Jump to content


Photo

Norton 2004 found the following


  • Please log in to reply
6 replies to this topic

#1 BuzWeaver

BuzWeaver

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 28 June 2004 - 04:05 PM

After 3 days of messing around with Ad-Aware, SpyBot and a whole bunch of free online scanning sites I decided to update my Nortons from 2003 to 2004. I ran Norton and it found 17 Threats, I hit delete as it suggested. Rebooted and ran it again, these are the five files that it keeps finding (perhaps it can't fix):


Lycos ss.exe
PreInsTT.exe
Sysdll.reg
Twaintec.dll

Any suggestions?

#2 Kalypso2007

Kalypso2007

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 28 June 2004 - 04:15 PM

I had the twaintec trojan too...

Run Hijack this and post the log here...or go to http://hometown.aol....al/tutorial.htm

And read that to find out what you need to delete rather than posting the log here...
user posted image
My Nephew :-D

"It seems like I can finally rest my head on something real, I like the way that feels..."

#3 BuzWeaver

BuzWeaver

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 28 June 2004 - 05:00 PM

It would appear that Norton has quarantined the files, however Iím not comfortable deleting anything without knowing which is safe, even after reading the link information, which I do appreciate. Here is the log from Hijack:


Logfile of HijackThis v1.97.7
Scan saved at 5:54:20 PM, on 6/28/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Documents and Settings\Buzz\My Documents\Patches\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://smart-finder.biz/1524/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://smart-finder.biz/1524/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://smart-finder.biz/1524/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smart-finder.biz/1524/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://smart-finder.biz/1524/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://smart-finder.biz/1524/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://smart-finder.biz/1524/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://smart-finder.biz/1524/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://smart-finder.biz/1524/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://home.bellsouth.net/
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://smart-finder.biz/1524/
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://smart-finder.biz/1524/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [clusapi] C:\WINDOWS\System32\clusapi.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://help.bellsout...oad/tgctlcm.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gatew...r/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.ma...director/sw.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181...s/ccpm_0237.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...talls/yinst.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.micros...ontent/opuc.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.micros...ontent/opuc.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7884.6255555556
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.st.../soesysinfo.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://viewers.multi...MINIBrowser.CAB
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab

#4 BuzWeaver

BuzWeaver

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 28 June 2004 - 08:33 PM

Any help would be appreciated.

#5 Kalypso2007

Kalypso2007

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 29 June 2004 - 12:11 AM

Delete these...

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://smart-finder.biz/1524/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://smart-finder.biz/1524/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://smart-finder.biz/1524/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smart-finder.biz/1524/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://smart-finder.biz/1524/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://smart-finder.biz/1524/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://smart-finder.biz/1524/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://smart-finder.biz/1524/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://smart-finder.biz/1524/
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://smart-finder.biz/1524/
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://smart-finder.biz/1524/

I'm guessing you have aol and I'm not very familiar with aol, so I'm not sure what else is bad.

Well I hope that helps

Edited by Kalypso2007, 29 June 2004 - 01:16 AM.

user posted image
My Nephew :-D

"It seems like I can finally rest my head on something real, I like the way that feels..."

#6 BuzWeaver

BuzWeaver

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 29 June 2004 - 02:12 PM

Thank you very much, I can already tell a difference.I appreciate you taking the time to help me out I've been messing with this for the last 4 days, LOL. :bounce:

#7 Mdrk9

Mdrk9

    Member

  • New Member
  • Pip
  • 1 posts

Posted 26 July 2004 - 12:53 AM

I was reading through this, and I have the Lycos.ss.exe virus, which I've read will not let you get into any antivirus website. I have read through this post, and can not figure out how to do all this...is there any way you could walk me through it on MSN, or something like that?


Thanks,

Edited by Mdrk9, 26 July 2004 - 12:54 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button