• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
BRUCEL

Can't get rid of Trojan-Clicker.Win32.Delf.hi (virus)

2 posts in this topic

My ZoneAlarm detects the above file and I can't get rid of it. However, AVG calls it Trojan.Zapchast.ca and states that it was cleaned with back-up, so maybe it has been removed.

 

Before running AVG my computer was very slow and rebooting for no apparent reason.

 

I ran SpyBot; Adware SE; AVG AntiSpyware. I have read your FAQ file and followed all of the instructions.

 

Thanks in advance for your help.

 

Here is the HijackThis log (below the HijackThis are two AVG logs)

 

Logfile of HijackThis v1.99.1

Scan saved at 9:48:21 PM, on 5/22/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Folding@Home\Folding at Home v502-Console.exe

C:\WINDOWS\System32\NMSSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Spyware Doctor\svcntaux.exe

C:\WINDOWS\GWMDMMSG.exe

C:\Program Files\Java\jre1.5.0\bin\jusched.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Spyware Doctor\swdsvc.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Spyware Doctor\SDTrayApp.exe

C:\Program Files\SPYWAREfighter\spftray.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\PVSW\bin\w3dbsmgr.exe

C:\Folding@Home\FahCore_78.exe

C:\Program Files\Microsoft Office\Office\1033\msoffice.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\System32\ups.exe

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

C:\Program Files\Wireless-N PCI Adapter\WLService.exe

C:\Program Files\Wireless-N PCI Adapter\WMP300N.exe

C:\WINDOWS\system32\fxssvc.exe

C:\WINDOWS\SYSTEM32\ZoneLabs\avsys\ScanningProcess.exe

C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe

C:\WINDOWS\SYSTEM32\ZoneLabs\avsys\ScanningProcess.exe

C:\WINDOWS\SYSTEM32\ZoneLabs\avsys\Monitor.exe

C:\Program Files\SPYWAREfighter\spfprc.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\PROGRA~1\WINZIP\winzip32.exe

C:\Documents and Settings\Main\My Documents\Unzipped\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.insurancejournal.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Image Helper - {64D712D1-84D9-281C-CE7D-32439D631863} - C:\WINDOWS\system\bpmtcs32.dll (file missing)

O2 - BHO: (no name) - {8C7D15FF-8206-4153-A66E-0EE616BCDF9B} - c:\windows\system32\eblaebl.dll (file missing)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe

O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [skwwgmll] C:\WINDOWS\system32\skwwgmll.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [sDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"

O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skwwgmll] C:\WINDOWS\system32\skwwgmll.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: Electron Microscope.lnk = C:\Folding@Home\Electron Microscope III\EMIII.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\bin\w3dbsmgr.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.msn.com

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1144896297734

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: yrnswprh - eblaebl.dll (file missing)

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: FAH@C:+Folding@Home+Folding at Home v502-Console.exe - Stanford University - C:\Folding@Home\Folding at Home v502-Console.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

O23 - Service: WMP300NSvc - Unknown owner - C:\Program Files\Wireless-N PCI Adapter\WLService.exe" "WMP300N.exe (file missing)

 

 

AVG logs (2 logs - one for the "Main" user and the other for the "Administrator" user

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 9:04:53 PM 5/22/2007

 

+ Scan result:

 

 

 

C:\System Volume Information\_restore{1536FC13-E172-47EA-ABF3-40B443C9C015}\RP1243\A0091078.exe -> Trojan.Zapchast.ca : Cleaned with backup (quarantined).

 

 

::Report end---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 5:47:46 PM 5/22/2007

 

+ Scan result:

 

 

 

HKU\S-1-5-21-2649289507-3585186845-1726409691-500\Software\Alset -> Adware.HelpExpress : No action taken.

HKU\S-1-5-21-2649289507-3585186845-1726409691-500\Software\Alset\HX -> Adware.HelpExpress : No action taken.

HKU\S-1-5-21-2649289507-3585186845-1726409691-500\Software\Alset\HX\HXDL -> Adware.HelpExpress : No action taken.

C:\Documents and Settings\Main\Cookies\main@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : No action taken.

C:\Documents and Settings\Main\Cookies\main@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.

C:\WINDOWS\SYSTEM32\pyddjstt.exe -> Trojan.Zapchast.ca : No action taken.

 

 

::Report end

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0