• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
dtjb4

psw.briss.e trojan

4 posts in this topic

I hope someone here can help me, I stumbled upon this website by accident while searching how to remove a trojan horse. Unfortunately the posters request was never answered.

 

We have somehow gotten a trojan horse, our AVG software is telling us that it is here but after I run the scan it says the file cannot be deleted.

 

The file infected is:

 

c:\windows\system\bridge.ddl

 

and the trojan horse is psw.briss.e

 

Anyone know how to get rid of this kind of file, we use windows 98.

 

Thanks

Share this post


Link to post
Share on other sites

let's take a look.........

download HijackThis from

http://www.spywareinfo.com/downloads/tools/HijackThis.exe

to a folder of your choice......doubleclick to open."Scan"...then "Save Log"...when it opens in notepad.......copy (edit..select all..copy) & paste (CTRL-V) the log into your next reply.......

Share this post


Link to post
Share on other sites

Thanks discogail

 

Here is the results of running the scan:

 

Logfile of HijackThis v1.97.7

Scan saved at 9:07:09 AM, on 6/12/04

Platform: Windows 98 Gold (Win9x 4.10.1998)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE

C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\LOADQM.EXE

C:\WINDOWS\SYSTEM\STIMON.EXE

C:\PROGRAM FILES\CREATIVE\LAUNCHER\CTLAUNCHER.EXE

C:\WINDOWS\SYSTEM\ATIPTAAA.EXE

C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE

C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE

C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE

C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE

C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.mytelus.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by LOOKTown

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)

F1 - win.ini: run=Qtstub.exe

O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\PROGRAM FILES\KONTIKI\BIN\BH304181.DLL (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [stillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\Launcher\CTLauncher.EXE

O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe

O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe

O4 - HKLM\..\Run: [ATIGART] c:\ati\gart\atigart.exe

O4 - HKLM\..\Run: [AtiPTA] Atiptaaa.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [AudioHQ] C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE

O4 - HKLM\..\Run: [TonkaMonsterTrucks.exe] C:\DOWNLO~1\TONKAM~1.EXE /r

O4 - HKLM\..\Run: [TonkaConst2.exe] C:\DOWNLO~1\TONKAC~1.EXE /r

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe

O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKCU\..\Run: [zdnet] "C:\Program Files\Kontiki\bin\kontiki.exe" -s zdnet -q

O4 - Startup: PowerReg Scheduler.exe

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe

O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe

O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~1\OFFICE\1033\PHDINTL.DLL/phdContext.htm

O8 - Extra context menu item: Get It With Kontiki - res://C:\PROGRAM FILES\KONTIKI\BIN\BH304181.DLL/201

O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\SYSTEM\TOOLBAR.DLL/SEARCH.HTML

O9 - Extra button: Real.com (HKLM)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab

O16 - DPF: {1C763326-813B-466F-AF7A-8618C10955D6} (SysCheck.SystemCheck) - http://services.yummy.net/download/WebInstall.CAB

Share this post


Link to post
Share on other sites

After running my spyboy and adaware programs and doing what discogail posted to do it seems that after rerunning avg the virus is no longer being detected and seems to be gone.

 

Thanks

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0