Jump to content


Photo

who knows about Win32/TrojanDownloader.Small.KF ?


  • Please log in to reply
7 replies to this topic

#1 seereal

seereal

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 27 May 2004 - 09:21 PM

Hello !!!
I came cause I know there s a lot of experts here ....
I have a problem. When I scan my hard drive with Nod32 (anti-virus)
Here is the log :

Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Scanning Log
Command line: /local /quit-
Checking CRC of the NOD32.EXE file: status OK
Operating memory is OK.
Error occured while scanning MBR sector of the 2. physical disk. Error reading sector.
date: 26.5.2004 time: 11:08:42
Scanned disks, directories and files: C:; D:; E:; F:
C:\pagefile.sys - error opening (file locked) [4]

C:\WINNT\Downloaded Program Files\load.exe - Win32/TrojanDownloader.Small.KF trojan
C:\WINNT\Downloaded Program Files\CONFLICT.11\load.exe - Win32/TrojanDownloader.Small.KF trojan
C:\WINNT\Downloaded Program Files\CONFLICT.12\load.exe - Win32/TrojanDownloader.Small.KF trojan
C:\WINNT\Downloaded Program Files\CONFLICT.13\load.exe - Win32/TrojanDownloader.Small.KF trojan
C:\WINNT\Downloaded Program Files\CONFLICT.2\load.exe - Win32/TrojanDownloader.Small.KF trojan
C:\WINNT\Downloaded Program Files\CONFLICT.3\load.exe - Win32/TrojanDownloader.Small.KF trojan
C:\WINNT\Downloaded Program Files\CONFLICT.4\load.exe - Win32/TrojanDownloader.Small.KF trojan
C:\WINNT\Downloaded Program Files\CONFLICT.5\load.exe - Win32/TrojanDownloader.Small.KF trojan
C:\WINNT\Downloaded Program Files\CONFLICT.6\load.exe - Win32/TrojanDownloader.Small.KF trojan
C:\WINNT\Downloaded Program Files\CONFLICT.7\load.exe - Win32/TrojanDownloader.Small.KF trojan
C:\WINNT\Downloaded Program Files\CONFLICT.8\load.exe - Win32/TrojanDownloader.Small.KF trojan
C:\WINNT\Downloaded Program Files\CONFLICT.9\load.exe - Win32/TrojanDownloader.Small.KF trojan
C:\WINNT\system32\config\svchost.exe - Win32/TrojanDropper.Small.GX trojan

number of files scanned: 16179
number of viruses found: 13
time of termination: 11:14:37 total scanning time: 355 sec (00:05:55)

Notes:
File cannot be open. It is being exclusively used by another application or operating system.

#2 seereal

seereal

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 27 May 2004 - 09:43 PM

I ran Hijackthis too ... here is the log :

Logfile of HijackThis v1.97.7
Scan saved at 9:40:03 PM, on 5/27/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\winnt\System32\smss.exe
C:\winnt\system32\winlogon.exe
C:\winnt\system32\services.exe
C:\winnt\system32\lsass.exe
C:\winnt\system32\svchost.exe
C:\winnt\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\winnt\system32\nvsvc32.exe
C:\winnt\system32\regsvc.exe
C:\winnt\system32\MSTask.exe
C:\winnt\system32\stisvc.exe
C:\winnt\System32\WBEM\WinMgmt.exe
C:\winnt\System32\mspmspsv.exe
C:\winnt\system32\svchost.exe
C:\winnt\Explorer.EXE
D:\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\winnt\System32\USBMonit.exe
C:\winnt\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\Program Files\Eset\nod32kui.exe
C:\winnt\system32\internat.exe
C:\winnt\System32\svchost.exe
C:\Program Files\Netscape\Netscape 7\Netscp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Seereal\Mes documents\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.netscape.fr"); (C:\Documents and Settings\Seereal\Application Data\Mozilla\Profiles\default\me149795.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CNetscape_France.src"); (C:\Documents and Settings\Seereal\Application Data\Mozilla\Profiles\default\me149795.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\winnt\system32\msdxm.ocx
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "D:\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [Gene USB Monitor] C:\winnt\System32\USBMonit.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\winnt\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\winnt\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\winnt\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &NeoTrace It! - D:\NEOTRA~1\NTXcontext.htm
O10 - Broken Internet access because of LSP provider 'imon.dll' missing
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab


Thanks for ur help in advance !!!

#3 seereal

seereal

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 27 May 2004 - 10:48 PM

Please help !!!!

#4 seereal

seereal

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 28 May 2004 - 08:14 AM

Hello ...
I posted this thread yesterday, and I have still no answer.
Is somebody able to help me ?

Thanks in advance to everybody who cares about these kind of problems.

#5 seereal

seereal

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 31 May 2004 - 10:13 PM

:gah: Is somebody able to help me ????

#6 seereal

seereal

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 01 June 2004 - 04:00 PM

BUMP

#7 seereal

seereal

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 02 June 2004 - 09:28 AM

BUMP

#8 Rainbo1956

Rainbo1956

    Member

  • New Member
  • Pip
  • 1 posts

Posted 03 June 2004 - 07:30 AM

Hello....
I happen to be doing a search on this same thing for a friend of mines site, which contains this trojan.

I went to their site and my firewall asked permission to allow = C:\WINNT\Downloaded Program Files\CONFLICT.5\load.exe - Win32/TrojanDownloader.Small.KF trojan
Naturally I said NO!

So, while I can't tell you how to fix it (other then to download Adaware?)
I would recomend you downloading the free version of Sygate Personal Firewall.
This will stop these in the future.

Sorry I couldn't be of more help....but, I'm sure someone else will be along to help you :D




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button