virus help...

by **mikesphat** » Fri Jul 23, 2004 11:26 am

trojan horse downloader.small.6.m... avg warns me that i have it but wont find it during the scan... ive disabled system restore and tried again with no luck... its in the system volume information folder... any help would be great... thanx in advance...

by **Andocrates** » Fri Jul 23, 2004 11:34 am

Stop the malware process from windows task manager (control alt delete,) then start up in safe mode, delete the file and your temp cache (and your broswer cache as well)

by **mikesphat** » Fri Jul 23, 2004 11:43 am

here is my hijack this log... any ideas what isnt supposed to be there?

Logfile of HijackThis v1.98.0
Scan saved at 9:42:24 PM, on 7/22/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32logonui.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:PROGRA~1GrisoftAVG6avgcc32.exe
C:Program FilesJavaj2re1.4.2_04binjusched.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:Program FilesiTunesiTunesHelper.exe
C:WINDOWSSystem32ctfmon.exe
C:WINDOWSSystem32Ati2evxx.exe
C:PROGRA~1GrisoftAVG6avgserv.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Documents and SettingsmikesphatDesktopHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://aimhome.netscape.com/aimhome.adp
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_url = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchurl,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:PROGRA~1Yahoo!COMPAN~1Installscpnycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:PROGRA~1Yahoo!COMPAN~1Installscpnycomp5_3_12_0.dll
O4 - HKLM..Run: [AVG_CC] C:PROGRA~1GrisoftAVG6avgcc32.exe /STARTUP
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavaj2re1.4.2_04binjusched.exe
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [iTunesHelper] C:Program FilesiTunesiTunesHelper.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [AIM] C:Program FilesAIMaim.exe -cnetwait.odl
O4 - HKCU..Run: [Yahoo! Pager] C:Program FilesYahoo!Messengerypager.exe -quiet
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSSystem32ctfmon.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:Program FilesYahoo!Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:Program FilesYahoo!Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:Program FilesYahoo!Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:Program FilesYahoo!Messengeryhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:Program FilesYahoo!Messengeryhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:Program FilesAIMaim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengerMSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengerMSMSGS.EXE
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab

by **Andocrates** » Fri Jul 23, 2004 12:04 pm

avgserv.exe looks dodgy.

by **Big Booger** » Fri Jul 23, 2004 12:13 pm

avgserv.exe is an antivirus application.. part of the Grisoft AVG software application that you have installed.

http://www.computercops.biz/postitle10743-0-0-.html

take a look there for the fix.

Also have a gander here:

http://www.experts-exchange.com/Miscellaneous/Q_21029951.html

by **mikesphat** » Fri Jul 23, 2004 12:30 pm

yea i think i have defeated it guys... thanx!

Hot Topics
Buraku Japanese women gangraped in India.	Thanatos' embalmed botfly Where The Hell Did Everyone Go?
Buraku Shinzo Abe Former Prime Minister shot Dead during speech?	Buraku Those Koreans got a lot of nerve
Buraku 'Paris Syndrome' strikes Japanese	Buraku Warm and Toasty
Buraku Russia's Putin violates the Japanese	Buraku Russian Shenanigans
Buraku Anti-Foreigner Demo In Saitama	Buraku This is the bomb!

virus help...

virus help...

.

.

Who is online