Jump to content


Photo

Possible c.bat, bat.trojan


  • Please log in to reply
1 reply to this topic

#1 louisa1212

louisa1212

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 03 July 2004 - 03:58 PM

Norton keeps finding a c.bat bat.trojan. It quarantined one and although it found others, couldn't do anything with them.

I have run Spybot S&D, adaware, trojanhunter, Aluria. Didn't find much... Aluria found a teenguru.com and xxxtoolbar.com and nothing else was found. How can a delete these programs without buying Aluria?

I tried to download spyblaster... but somehow it couldn't load properly. If you have any suggestions how to get spyblaster, or if one of the above programs is blocking it, let me know.

Here is my hijack this! log:

Logfile of HijackThis v1.97.7
Scan saved at 1:54:23 PM, on 7/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\S3tray2.exe
C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\HPONE-~1\OneTouch.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\HPConfig.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\TrojanHunter 3.9\TrojanHunter.exe
C:\Program Files\Aluria Software\ASE\ASE.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://calmail.berkeley.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.att.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe /s
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"
O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab


Thank you so much!

#2 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 31 August 2004 - 11:23 AM

Due to the time passed and the fact that you are running an older version ...
  • HijackThis ...
    • Double click on "My Computer" to open it.
    • Double click on the local "C-Drive" to open it.
    • Click on "File" => "New Folder" and name it HJT. i.e. The folder will be C:\HJT.
    • Please download HijackThis from any of the following locations:
    • spywareinfo.com
    • subratam.org
    • tools.zerosrealm.com
  • Install/Unzip it into C:\HJT.
  • Only run HijackThis from C:\HJT\HijackThis.exe. That way we can ensure that we have the backup files available in the event that they are needed.
  • Run HijackThis, click on scan and wait for the scan to finish.
  • The "Scan" button will change to "Save Log", click on it and simply press "Save" on the window that will appear.
  • Notepad will open with a copy of the log.
    • Click on "Edit" => "Select All".
    • Click on "Edit" => "Copy". This will copy the contents of the Notepad instance to the clipboard.
  • Please post your entire log here for analysis.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button