• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
adw

WIN32/WINSHOW.N. trojan virus

4 posts in this topic

I am gettting a message that reads "WIN32/WINSHOW.N.trojan worm detected in C:\WINDOWS\LSCPZU.DAT.

File Stutus: Deleted because of trojan worm.

I have run spybot and noadware, but neither has corrected the problem. How do I eradicate this menace?

 

Thanks in advance!

adw

Edited by adw

Share this post


Link to post
Share on other sites

We need a closer look at what's happening.

Please download Hijack this

Copy it into its own folder, doubleclick HijackThis.exe, and hit "Scan".

 

When the scan is finished, the "Scan" button will change into a "Save Log" button.

Press that, save the log, do Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.

Share this post


Link to post
Share on other sites

I am sorry, but I have jumped ahead of you. I followed instructions found on this website to custom scan with adaware, and it removed some of the problem. However, my web browser is still screwed up. For instance, I couldn't get to this sight via my normal MSN browser. I had to log into my home aol account and go through its search/browser to get in. I am unable to go to other web sites that I frequently visit. Following is my hjt log:

 

Logfile of HijackThis v1.98.0

Scan saved at 1:18:32 PM, on 7/7/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Cpqdiag\Cpqdfwag.exe

C:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe

C:\Program Files\CA\eTrust\InoculateIT\InoRT.exe

C:\Program Files\CA\eTrust\InoculateIT\InoTask.exe

C:\WINDOWS\LogWatNT.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe

C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe

C:\Program Files\CA\eTrust\InoculateIT\realmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Microsoft Office\Office\OSA.EXE

C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE

C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE

C:\Compaq\EAKDRV\EAUSBKBD.EXE

C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\HijackThis\HijackThis.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe

O4 - HKLM\..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe

O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrust\InoculateIT\realmon.exe"

O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

O17 - HKLM\System\CCS\Services\Tcpip\..\{C01A438E-37D9-4197-9875-6EE3184AF18D}: NameServer = 209.131.216.201,209.131.216.202

 

I think my log file is clean now, but tell me what you see.

I'm sure I made some critical error.

 

Thanks,

adw

Share this post


Link to post
Share on other sites

Nothing bad in your log, but there should be entries before the O4s. Have you deleted anything using Hijack this?

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0