter\sfus.exe O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files\Fighters\FighterSuiteService.exe O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- End of file - 8832 bytes |
Poppa John (284) | ||
| 1369196 | 2014-03-03 09:24:00 | Those infections don't simply disappear on their own, your AV may have detected & removed it - check the logs to see. HijackThis doesn't always show them either. Had one this afternoon, annoying popup warning saying it had problems, HijackThis couldn't see it because it was named as a legit System file. Finally got it out when rougeKiller detected it as a fake. |
wainuitech (129) | ||
| 1369197 | 2014-03-03 10:57:00 | what AV? - there doesn't appear to be one is there? If PJ had one before, looks like it got dealt to in the process Did you happen to click on a "Video Codec" download that was required to view an embedded browser movie PJ? These quite often get in initially that way I'd give do as WT says, and I'd do a scan with MalwareBytes (www.malwarebytes.org) as well myself |
bevy121 (117) | ||
| 1369198 | 2014-03-03 18:59:00 | R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = websearch.searchguru.info I'd remove these for starters..... |
pctek (84) | ||
| 1369199 | 2014-03-04 04:05:00 | Ok I am on the PC. laptops is stuffed. Any icon I click on brings up a warning. If I try to open sometning... the same. Wont let me into antispyware , malwebytes etc. If I download those two sites of W's onto a usb dongle from here & try to run them on the laptop, would that work? PJ | Poppa John (284) | ||
| 1369200 | 2014-03-04 04:10:00 | One of W\s programmes suggest doing a system restore. How do I do that. PJ | Poppa John (284) | ||
| 1369201 | 2014-03-04 04:21:00 | Download Kaspersky Rescue Disk 10 support.kaspersky.com on another comp and boot from it Sounds like you have a nasty there |
Lawrence (2987) | ||
| 1 2 3 4 | |||||