Jump to content


Photo

Nasty Browser Hijacker


  • Please log in to reply
4 replies to this topic

#1 Logicalgambit

Logicalgambit

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 24 June 2004 - 12:55 PM

Here is my log file.

Logfile of HijackThis v1.97.7
Scan saved at 10:52:16 AM, on 6/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\javaaz32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\WINDOWS\system32\javaaa32.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Documents and Settings\Todd McAllister\Desktop\New Folder\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {DBE2DCC3-5963-788D-30AC-7058D49B4E14} - C:\WINDOWS\system32\javaaa32.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [javaaa32.exe] C:\WINDOWS\system32\javaaa32.exe
O4 - HKLM\..\RunOnce: [systi32.exe] C:\WINDOWS\system32\systi32.exe
O4 - HKLM\..\RunOnce: [msrj.exe] C:\WINDOWS\msrj.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe



The nastie, by the way is javaaa32.dll. I have tried multiple removal methods and nothing is working. It keeps comming back no matter if I delete it in safe mode, and reboot, etc.

Thanks in advance

LG

#2 Logicalgambit

Logicalgambit

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 24 June 2004 - 01:04 PM

I think this actually might be CWS, now that I did some more research... I am going to see if the shredder will fix it... If you think it is something else please post... Thanks

LG

#3 Logicalgambit

Logicalgambit

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 24 June 2004 - 01:10 PM

Nevermind... I think it is CWS but CWShredder does not detect it... Any hep?

#4 Logicalgambit

Logicalgambit

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 24 June 2004 - 01:48 PM

bump

#5 LoPhatPhuud

LoPhatPhuud

    Master of Disaster Recovery

  • Emeritus
  • PipPipPipPip
  • 432 posts

Posted 27 June 2004 - 08:20 PM

THis is the same infection as the other one you posted but the log is incomplete. Please post the entire log.
IPB Image Microsoft MVP Windows-Security 2005

Posted Image


When angry count four; when very angry, swear




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button