Jump to content


Photo

HijactThis log


  • Please log in to reply
7 replies to this topic

#1 Mandie

Mandie

    Advanced Member

  • Full Member
  • PipPipPip
  • 162 posts

Posted 13 July 2004 - 04:09 PM

I have three trojan viruses that I can't delete. They are:
TROJ BLAZEFIND.A
TROJ IMISERV.C
TROJ IMISEV.C

I also have a another thing I can't get rid of, it's trojan horse downloader.agent.al

Here is my log file:

Logfile of HijackThis v1.97.7
Scan saved at 4:04:13 PM, on 7/13/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Soulseek\slsk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\My Downloads\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [opergecau] C:\WINDOWS\System32\gjbsdz.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKLM\..\RunOnce: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" "+b1"
O9 - Extra button: AIM (HKLM)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab

Edited by Mandie, 13 July 2004 - 04:15 PM.


#2 Mandie

Mandie

    Advanced Member

  • Full Member
  • PipPipPip
  • 162 posts

Posted 13 July 2004 - 05:35 PM

Bump

#3 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 13 July 2004 - 05:59 PM

Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,

O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [opergecau] C:\WINDOWS\System32\gjbsdz.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe

Reboot and delete

files
C:\WINDOWS\Downloaded Program Files\bridge.dll
C:\WINDOWS\System32\gjbsdz.exe
C:\Windows\System32\wsaupdater.exe

folders
C:\Program Files\WindowsSA

These may be hidden files. See HERE for how to show hidden files.

Before posting a followup Hijack this log, please download the latest version, 1.98.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#4 Mandie

Mandie

    Advanced Member

  • Full Member
  • PipPipPip
  • 162 posts

Posted 13 July 2004 - 08:25 PM

Do you know how I can get rid of the downloader.agent.al virus?

#5 Mandie

Mandie

    Advanced Member

  • Full Member
  • PipPipPip
  • 162 posts

Posted 13 July 2004 - 09:28 PM

Bump

#6 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 14 July 2004 - 01:43 PM

What files is reported as having ths virus? What folder is it in?

Please post a fresh Hijack this log, after carrying out the advice above.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#7 Mandie

Mandie

    Advanced Member

  • Full Member
  • PipPipPip
  • 162 posts

Posted 14 July 2004 - 04:51 PM

Someone told me to disable the system restore, but I still don't know how to get rid of the downloader .agent .al. I also have a trojan virus called Trj/downloader.GK when I scanned with Panda ActiveScan. Can someone please help?

#8 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 14 July 2004 - 05:35 PM

Please follow the advice already given, and also supply the information requested.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button