| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 81795 | 2007-08-07 13:43:00 | Trojans and COMODO BOClean | meg_h_nz (6960) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 577839 | 2007-08-08 05:55:00 | This time I hope I got it right:blush: I havent removed anything yet as I wanted to double check. In the first email you have "Safe" in bold before these three lines: O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" Are these the ones I should tick? Thats it those 3 entries above, should be ticked (after u run HJT again), and then u click on fix checked. By safe I mean theyre not nasty or anything. I forgot to do that last time, and Jen told me off :p So, now I put safe or nasty, when I reply to ppl who post HJT logs. And yup you did it right this time. Notice where HJT is now. C:\Hijackthis\HiJackThis.exe |
Speedy Gonzales (78) | ||
| 577840 | 2007-08-08 05:57:00 | Did u pay for CA?? Nod32 would most probably be better for a paid AV, or AVG free or Avast Home, (which are free, but dont have as many options in them, as the paid for versions), or Pro (If you want to pay for Pro). Oops and dont forget to install the latest version of Java. Yes, I did pay for CA. It was InoculateIT and then EZ Antivirus (both free)and then became CA. If I have to pay for Anti-virus protection I want it to work! I had only downloaded Java to run a World time clock so if I no longer need the clock do I need to download Java? |
meg_h_nz (6960) | ||
| 577841 | 2007-08-08 06:09:00 | I had only downloaded Java to run a World time clock so if I no longer need the clock do I need to download Java? It's up to you. Java is required for a number of websites to work properly but it's not entirely necessary. This machine has been running without Java for a few years and nobody missed it -- until now when a webpage I wanted to view wouldn't work so Java finally got installed. :p |
FoxyMX (5) | ||
| 577842 | 2007-08-08 06:09:00 | Latest Log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:21:08 p.m., on 8/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Comodo\CBOClean\BOCORE.exe C:\WINDOWS\system32\Brmfrmps.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe C:\Program Files\Powerware\LanSafe\Bin\PowerMonitor.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe C:\Program Files\Powerware\LanSafe\bin\xyntservice.exe C:\Program Files\Powerware\LanSafe\bin\httpserver.exe C:\Program Files\Powerware\LanSafe\bin\status_glance.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\PROGRA~1\Comodo\CBOClean\BOC424.exe C:\Program Files\PaperQuote\PQ.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\caavGUIScan.exe C:\Program Files\Logitech\Video\AlbumDB2.exe C:\Hijackthis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stuff.co.nz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local;localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [BOC-424] C:\PROGRA~1\Comodo\CBOClean\BOC424.exe O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PaperQuote '01] C:\Program Files\PaperQuote\PQ.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - drmlicense.one.microsoft.com O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LanSafe Power Monitor (LanSafe PM) - Eaton Corporation - C:\Program Files\Powerware\LanSafe\Bin\PowerMonitor.exe O23 - Service: LanSafe Process Manager - Powerware - C:\Program Files\Powerware\LanSafe\bin\xyntservice.exe O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 7640 bytes I still have 4 "Infections" showing when I do a scan with CA. None of them have been quarantined and I cant seem to work out what I should do? Three are Java/ByteVerify!Exploit and one Java/Shinwow.BG Should I remove these manually??? |
meg_h_nz (6960) | ||
| 577843 | 2007-08-08 06:19:00 | I still have 4 "Infections" showing when I do a scan with CA. None of them have been quarantined and I cant seem to work out what I should do? Three are Java/ByteVerify!Exploit and one Java/Shinwow.BG Should I remove these manually??? Use cleaner (http://www.ccleaner.com) Run it and click on run cleaner. So it deletes whats in IE's cache. Thats better log looks fine to me Those files arent actually real trojans, theyre just like exploits for Java. Clearing the cache for whatever browser usually fixes them. And installing the latest version of Java/Sun Java. |
Speedy Gonzales (78) | ||
| 577844 | 2007-08-08 06:25:00 | Use cleaner (http://www.ccleaner.com) Run it and click on run cleaner. So it deletes whats in IE's cache. Thats better log looks fine to me Those files arent actually real trojans, theyre just like exploits for Java. Clearing the cache for whatever browser usually fixes them. And installing the latest version of Java/Sun Java. Do I leave all the boxes ticked on CCleaner? |
meg_h_nz (6960) | ||
| 577845 | 2007-08-08 06:27:00 | Do I leave all the boxes ticked on CCleaner? If theyre the default settings yup. |
Speedy Gonzales (78) | ||
| 577846 | 2007-08-08 07:18:00 | THANK YOU Speedy G. You totally rock! I am very grateful for your time and expertise. Just by the way my new PSU , RAM and Graphics Card have all arrived and I am waiting for some spare time to install them....... you may want to avoid PF1 on Friday and Saturday........;) Have an awesome week Meg |
meg_h_nz (6960) | ||
| 577847 | 2007-08-08 08:37:00 | No worries HTH :) Have an awesome week too ! |
Speedy Gonzales (78) | ||
| 1 2 | |||||