| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 76290 | 2007-01-27 21:36:00 | generic downloader.f trojan removal? | littledevil (11823) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 519877 | 2007-01-28 12:00:00 | interesting... i have run HJT, ticked and fixed the checked items, all the ones you said. uninstalled java, and reinstalled the latest version and downloaded ccleaner. now when I reboot the computer, I don't seem to be getting any popups at all (on the computer in general, or while using IE) BUT the task manager still won't come up. when I right click on the clock it's greyed out, and if i press ctrl + alt + del it says "task manager has been disabled by your administrator". why is this? has it not been removed properly? any further advice would be much appreciated. seems like its 95% fixed though, so am much further ahead than where I was yesterday!! thanks again for your help! |
littledevil (11823) | ||
| 519878 | 2007-01-28 12:07:00 | No worries LD :) Post an updated HJT log LD. I'll check it again, later on today.... I'll see if u missed anything. Get trojan remover (dl.filekicker.com) in the meantime. From here (www.simplysup.com) Download, install and run. Click on scan. Anything it picks up let it remove it. Then go to the utils menu. Select the 3rd to 7th option. Then see if ctrl-alt del works. |
Speedy Gonzales (78) | ||
| 519879 | 2007-01-28 21:56:00 | updated HJT log file is below, i'm downloading trojan remover now so will see what results I get from that. something else I forgot to mention is there are a couple of .exe files in c:\ which I'm sure werent there before. they were last modified at 12:03, which is when I got the virus. they are called "3456346345643.exe" and "syst.exe". any idea what they would be? and another thing, why has mcafee not picked any of this up and fixed it?? isn't mcafee supposed to be one of the better virus scanners available? thanks. =============================================== Logfile of HijackThis v1.99.1 Scan saved at 10:45:26 a.m., on 29/01/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\System32\RUNDLL32.EXE c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\hijack this\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stuff.co.nz/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - download.mcafee.com O16 - DPF: {A2505C6C-6F17-456F-89D2-4301FBDC6EC7} (Iewiper Control) - www.express.apn.co.nz O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - download.mcafee.com O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: dopewars server (dopewars-server) - Unknown owner - C:\Games\Dopewars\dopewars.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe |
littledevil (11823) | ||
| 519880 | 2007-01-28 22:19:00 | YOU LEGEND!!!!!! all back to normal now,everything is working fine. those files which I mentioned before are still in C:\ though, are they anything to worry about? | littledevil (11823) | ||
| 519881 | 2007-01-28 22:24:00 | Run HJT again (close browser/s) tick these entries and ticked fix checked . These aren't nasty but they're not needed in startup . O4 - HKLM\ . . \Run: [NvMediaCenter] RUNDLL32 . EXE C:\WINDOWS\System32\NvMcTray . dll,NvTaskbarInit O4 - HKLM\ . . \Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1 . 6 . 0\bin\jusched . exe" 4 - HKLM\ . . \Run: [NvCplDaemon] RUNDLL32 . EXE C:\WINDOWS\System32\NvCpl . dll,NvStartup O4 - Global Startup: Microsoft Office . lnk = C:\Program Files\Microsoft Office\Office10\OSA . EXE O23 - Service: dopewars server (dopewars-server) - Unknown owner - C:\Games\Dopewars\dopewars . exe (file missing) Most AV programs should pick things up, but it may depend on whether the update / dat file / includes the info, to detect new viruses / trojans / whatever it is . I don't think any AV program is 100% . Even Symantec AV / programs aren't 100% . Most of the HJT logs in here, show this is installed, and they still get hit by something . Any files with strange names, are usually part of a trojan or worm . The same goes with strange names that u see in the task manager (when and if u manage to get into it) . |
Speedy Gonzales (78) | ||
| 519882 | 2007-01-28 22:28:00 | YOU LEGEND!!!!!! all back to normal now,everything is working fine. those files which I mentioned before are still in C:\ though, are they anything to worry about? Cool! thats a good sign. Ummm run my computer highlight c and right mouse / scan with trojan remover (close trojan remover if its still running). Let it do a scan and see if it picks up and notifies u of any strange exe files on C. Trojan remover must have reset something or picked something up / removed it when u used the utils menu or clicked on scan. |
Speedy Gonzales (78) | ||
| 519883 | 2007-01-28 22:36:00 | sweet, I will remove those extra files through HJT, and will scan C:\ with trojan remover. after the previous scan with TR i still couldn't access task manager, it was only after I ran through the options in the utilities menu that it worked. the only thing it picked up during the scan was that dopewars file... | littledevil (11823) | ||
| 519884 | 2007-01-28 23:36:00 | Next thing to install is a firewall, and SP2 if u want to install it. | Speedy Gonzales (78) | ||
| 519885 | 2007-01-29 01:26:00 | ive scanned c: with trojan remover, and also scanned those two individual files and nothing has come up as suspect... what is a decent firewall to get? are there good + free ones around? |
littledevil (11823) | ||
| 519886 | 2007-01-29 01:34:00 | Everything should be OK then, if everything is working properly. B The files u posted before, with strange names delete them anyone, they wont be Window files. (Or Google the name of the file/s you're seeing), if Google or Yahoo bring nothing up, delete them Try Comodo (www.personalfirewall.comodo.com) Its free, well Zonealarm is free, but u haveta register for some parts of it. Comodo is free for life. Once it installs, (u may haveta reboot) it may bring up a windows asking u to activate it. Just follow the link put a valid email in, they'll send u a code for it. Copy and paste it in, and its the full version. Are u on a network/LAN or is this PC by itself?? If you're on a network, after Comodo is installed you'll have to configure it so the network works properly, when you're on it. I would get SP2, since there won't be anymore updates for SP1. Have u got SP2 on CD? |
Speedy Gonzales (78) | ||
| 1 2 3 | |||||