Jump to content


Photo

scagent.exe?!?!?!


  • Please log in to reply
3 replies to this topic

#1 Kairu

Kairu

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 24 June 2004 - 01:43 AM

I've messed witha few hijacks but this takes the cake. Can anyone help ive run CWShredder, AdAware and heres the HijackThis Log:

Logfile of HijackThis v1.97.7
Scan saved at 1:38:01 AM, on 6/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\sb.exe
C:\WINDOWS\system32\scagent.exe
C:\Documents and Settings\Kairu\My Documents\Stuff\Hijack this\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE
O9 - Extra button: ATI TV (HKLM)
O9 - Extra button: AIM (HKLM)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...s/yinst0401.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8154.8665393519
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{035D02BC-F148-4CAC-89A7-A33435496516}: NameServer = 66.234.161.10 66.234.169.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{035D02BC-F148-4CAC-89A7-A33435496516}: NameServer = 66.234.161.10 66.234.169.10
O18 - Protocol hijack: about - {53B95211-7D77-11D2-9F81-00104B107C96}


I cant kill it. Need some help.

Edited by Kairu, 25 June 2004 - 10:51 PM.


#2 Kairu

Kairu

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 24 June 2004 - 10:22 PM

Well now that i have installed my Norton Pro 2003. I see i have 9 trojan horses. Looks like they have some sort of reinstalling dll or something i mean i cant shut it down nor can i delete them. The scagent.exe is only one of them. Im in deep here.
Also im getting a warning for my norton saying "the application or DLL c:/windows/system32/msxword.dll/ is not a valid windows image. Please check this against your installation diskette." Its making me mad now.

Thanks in adavance for any help you can give me.

Edited by Kairu, 24 June 2004 - 10:24 PM.


#3 Kairu

Kairu

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 25 June 2004 - 12:11 AM

Ok thats was simple enough, All i did was try everything in Safe mode ( I wish i woulda done this before) Problem now is a screwy dll) I get an error now
"the application or DLL c:\windows\system32\msxword.dll\ is not a valid windows image. Please check this against your installation diskette."
I dont understand this but it has something to do with all my stuff. So i dunno. And it started with the spyware.

#4 Kairu

Kairu

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 25 June 2004 - 10:46 PM

Ok well i have now after patient resewarch solved my own problem. It started with a smartsearch hijack. i logged into safe mode ran cwshredder then adaware then my norton pro 2003. This solved most of my problems. The next was a dll in my system32 called msxword.dll all i did was delete it and it solved all my problems. Or so i hope. I hope this helps or teaches someone.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button