• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
gramercypark

Removing Trojans

2 posts in this topic

Help!

 

After running Trend Micro, it appears as if I have 2 viruses on my computer. The system said that the two viruses were still running, and as a result, it wouldn't allow me to delete them from my hard drive.

 

The viruses are as follows:

 

TROJ SMALL.HR

C:\\WINNT\system32\crt32_vt.dll

 

TROJ BUDDYLINK.A

C\Documents & Settings\userid\Application Data\anse.exe

 

My Hijack This log is as follows:

 

Logfile of HijackThis v1.97.7

Scan saved at 12:10:56 AM, on 6/27/2004

Platform: Windows 2000 SP3 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\System32\ibmpmsvc.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\Program Files\WebDrive\wdservice.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\Program Files\Common files\WinTools\WToolsS.exe

C:\WINNT\System32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\tp4mon.exe

C:\WINNT\system32\Promon.exe

C:\WINNT\system32\NWTRAY.EXE

C:\PROGRA~1\ThinkPad\UTILIT~1\tphkmgr.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Common files\WinTools\WToolsA.exe

C:\Program Files\VVSN\VVSN.exe

C:\WINNT\wt\updater\wcmdmgr.exe

C:\PROGRA~1\NETSCAPE\COMMUN~1\PROGRAM\AIM\aim.exe

C:\Documents and Settings\userid\Application Data\anse.exe

C:\Program Files\Common files\WinTools\WSup.exe

C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe

C:\Palm\hotsync.exe

C:\WINNT\system32\wuauclt.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINNT\System32\NDrv.exe

C:\Program Files\Save\Save.exe

C:\Program Files\ClockSync\Sync.exe

C:\Program Files\WhenUSearch\Search.exe

C:\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50038

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.filmbuzzmarketing.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50038

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50038

R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll

O2 - BHO: Curl - {A78CC2FF-6E4E-4556-B27C-D7C3A70D7A50} - C:\WINNT\system32\NDrv.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll

O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [Promon.exe] Promon.exe

O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE

O4 - HKLM\..\Run: [soundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd

O4 - HKLM\..\Run: [TpHotkey] C:\PROGRA~1\ThinkPad\UTILIT~1\tphkmgr.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe

O4 - HKLM\..\Run: [wcmdmgr] C:\WINNT\wt\updater\wcmdmgrl.exe -launch

O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe

O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"

O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\WhenUSearch\Search.exe"

O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\NETSCAPE\COMMUN~1\PROGRAM\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [Thou] C:\Documents and Settings\userid\Application Data\anse.exe

O4 - HKCU\..\Run: [NDrv] C:\WINNT\system32\NDrv.exe

O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q

O4 - Startup: America Online 5.0 Tray Icon.lnk = C:\America Online 5.0\aoltray.exe

O4 - Startup: HotSync Manager.LNK = C:\Palm\hotsync.exe

O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE

O4 - Global Startup: Instant Wireless Configuration Utility.lnk = C:\Program Files\Linksys\WPC11 Config Utility\WPC11Cfg.exe

O9 - Extra button: Microsoft® JavaScript® Console (HKLM)

O9 - Extra 'Tools' menuitem: JavaScript Console (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Microsoft® JavaScript® Console (HKCU)

O9 - Extra 'Tools' menuitem: JavaScript Console (HKCU)

O9 - Extra button: WeatherBug (HKCU)

O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi32.dll

O12 - Plugin for .ica: C:\Program Files\Internet Explorer\PLUGINS\npican.dll

O15 - Trusted Zone: http://www.ofoto.com

O15 - Trusted Zone: http://housecall.trendmicro.com

O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8129.7444675926

O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls.../20/SassCln.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

 

 

I look forward to hearing any advice you may be able to provide!

Share this post


Link to post
Share on other sites

Hi there.

 

Can you please got to your control panel, then to add/remove programs. Then choose the WinTools Easy Uninstaller (or something to that effect) and click the "change/remove" button. Be careful to read the boxes in this uninstall because they phrase the questions strangley.

 

After you have done that please post a new HijackThis log so we can finish.

Thanks

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0