• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
seereal

who knows about Win32/TrojanDownloader.Small.KF ?

8 posts in this topic

Hello !!!

I came cause I know there s a lot of experts here ....

I have a problem. When I scan my hard drive with Nod32 (anti-virus)

Here is the log :

 

Platform: Windows 2000 SP3 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Scanning Log

Command line: /local /quit-

Checking CRC of the NOD32.EXE file: status OK

Operating memory is OK.

Error occured while scanning MBR sector of the 2. physical disk. Error reading sector.

date: 26.5.2004 time: 11:08:42

Scanned disks, directories and files: C:; D:; E:; F:

C:\pagefile.sys - error opening (file locked) [4]

 

C:\WINNT\Downloaded Program Files\load.exe - Win32/TrojanDownloader.Small.KF trojan

C:\WINNT\Downloaded Program Files\CONFLICT.11\load.exe - Win32/TrojanDownloader.Small.KF trojan

C:\WINNT\Downloaded Program Files\CONFLICT.12\load.exe - Win32/TrojanDownloader.Small.KF trojan

C:\WINNT\Downloaded Program Files\CONFLICT.13\load.exe - Win32/TrojanDownloader.Small.KF trojan

C:\WINNT\Downloaded Program Files\CONFLICT.2\load.exe - Win32/TrojanDownloader.Small.KF trojan

C:\WINNT\Downloaded Program Files\CONFLICT.3\load.exe - Win32/TrojanDownloader.Small.KF trojan

C:\WINNT\Downloaded Program Files\CONFLICT.4\load.exe - Win32/TrojanDownloader.Small.KF trojan

C:\WINNT\Downloaded Program Files\CONFLICT.5\load.exe - Win32/TrojanDownloader.Small.KF trojan

C:\WINNT\Downloaded Program Files\CONFLICT.6\load.exe - Win32/TrojanDownloader.Small.KF trojan

C:\WINNT\Downloaded Program Files\CONFLICT.7\load.exe - Win32/TrojanDownloader.Small.KF trojan

C:\WINNT\Downloaded Program Files\CONFLICT.8\load.exe - Win32/TrojanDownloader.Small.KF trojan

C:\WINNT\Downloaded Program Files\CONFLICT.9\load.exe - Win32/TrojanDownloader.Small.KF trojan

C:\WINNT\system32\config\svchost.exe - Win32/TrojanDropper.Small.GX trojan

 

number of files scanned: 16179

number of viruses found: 13

time of termination: 11:14:37 total scanning time: 355 sec (00:05:55)

 

Notes:

File cannot be open. It is being exclusively used by another application or operating system.

Share this post


Link to post
Share on other sites

I ran Hijackthis too ... here is the log :

 

Logfile of HijackThis v1.97.7

Scan saved at 9:40:03 PM, on 5/27/2004

Platform: Windows 2000 SP3 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\winnt\System32\smss.exe

C:\winnt\system32\winlogon.exe

C:\winnt\system32\services.exe

C:\winnt\system32\lsass.exe

C:\winnt\system32\svchost.exe

C:\winnt\system32\spoolsv.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Eset\nod32krn.exe

C:\winnt\system32\nvsvc32.exe

C:\winnt\system32\regsvc.exe

C:\winnt\system32\MSTask.exe

C:\winnt\system32\stisvc.exe

C:\winnt\System32\WBEM\WinMgmt.exe

C:\winnt\System32\mspmspsv.exe

C:\winnt\system32\svchost.exe

C:\winnt\Explorer.EXE

D:\Elaborate Bytes\CloneCD\CloneCDTray.exe

C:\winnt\System32\USBMonit.exe

C:\winnt\system32\spool\drivers\w32x86\3\hpztsb04.exe

C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe

C:\Program Files\Eset\nod32kui.exe

C:\winnt\system32\internat.exe

C:\winnt\System32\svchost.exe

C:\Program Files\Netscape\Netscape 7\Netscp.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Seereal\Mes documents\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.netscape.fr"); (C:\Documents and Settings\Seereal\Application Data\Mozilla\Profiles\default\me149795.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CNetscape_France.src"); (C:\Documents and Settings\Seereal\Application Data\Mozilla\Profiles\default\me149795.slt\prefs.js)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\winnt\system32\msdxm.ocx

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [CloneCDTray] "D:\Elaborate Bytes\CloneCD\CloneCDTray.exe"

O4 - HKLM\..\Run: [Gene USB Monitor] C:\winnt\System32\USBMonit.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\winnt\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\winnt\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\winnt\system32\NeroCheck.exe

O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"

O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE

O4 - HKCU\..\Run: [internat.exe] internat.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: &NeoTrace It! - D:\NEOTRA~1\NTXcontext.htm

O10 - Broken Internet access because of LSP provider 'imon.dll' missing

O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae0...all/xscan53.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

 

 

Thanks for ur help in advance !!!

Share this post


Link to post
Share on other sites

Hello ...

I posted this thread yesterday, and I have still no answer.

Is somebody able to help me ?

 

Thanks in advance to everybody who cares about these kind of problems.

Share this post


Link to post
Share on other sites

Hello....

I happen to be doing a search on this same thing for a friend of mines site, which contains this trojan.

 

I went to their site and my firewall asked permission to allow = C:\WINNT\Downloaded Program Files\CONFLICT.5\load.exe - Win32/TrojanDownloader.Small.KF trojan

Naturally I said NO!

 

So, while I can't tell you how to fix it (other then to download Adaware?)

I would recomend you downloading the free version of Sygate Personal Firewall.

This will stop these in the future.

 

Sorry I couldn't be of more help....but, I'm sure someone else will be along to help you :D

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0