• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
zenderrock

trojan in hosts file

4 posts in this topic

Norton antivirus auto-detects a trojan virus in C:\WINDOWS\system32\drivers\etc\hosts.

I cant remove the trojan, here is my log file:

Someone can help me please?

Thanks

 

Logfile of HijackThis v1.97.7

Scan saved at 12:36:45, on 14-07-2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Ficheiros comuns\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\Ficheiros comuns\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\explorer.exe

C:\WINDOWS\system32\explorer.exe

C:\WINDOWS\System32\exarghh.exe

C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe

C:\Programas\Messenger\msmsgs.exe

C:\Documents and Settings\TOC\Application Data\wthr.exe

C:\WINDOWS\System32\fyk.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Ficheiros comuns\Symantec Shared\ccProxy.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Programas\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe

C:\Programas\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE

C:\Programas\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe

C:\Programas\Ficheiros comuns\Symantec Shared\SNDSrvc.exe

C:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Documents and Settings\TOC\Ambiente de trabalho\Hosts_virus\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {34D93C57-E447-0AEE-D652-61550FA4294D} - C:\WINDOWS\System32\apmbn.dll

O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programas\Ficheiros comuns\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programas\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programas\Ficheiros comuns\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programas\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\system32\explorer.exe

O4 - HKLM\..\Run: [pwdzijgilzxq] C:\WINDOWS\System32\exarghh.exe

O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Programas\Norton Internet Security Professional\UrlLstCk.exe

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [uruo] C:\Documents and Settings\Isabel\Application Data\wthr.exe

O4 - HKCU\..\Run: [Xfyv] C:\WINDOWS\System32\fyk.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar (HKLM)

O15 - Trusted Zone: *.clickspring.net

O15 - Trusted Zone: *.mt-download.com

O15 - Trusted Zone: *.my-internet.info

O15 - Trusted Zone: *.skoobidoo.com

O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://213.159.117.133/dl/adv90/x.chm::/load.exe

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...AB?38148.630625

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Edited by zenderrock

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0