I'm not sure what criteria this forum requires in order
to be considered a "qualified" expert. I'm a newbie to
this post but definitely not a newbie in the world of
spyware, in particularly CWS and Backdoor trojans.
I am in the process of developing a tool that I hope
will help in the fight against CWS and other known
culprits. I will not promote my product here. But,
I can give you what I consider to be an expert opinion in
I agree that you do show signs of a Backdoor variant. Your system may
even show clean results in a virus scan; however, a tool is
needed to go back and "pick up the trash" that is left behind
(DLL files etc.) [Hopefully, I will help in that task for future references.]
MyDoom virures run a backdoor component, which is dropped as the file SHIMGAPI.DLL. (This trojan component opens TCP ports 3127 thru 3198 to allow remote users to access and manipulate infected systems. The backdoor routine has the ability to download and execute arbitrary files.)
CTFMON.DLL is another known culprit in the W32 trash pile. And, yes, the previous
Post was correct in suggesting the Mcafee Stinger tool. These should be deleted!
I didn't see taskmon.exe in your log file, but if you find it ...it's trash!
Ctfmon.exe is a process that can either cause a bunch of headaches or not affect you! If it keeps appearing at start-up, disable it as the previous post said to do!
I would recommend following the advice you have gotten thus far! (Scanning in safe mode, etc.) If the afore mentioned steps don't work for you, you may have an unknown variant.
Also, follow HJT's lead and remove the NO Name browser helper.
Hope this helps, newyork!
Edited by cnm, 17 July 2004 - 10:56 PM.