Jump to content


Question about Trojan

  • Please log in to reply
3 replies to this topic

#1 mistalovalova



  • Full Member
  • Pip
  • 3 posts

Posted 13 June 2004 - 11:43 AM

I was using an online virus scanner (TrendMicro), and while it was scanning my system, my free virus shield (AVG), popped up a little window that said, "new trojan found, scan with AVG virus scan"... the online virus scan didnt find anything, neither did the AVG when I scanned w/ that...

I have a few tasks, that werent on the list, that I have a few questions about...
what is, cidaemon.exe, CTsvcCDA.exe, vsmon.exe

here is my hijackthis log...
Thanks for the help!

Logfile of HijackThis v1.97.7
Scan saved at 1:11:15 PM, on 6/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Documents and Settings\Lenny Medvinsky.LENNY.000\Start Menu\Programs\Maintenance\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct1_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.game...ts/y/grt5_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potd_x.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comne...iveSecurity.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab

#2 dave38


    Devout Murphyite!

  • Retired Staff
  • PipPipPipPipPip
  • 8,508 posts

Posted 13 June 2004 - 01:26 PM

what is, cidaemon.exe, CTsvcCDA.exe, vsmon.exe

Process File: cidaemon or cidaemon.exe
Process Name: Microsoft Indexing Service
Description: Indexing Service that runs in the background and catalogs files so that you can search for files containing a specific text string.
Company: Microsoft Corp.
System Process: Yes

Process File: ctsvccda or ctsvccda.exe
Process Name: Creative CD-ROM Services
Description: Background task for CD-ROM access that gets installed by the Windows 95, 98, or ME drivers of some Creative SoundBlaster soundcards. It also sometimes gets installed on Windows 2000 by non-driver related Creative software suites, such as Creative Jukebox.
Company: Creative Technology Ltd
System Process: No

Process File: vsmon or vsmon.exe
Process Name: True Vector Internet Monitor
Description: Application that is associated with ZoneAlarm personal firewall, which monitors Internet traffic and generates alerts by following the security rules that users configure in Zone Alarm.
Company: Zone Labs Inc.
System Process: No

(from http://www.liutilities.com/)
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#3 mistalovalova



  • Full Member
  • Pip
  • 3 posts

Posted 13 June 2004 - 01:42 PM

thanks for the help, i appreciate it very much...

but your link does not work...

#4 smckillop


    Rockin' Apple of SWI

  • Retired Staff - Helper
  • PipPipPip
  • 143 posts

Posted 13 June 2004 - 07:10 PM

but your link does not work...

He had a minor typo... Here you go:


Edited by smckillop, 13 June 2004 - 07:11 PM.

He who has tasted a sour apple, will have the more relish for a sweet one.

If the information I have provided has been helpful, please consider Supporting SpywareInfo

Member of UNITE
Support SpywareInfo Forum - click the button