• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Lucky Cat

Hijacked by Trojan, Bloodhound exploit, etc

6 posts in this topic

Hello I just got hijacked and I want to make sure if Iam okay. As soon as I got hijacked norton anti virus deleted a whole bunch of stuff expept one thing...exploit[1].htm, I tried searching for it but I couldnt find it, it was in my temp internet files folder so maybe when I deleted the history it deleted it also. Here is what NAV found:

 

Source: VerifierBug.class

Description: C:\DOCUME~1\Admin\LOCALS~1\Temp\jar_cache28637.tmp

Click for more information about this threat : Trojan.ByteVerify

 

Source: BlackBox.class

Description: C:\DOCUME~1\Admin\LOCALS~1\Temp\jar_cache28637.tmp

Click for more information about this threat : Trojan.ByteVerify

 

Source: Parser.class

Description: C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderms.jar-5fe019-3661f03a.zip

Click for more information about this threat : Trojan.ByteVerify

 

Source: C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-546aaf36-275a282d.zip

Click for more information about this threat : Trojan.ByteVerify

 

Source: C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\63QFQ1ER\exploit[1].htm

Click for more information about this threat : Trojan Horse

 

Source: C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\63QFQ1ER\exploit[1].htm

Click for more information about this threat : Trojan Horse

 

Source: C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\W71VQ2NH\1[1].htm

Click for more information about this threat : MHTMLRedir.Exploit

 

Source: C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\VZ53V1WK\ms[1].php

Click for more information about this threat : Bloodhound.Exploit.10

 

Threat.jpg

 

I did a full virus scan and found nothing. Also ran Spybot S&D and Ad Aware and it also found nothing. Heres my Hijackthis log:

 

Logfile of HijackThis v1.97.7

Scan saved at 6:27:16 AM, on 28/06/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\atiptaxx.exe

C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

C:\WINDOWS\System32\ctfmon.exe

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Iomega\AutoDisk\ADService.exe

C:\WINDOWS\System32\devldr32.exe

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\Program Files\Messenger\msmsgs.exe

C:\HijackThis\HijackThis.exe

 

F0 - syst>m.ini: Shell=

F0 - R >ystem.ini: Shel>=

F0 - R >ystem.ini: UserInit=

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

O4 - HKLM\..\Run: [iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: ATI TV (HKLM)

O9 - Extra button: AOL Instant Messenger (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8027.6773611111

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

 

I think Iam clean now but Iam not to sure now....is there anything out of the oridinary in my log file? Am I clean and okay? Thanks for your help.

Share this post


Link to post
Share on other sites

Your log is clean. WHen you ahve a log like that, it's helpful to post the filenames, if you have them,

 

At last, your system is clean and free of spyware! Want to keep it that way?

 

Here are some simple steps you can take to reduce the chance of infection in the future.

 

1. Visit Windows Update: <-- YOU NEED TO DO THIS!!

Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS.

a. Windows Update: http://v4.windowsupdate.microsoft.com/en/default.asp

 

1. Adjust your security settings for ActiveX:]

Go to Internet Options/Security/Internet, press 'default level', then OK.

Now press "Custom Level."

In the ActiveX section, set the first option, 'Download signed controls', to 'Prompt; set the

second option, 'Download unsigned controls', to 'Disable'; and finally, set 'Initialize and Script ActiveX controls not marked as safe" to 'Disable'.

 

2. Download and install the following free programs

a. SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html

b. SpywareGuard: http://www.wilderssecurity.net/spywareguard.html

c. IE/Spyad: https://netfiles.uiuc.edu/ehowes/www/resource.htm

 

1. Install Spyware Detection and Removal Programs:

You may also want to consider installing either or both of AdAware (free version) and Spybot S&D (freeware). Use these programs to regularly scan your system for and remove many forms of spyware/malware.

a. AdAware: http://www.lavasoft.de/

b. Spybot S&D: http://security.kolla.de/index.php?lang=en&page=download

 

 

For more information about Spyware, the tools available, and other informative material, including information on how you may have been infected in the first place, please check out this link: http://forum.gladiator-antivirus.com/index...?showtopic=9857

 

 

Good luck, and thanks for coming to our forums for help with your security and malware issues.

Share this post


Link to post
Share on other sites

When you have an AntiVirus program log, if you have names of the files that detected positive, it always helps to post them.

 

Glad your system is clean.....

Share this post


Link to post
Share on other sites

Glad we could help!

 

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0