Jump to content


Photo

iroffer-help!


  • Please log in to reply
3 replies to this topic

#1 tabuk

tabuk

    Member

  • New Member
  • Pip
  • 2 posts

Posted 03 July 2004 - 03:21 AM

today i rebooted my modem and when windows loaded i saw a program. now im not fluent in computer lingo so humor me, it was a black window and had a bunch of info in it that looked useless enough but I took note of the name IROFFER.EXE
and did a bit of research on the "program" because i hate the idea of somthing being put on my property without my consent... anywho i found out from some site that it could possibly be a trojan that allows some ass to controle my computer. even if it isnt i would like to rid myself of it because it uses up my bandwidth. you know when you techies go into windows cmd for whatever reason, well it looks like that. the same look, type and window so ill get to my point how do i completely rid myself of this kind of hellian.


windows xp
pentium 4 2.4 ghz
256 mb ram
Nvidia Geforce fx 5200

#2 Racktracker

Racktracker

    Hunter of Malware

  • Retired Staff
  • PipPipPipPipPip
  • 1,306 posts

Posted 03 July 2004 - 03:49 PM

Download hijackthis and post your log for us to have a look at.

http://tomcoyote.com/hjt/
Posted Image

#3 tabuk

tabuk

    Member

  • New Member
  • Pip
  • 2 posts

Posted 05 July 2004 - 03:57 PM

heres the log plus i went to the mcaffee site, or however you spell it, and it found this
C:\Documents and Settings\...\Aiaigdcp.exe BackDoor-AXJ.gen
C:\Documents and Settings\...\Temp\efohbkgm.htm BackDoor-AXJ.htm
C:\Documents and Settings\...\Temp\fjfdnheh.htm BackDoor-AXJ.htm
C:\Documents and Settings\...\polall1t.exe Downloader-KL
C:\Documents and Settings\...\twaintec.cab Downloader-KL
C:\Documents and Settings\...\kk[1].gif BackDoor-AXJ.gen
it froze about 8000 files into it so im sure thers much more, another forum told me to locate and delete the files but theyre hidden or somthing because, for instance, a couple are loacated in a folder called "temp" but its empty. anyways heres the hijack this log.
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svsipconfig.exe
C:\WINDOWS\System32\video_32D.exe
C:\WINDOWS\System32\msgn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\msmesg32.exe
C:\Documents and Settings\chad berryhill\Desktop\misc\HijackThis.exe

O4 - HKLM\..\Run: [Microsoft Update] msgn.exe
O4 - HKLM\..\Run: [Microsoft Message Machine] msmesg32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Update Clinic] svsipconfig.exe
O4 - HKLM\..\Run: [NVIDIA Video drivers] video_32D.exe
O4 - HKLM\..\RunServices: [Microsoft Update] msgn.exe
O4 - HKLM\..\RunServices: [Microsoft Message Machine] msmesg32.exe
O4 - HKLM\..\RunServices: [Microsoft Update Clinic] svsipconfig.exe
O4 - HKLM\..\RunServices: [NVIDIA Video drivers] video_32D.exe
O4 - HKCU\..\Run: [Microsoft Update] msgn.exe
O4 - HKCU\..\Run: [Microsoft Message Machine] msmesg32.exe
O4 - HKCU\..\Run: [NVIDIA Video drivers] video_32D.exe
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...372/mcfscan.cab

by the way i think i should tell you that more often than not when i delete a malicious object using hijack this it just comes back.

windows xp
pentium 4 2.4 ghz
256mb ram
nvidia geforce fx 5200

#4 Racktracker

Racktracker

    Hunter of Malware

  • Retired Staff
  • PipPipPipPipPip
  • 1,306 posts

Posted 05 July 2004 - 05:23 PM

Download and install the free version of AVG antivirus.

http://www.grisoft.c...s_dwnl_free.php

Run a scan and have it remove everything it finds.
Then reboot and run another hijackthis scan and post your new log here.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button