| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 106289 | 2010-01-03 20:56:00 | Security Tool Virus | B.M. (505) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 845316 | 2010-01-04 08:33:00 | Ahhh Roger. It's just doing yet another scan so I might call it a day and start again in the morning. Thanks. |
B.M. (505) | ||
| 845317 | 2010-01-04 08:36:00 | With TR not running, try removing it with Revo uninstaller, get the portable version (www.revouninstaller.com) that way you dont need to install it. Run it - click on Trojan Remover - Uninstall, Select Advanced Mode once TR does its own uninstall DONT reboot if it asks, click next and remove all the reg keys and folders it finds, reboot then try TR again - last time I did that it installed as if it was never there. Some of the newer Versions of Security tool are tricky to remove, programs like Combofix even are stumped as there is a process thats hidden that has to be stopped first ( it doesn't show in process manager either). |
wainuitech (129) | ||
| 845318 | 2010-01-04 08:37:00 | TR probably wont run because of its entries in the registry. You would have to remove everything. Wont tell you how, it'll be breaking the rules | Speedy Gonzales (78) | ||
| 845319 | 2010-01-04 08:47:00 | TR probably wont run because of its entries in the registry. You would have to remove everything. Wont tell you how, it'll be breaking the rules That's what I figured. If I can't get by without it I'll investigate myself. :lol: Catch up tomorrow, it's been a long day. :crying |
B.M. (505) | ||
| 845320 | 2010-01-04 08:48:00 | Run Revo as I posted in #12 that will generally remove it. | wainuitech (129) | ||
| 845321 | 2010-01-04 19:17:00 | Run Revo as I posted in #12 that will generally remove it. Ok back on deck and on with case. :rolleyes: Wainui, I have REVO installed and use it all the time to uninstall programmes. In this case it can’t locate TR to remove it. I suspect that is because the original was removed years ago. I uninstalled the new version once I finally got it installed using REVO (because it said my trial had expired) However Search has come up with a couple of folders left behind. The first is: Trojan Remover Logfiles: which is located in C:\Documents and Settings\mine\My Documents\Simply Super Software and is empty. The second is: Trojan Remover: which is in C:\Documents and Settings\mine\Application Data\Simply Super Software and contains one file called gfx1.exe. I guess these got left behind when the original version was uninstalled so it is my intention to delete them once I’ve had breakfast and a shower. I’ll then have a poke around in the registry and see what I can find there. I’ll file a progress report later complete with Hijack Log for Speedy. Just before I go, I have never had this much problem with any other Virus/Trojan/Worm etc. Mind you this is the first I’ve had on my computer they’ve always been on mates. My concern is even when I get rid of it, it may just waltz back. I note from an Internet link it marches straight through Norton’s Security Suite so that won’t please Symantic. It hasn’t pleased one of their customers either by the look of a message posted on their website. I’d be surprised if it’s still there. :lol: |
B.M. (505) | ||
| 845322 | 2010-01-04 20:41:00 | Here you go Speedy . Logfile of HijackThis v1 . 99 . 1 Scan saved at 9:39:15 a . m . , on 5/01/2010 Platform: Windows XP SP2 (WinNT 5 . 01 . 2600) MSIE: Internet Explorer v6 . 00 SP2 (6 . 00 . 2900 . 2180) Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\Ati2evxx . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\system32\Ati2evxx . exe C:\WINDOWS\Explorer . EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice . exe C:\WINDOWS\system32\spoolsv . exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService . exe C:\PROGRA~1\AVG\AVG8\avgtray . exe C:\Program Files\Common Files\Real\Update_OB\realsched . exe C:\PROGRA~1\AVG\AVG8\avgwdsvc . exe C:\WINDOWS\system32\ctfmon . exe C:\Program Files\Bonjour\mDNSResponder . exe C:\PROGRA~1\WinTV\EPG Services\System\EPGService . exe C:\Program Files\Devnz\GBPVR\GBPVRRecordingService . exe C:\Program Files\ATnotes\ATnotes . exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite . exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer . exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv . exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm . exe C:\Program Files\Devnz\GBPVR\GBPVRTray . exe C:\Program Files\WordWeb\wweb32 . exe C:\Program Files\CDBurnerXP\NMSAccessU . exe C:\WINDOWS\system32\pctspk . exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter . exe C:\WINDOWS\System32\svchost . exe C:\Program Files\Team MediaPortal\MediaPortal TV Server\TVService . exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer . exe C:\WINDOWS\system32\wbsecsvc . exe C:\WINDOWS\system32\Fast . exe C:\PROGRA~1\AVG\AVG8\avgrsx . exe C:\Program Files\Canon\CAL\CALMAIN . exe C:\Program Files\PC Connectivity Solution\ServiceLayer . exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv . exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv . exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware . exe C:\HijackThis\HijackThis . exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = * . local O1 - Hosts: 208 . 93 . 147 . 32 www . winmx . com O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro . dll O2 - BHO: btorbit . com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth . dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6 . 0\Acrobat\ActiveX\AcroIEHelper . dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin . dll O2 - BHO: WormRadar . com IESiteBlocker . NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie . dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1 . 6 . 0_06\bin\ssv . dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6 . 0\Acrobat\AcroIEFavClient . dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6 . 0\Acrobat\AcroIEFavClient . dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro . dll O4 - HKLM\ . . \Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray . exe O4 - HKLM\ . . \Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched . exe" -osboot O4 - HKCU\ . . \Run: [ctfmon . exe] C:\WINDOWS\system32\ctfmon . exe O4 - HKCU\ . . \Run: [ATnotes . exe] C:\Program Files\ATnotes\ATnotes . exe O4 - HKCU\ . . \Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite . exe" -onlytray O4 - HKCU\ . . \Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware . exe O4 - Startup: GB-PVR Tray . lnk = C:\Program Files\Devnz\GBPVR\GBPVRTray . exe O4 - Startup: WordWeb . lnk = C:\Program Files\WordWeb\wweb32 . exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt . dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt . dll/204 O8 - Extra context menu item: &WordWeb . . . - res://C:\WINDOWS\wweb32 . dll/lookup . html O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt . dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt . dll/202 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL . EXE/3000 O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro . dll O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro . dll O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro . dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro . dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 6 . 0_06\bin\ssv . dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 6 . 0_06\bin\ssv . dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp . dll O12 - Plugin for . mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin . dll O15 - Trusted Zone: http://www . nzracing . co . nz O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - . sis . com/ocis/OSInfo . cab" target="_blank">www . sis . com O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - . sis . com/ocis/SiSAutodetectNT . cab" target="_blank">www . sis . com O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - . com/files/driveragent . cab" target="_blank">driveragent . com O17 - HKLM\System\CCS\Services\Tcpip\ . . \{547037C7-49E8-48CA-A04F-821E4389FE1E}: NameServer = 123 . 100 . 71 . 1,123 . 100 . 71 . 2 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp . dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1 . DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO . dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx . dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj . dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice . exe O23 - Service: Apple Mobile Device - Apple Inc . - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService . exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc . - C:\WINDOWS\system32\Ati2evxx . exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag . exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s . r . o . - C:\PROGRA~1\AVG\AVG8\avgwdsvc . exe O23 - Service: Bonjour Service - Apple Inc . - C:\Program Files\Bonjour\mDNSResponder . exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc . - C:\Program Files\Canon\CAL\CALMAIN . exe O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG Services\System\EPGService . exe O23 - Service: GB-PVR Recording Service - WelltonWay - C:\Program Files\Devnz\GBPVR\GBPVRRecordingService . exe O23 - Service: HauppaugeTVServer - Unknown owner - C:\Program Files\WinTV\TVServer\HauppaugeTVServer . exe (file missing) O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper . exe O23 - Service: iPod Service - Apple Inc . - C:\Program Files\iPod\bin\iPodService . exe O23 - Service: LVCOMSer - Logitech Inc . - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer . exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc . - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv . exe O23 - Service: LVSrvLauncher - Logitech Inc . - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch . exe O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL . 1\MSSQL\Binn\sqlservr . exe" -sSQLEXPRESS (file missing) O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU . exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32 . exe O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc . - C:\WINDOWS\system32\pctspk . exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer . exe O23 - Service: TVService - Team MediaPortal - C:\Program Files\Team MediaPortal\MediaPortal TV Server\TVService . exe O23 - Service: wbsecsvc - Integrated System Solution Corp . - C:\WINDOWS\system32\wbsecsvc . exe O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk . exe (file missing) |
B.M. (505) | ||
| 845323 | 2010-01-05 04:06:00 | I am currently using Microsoft Security in Windows7 & it has swatted some really bad Trojans which were overlooked by Comodo, Avast & Spy Bot. | mzee (3324) | ||
| 845324 | 2010-01-05 04:21:00 | I would update the service pack, coz support for SP2 will die soon. And I would definitely update IE to 7 or 8. The only thing is with IE 8, IEPro doesnt work properly Uninstall ALL versions of Java, then update it. Its out of date. Hmm everything else looks OK. I wouldnt rely on Comodo's AV Mzee. If its installed. And if it is, I would uninstall it, if Avast is installed |
Speedy Gonzales (78) | ||
| 845325 | 2010-01-05 05:00:00 | I am currently using Microsoft Security in Windows7 & it has swatted some really bad Trojans which were overlooked by Comodo, Avast & Spy Bot. Well that’s good news, but I wonder if this "Security Tools" was one of them? It would be interesting to know because it seems we had about half a dozen infections reported on this site in just one day. I wonder what we were all using. Reading various threads on the internet from other sites its wrecked havoc around the world, obviously designed to disable any protection before it goes about its business. Anyway, I’m back to normal it would seem, but what a mission. But just to tidy up. Back in post #5 I reported the various programmes used were reporting a clean bill of health, however the LAN light on my modem was flashing continuously. Well, I couldn’t find the culprit, but I had a brainwave. I remembered that this Virus/Trojan whatever had disabled System Restore – Task Manager – Control Panel just about everything, but as I cleaned up the infections from Safe Mode the various facilities started to return. So, I took a punt. I went to System Restore (remember I couldn’t turn it off) and elected to restore to a couple of days earlier when I knew the machine was clean. Whoopy dooo, the restore went beautifully and when the LAN light came on it was perfectly normal. All of which leaves me pondering the merit of turning off System Restore before cleaning out a Virus, because it just could be the restore files haven’t been infected, or a new Restore Point made and you may be destroying your last chance, as in this case. Anyway, that’s about it on this one, thank you all for your input. :thanks |
B.M. (505) | ||
| 1 2 3 | |||||