| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 61200 | 2005-08-28 04:03:00 | Possible Trojan Hijack help please | truffle_pig (8798) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 384234 | 2005-08-28 04:03:00 | Last night while I was surfing I found that when right I clicked on links, they wouldn't open in a new tab (I'm using Firefox). That means I can't save pictures as well. Then for some reason I went to My Computer to see how much space I have left, and when I clicked on that my right click worked. But then about 15 minutes later, it was doing the same thing. This morning when I turn on my computer, I can't click on anything on my desktop at all until I do Ctrl+Alt+Delete and turn my MSN messenger off. But my right click won't work on my desktop and when I left click, it does what right click usually does and brings up the menu thing. I tried running MS AntiSpyware and that came up with two things, but since I did a system restore right afterwards, I can't remember what it was. The system restore didn't help at all. Then I ran Spybot and all that came up with was a couple of Download Accelerator related things. I deleted them anyway, but nothing still. Lastly I tried this (www.majorgeeks.com) trojan remover, and it came up with two things as well. I removed them and it's still exactly the same thing happening. I did a Hijack This log and I was hoping someone could tell me what's wrong please: Logfile of HijackThis v1.99.1 Scan saved at 2:57:29 p.m., on 28/08/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\DSE\ADSL\CnxDslTb.exe C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\RioSoft\RioDVD\DMon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Internet Explorer\iexplore.exe c:\progra~1\intern~1\iexplore.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Sarkney Nat.NATALIE\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = qakmzdnsowlsz.biz R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.ffimmzlqbiuatvbbidim.us O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: AdShield.AdShield - {7559B76E-0222-4d77-9499-CCE9EB4EDC2F} - C:\PROGRA~1\AdShield\AdShield\AdShield.dll O2 - BHO: (no name) - {9AC52F0B-677F-6C0B-D6B7-2FF2C6349F5D} - C:\PROGRA~1\OWNSME~1\Name Byte.exe (file missing) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {C106DAAD-FAA1-6853-808E-341402E10791} - C:\DOCUME~1\SARKNE~1.NAT\APPLIC~1\OWNSME~1\Name Byte.exe O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\DSE\ADSL\CnxDslTb.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [1 Does Size 32] C:\Documents and Settings\All Users\Application Data\2 MAIL 1 DOES\online 2.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [City poll intra live] C:\Documents and Settings\All Users\Application Data\Amok dash city poll\enc hold.exe O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ONEDRIVE] C:\DOCUME~1\SARKNE~1.NAT\APPLIC~1\Thebin\Spamcoal. exe O4 - HKCU\..\Run: [DiscMonitor] C:\Program Files\RioSoft\RioDVD\DMon.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: &Maintain Block List... - C:\PROGRA~1\AdShield\AdShield\maintain.htm O8 - Extra context menu item: Add to &Block List... - C:\PROGRA~1\AdShield\AdShield\suppress.htm O8 - Extra context menu item: Add to &Exclude List... - C:\PROGRA~1\AdShield\AdShield\restrict.htm O8 - Extra context menu item: AdShield Option &Settings... - C:\PROGRA~1\AdShield\AdShield\settings.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: AdShield - {4FB6C25E-7B37-4c93-B592-16ECD8D18361} - C:\PROGRA~1\AdShield\AdShield\AdShield.dll (HKCU) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - pdl.stream.aol.com O17 - HKLM\System\CCS\Services\Tcpip\..\{17877061-6D8A-46B2-8DDC-545BAFB20347}: NameServer = 203.109.252.42 203.109.252.43 O17 - HKLM\System\CS1\Services\Tcpip\..\{17877061-6D8A-46B2-8DDC-545BAFB20347}: NameServer = 203.109.252.42 203.109.252.43 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe |
truffle_pig (8798) | ||
| 384235 | 2005-08-28 04:26:00 | Tick these and tick fix checked. Close the browsers. Reboot O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) I would install/update Java, if u use it. Instead of MS Java. O2 - BHO: (no name) - {9AC52F0B-677F-6C0B-D6B7-2FF2C6349F5D} - C:\PROGRA~1\OWNSME~1\Name Byte.exe (file missing) O2 - BHO: (no name) - {C106DAAD-FAA1-6853-808E-341402E10791} - C:\DOCUME~1\SARKNE~1.NAT\APPLIC~1\OWNSME~1\Name Byte.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime Not nasty but not needed O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe Not nasty but not needed in startup O4 - HKCU\..\Run: [ONEDRIVE] C:\DOCUME~1\SARKNE~1.NAT\APPLIC~1\Thebin\Spamcoal. exe Dont know what this is - leave this here for now. See if u still have probs. O4 - HKLM\..\Run: [City poll intra live] C:\Documents and Settings\All Users\Application Data\Amok dash city poll\enc hold.exe Dont know what this is - leave this here for now. See if u still have probs. 04 - Global Startup: Digital Line Detect.lnk = ? Have u updated and run trojan remover?? To see if it picks up anything? What did trojan remover detect? What was the name of the file Trojan remover picked up? |
Speedy Gonzales (78) | ||
| 384236 | 2005-08-28 05:15:00 | I ticked all the ones you said to and fixed them but nothing changed. The trojan remover I used was last updated on 31/7/05 (I just downloaded it today so that must be the latest version there is) and I just looked in the logfile and it says: The scrfile\shell\command Registry Key appears to have been modified. The current Registry is: "%1" \S "%3". Trojan Remover has restored the Registry scrfile\shell\open\command key. I just looked at what MS Anti Spyware picked up and this is the scan results: Spyware Scan Details Start Date: 28/08/2005 1:31:17 p.m. End Date: 28/08/2005 1:40:43 p.m. Total Time: 9 mins 26 secs Detected Threats OmegaSearch Browser Modifier more information... Details: OmegaSearch may install 2 dozen files and settings onto your computer without your content. OmegaSearch is a variant of LOP. Status: Removed Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed. Infected files detected c:\Documents and Settings\Sarkney Nat.NATALIE\Application Data\owns media curb\name byte.exe Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{C106DAAD-FAA1-6853-808E-341402E10791} IST.ISTbar Browser Modifier more information... Details: ISTbar is an Internet Explorer redirector that modifies your homepage and searches without your consent using an Internet Explorer toolbar. Status: Removed Severe threat - Severe-risk items have an extreme potential for harm, such as a security exploit, and should be removed. Infected registry keys/values detected HKEY_CURRENT_USER\software\ist HKEY_CURRENT_USER\software\ist exe_start 3 I also deleted those last two ones you said to if I was still having problems, but it didn't help. |
truffle_pig (8798) | ||
| 384237 | 2005-08-28 05:27:00 | The system restore didn't help as you probably restored any problems You need to turn system restore off and delete all old restore points then turn it back on after cleaning and create a new system restore point Look up the FAQ's for comprehensive advice on how to clean your system Also read through some recent posts for advice |
bartsdadhomer (80) | ||
| 384238 | 2005-08-28 05:43:00 | Trojan remover is now version 6.42 and database 6384 as of yesterday, so update trojan remover by using the update button and tick, check for new updates. Run trojan remover again do a scan as well and under the utils menu select the 3rd to 7th option. | Speedy Gonzales (78) | ||
| 384239 | 2005-08-28 06:20:00 | It is entirely possible that your mouse or mouse driver is faultly. Have you tried a different mouse? You could also try uninstalling the mouse via Control Panel > System > Hardware Manager and then rebooting to let the machine re-detect and install a new default driver. | Jen (38) | ||
| 384240 | 2005-08-28 11:07:00 | It is entirely possible that your mouse or mouse driver is faultly. Have you tried a different mouse? You could also try uninstalling the mouse via Control Panel > System > Hardware Manager and then rebooting to let the machine re-detect and install a new default driver. I suppose it could be my mouse. I do have another one but I can't install it since I bought it for my old computer and couldn't install it on my new one since you have to have a disc drive, which I don't on my new one. I tried uninstalling the mouse the way you said, but when it restarted the mouse still worked and I still have the same problem. Trojan remover is now version 6.42 and database 6384 as of yesterday, so update trojan remover by using the update button and tick, check for new updates. Run trojan remover again do a scan as well and under the utils menu select the 3rd to 7th option. I did the update and all the other things you said but it didn't find anything new. The system restore didn't help as you probably restored any problems You need to turn system restore off and delete all old restore points then turn it back on after cleaning and create a new system restore point Look up the FAQ's for comprehensive advice on how to clean your system Also read through some recent posts for advice I'll have a try at that tomorrow since it's getting a bit late now. I did have a look through old posts (which is where I got the Trojan Remover from) but it's hard to look for topics since I'm not quite sure what's wrong. Thanks for everyones suggestions and help. |
truffle_pig (8798) | ||
| 1 | |||||