Hi,
I had the latest vulgar hijack from CWS and now I seem to have control of my pc. I booted in safe mode and ran Adaware then it seemed to be ok but norton firewall keeps alerting me that cral.exe is trying to access the internet and it is 'high risk' can anyone tell me what it is?
Here is my log file.
Logfile of HijackThis v1.97.7
Scan saved at 12:29:51 PM, on 6/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\cral.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Yale Knudson\Local Settings\Temp\Temporary Directory 7 for hijackthis1977.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [cral.exe] C:\WINDOWS\system32\cral.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8167.2487847222
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCEF124F-5FD5-4337-B073-0A505D31016B}: NameServer = 192.189.54.37 192.189.54.26
thank you in advance
cral.exe
Started by
Guest_gumby1_*
, Jun 29 2004 08:30 PM
1 reply to this topic
#2
cnm
-
- Retired Staff
-
- 25,317 posts
Mother Lion of SWI
Posted 30 June 2004 - 10:56 AM
I guess you missed the big red letters up there?
DO NOT POST LOG FILES OR ASK FOR COMPUTER / SPYWARE HELP IN THIS FORUM!
You should register, then post in the Malware Removal forum.
DO NOT POST LOG FILES OR ASK FOR COMPUTER / SPYWARE HELP IN THIS FORUM!
You should register, then post in the Malware Removal forum.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE
