| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 92657 | 2008-08-17 22:50:00 | Trojan Spyware. Help | CooLAiR (14094) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 698180 | 2008-08-17 22:50:00 | Hello Folks. Couple of weeks ago i downloaded a file from a random site. After a few minutes i started to get strange warnings that ur computer is infected by trojan spyware and it might be tracking ur keystrokes , browsing history etc etc and it started taking me to strange sites automatically. i took it to a techy and he tried to fix it without re installing windows. and it seemed just fine after that. strange things stopped happening. it was going just well but couple of days ago new screen thing popped up and said would u like ur current view to be viewed on the new screen or u want a new screen to be shown. but i had not connected any new screenn. that was strange . i let it go as a small bug. but 2day my antivirus got me a warning that trojan.sys32 (don't remeber the exact file name) has been found on ur computer, when i pressed to disinfect it the antivirus showed that the file has renamed itself and cann't be disinfected:confused: . Now i have finaally decided that i would re install windows . but i have few questions ( i m a noob on this tech stuff so please dont laf) Does reinstalling windows removes any possibilties of that trojan stuff is still in your system? If i reinstall my windows is their a chance that the same spyware can get in if i m still using the same internet connection and same ip. And is their a chance that someone had viewed ur files in your computer ? and one more thing is their any trojan spyware that it can turn on ur computer camera and record video and audio without letting me know?:confused: please leave replies. really appreciated. |
CooLAiR (14094) | ||
| 698181 | 2008-08-17 22:53:00 | Post a hijackthis log, its in my sig below Get Malwarebytes, its in my sig as well, install this, update it then click on scan Get trojan remover in my sig as well . Install then update it then click on scan, then select all options under utilities . If you cant get to the site, heres the direct link to it ( . simplysup1 . com/download/dl/trsetup . exe" target="_blank">www . simplysup1 . com) Might pay to get tropjan remover first, then reboot, then get malwarebytes, then post a hijackthis log |
Speedy Gonzales (78) | ||
| 698182 | 2008-08-17 23:09:00 | ok i will do that. but could u answer the questions at the end...theyy r bugging me. | CooLAiR (14094) | ||
| 698183 | 2008-08-17 23:15:00 | It depends on which trojan / there's a lot of them, and they do different things It may record pin numbers / passwords, so whatever you do, if you do online banking, DON'T go to any bank sites and log into them. Until we remove whatever you've got |
Speedy Gonzales (78) | ||
| 698184 | 2008-08-18 00:10:00 | Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:31:58 PM, on 17/08/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16711) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\TOSHIBA\Utilities\KeNotify.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\ltmoh\ltmoh.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\HP\HP LaserJet M1319 MFP Series\ReceiveFaxUtility.exe C:\Program Files\Shaw Secure\Common\FSM32.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe C:\Program Files\TOSHIBA\reminder\reminder.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\system32\conime.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.india-forums.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\" O4 - HKLM\..\Run: [ReceiveUtility] C:\Program Files\HP\HP LaserJet M1319 MFP Series\ReceiveFaxUtility.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE O4 - HKCU\..\Run: [reminder] C:\Program Files\TOSHIBA\reminder\reminder.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Registry Helper] "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Applications\wcs.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - www.aajtak.com O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - ak.exe.imgfarm.com O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - dl.tvunetworks.com O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - download.divx.com O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - www.idesitv.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\516\G2AWinLogon.dll (file missing) O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\516\g2aservice.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 11488 bytes |
CooLAiR (14094) | ||
| 698185 | 2008-08-18 00:12:00 | i have posted the log from hijack this | CooLAiR (14094) | ||
| 698186 | 2008-08-18 00:24:00 | OK disable system restore (I dont know where it is in Vista) Tick these entries then tick fix checked Close browsers R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [reminder] C:\Program Files\TOSHIBA\reminder\reminder.exe Uninstall this O4 - HKCU\..\Run: [Registry Helper] "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot This is the main prob O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Applications\wcs.exe O13 - Gopher Prefix: O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - ak.exe.imgfarm.com Uninstall Symantec Antivirus if its still installed. If F-secure is a virus scanner as well Then reboot. Then uninstall all versions of Java, yours is out of date. Link is in my sig. Did you get trojan remover and malwarebytes?? If you havent yet, download install and update both. Then click on scan. Then select all options under the utilities menu in trojan remover. |
Speedy Gonzales (78) | ||
| 698187 | 2008-08-18 01:01:00 | how do u uninstall the things u listed in bold letters? | CooLAiR (14094) | ||
| 698188 | 2008-08-18 01:10:00 | Go to add/remove programs . I dont know where it is . Or get ccleaner (www . ccleaner . com) install it without the toolbar . Then go to tools/uninstall find the entries and click on run uninstaller |
Speedy Gonzales (78) | ||
| 698189 | 2008-08-18 01:12:00 | i can't find em in ad or remove programs | CooLAiR (14094) | ||
| 1 2 3 | |||||