Jump to content


Photo

AVG Found Trojan


  • Please log in to reply
3 replies to this topic

#1 SuperGirl

SuperGirl

    Member

  • New Member
  • Pip
  • 2 posts

Posted 03 July 2004 - 07:58 AM

Hi,
My AVG Free Version found a Trojan Horse. I moved it to the virus vault as AVG suggested but I do not know what to do next. Any help will be greatly appreciated. My Hijack This! log is posted below:

Logfile of HijackThis v1.97.7
Scan saved at 9:49:48 AM, on 03/07/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
D:\PROGRAMS\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
D:\PROGRAMS\AVGCC32.EXE
D:\PROGRAMS\ZONEALARM\ZLCLIENT.EXE
D:\PROGRAMS\FREE SURFER\FS20.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
D:\PROGRAMS\HIJACKTHIS.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
F1 - win.ini: run=hpfsched
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG_CC] D:\PROGRAMS\avgcc32.exe /startup
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Programs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [freesurfer] D:\PROGRAMS\FREE SURFER\fs20.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] D:\PROGRAMS\Avgserv9.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - Startup: Microsoft Office.lnk = D:\Programs\MS Office\Office\OSA9.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Free Surfer (HKLM)
O9 - Extra 'Tools' menuitem: Free Surfer (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8158.3681712963
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab

Thanks in advance!

#2 nellie2

nellie2

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 651 posts

Posted 03 July 2004 - 04:39 PM

Hi SuperGirl,

The best thing to do would be to delete it! See the AVG help files for information on deleting stuff you have moved to the virus vault.

Your log looks fine by the way! :)

#3 SuperGirl

SuperGirl

    Member

  • New Member
  • Pip
  • 2 posts

Posted 04 July 2004 - 08:24 AM

Thanks very much...I really did not know what I should do or if I had any other nasties living in my computer.

#4 nellie2

nellie2

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 651 posts

Posted 04 July 2004 - 03:08 PM

You're welcome, as I said there are no nasties visible in your hijack log, but you could always do an online virus scan here for peace of mind if you wish! ;)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button