Author Topic: rapid reproducing trojan  (Read 4472 times)

0 Members and 1 Guest are viewing this topic.


  • Guest
rapid reproducing trojan
« on: June 28, 2004, 02:32:01 PM »
Avast scan says I have the win32:TROJANO-180. i n less than one hour it showed up 19 times each with a different file name. Examples;addzt32.exe, apinkexe, apist.exe, syshu32.exe.,atdi.exe, etc.
I deleted each as they appeared on screen. I don't know much about computers but will try to follow some very simple instructions.
am using win xp home,avast4.1,vps vers. 6-25-2004,


  • Guest
Re:rapid reproducing trojan
« Reply #1 on: June 28, 2004, 06:40:43 PM »
I have exactly the same thing, trojano-180.  I posted a topic in another section, and was told to come here.  After a while on the internet, the virus seems to shut down all internet communication, and I have to redial.  I get an insane amount of popups even when not using IE, and my home page is changed.  Here is a post of my hijack this log.

Logfile of HijackThis v1.97.7
Scan saved at 5:08:06 PM, on 6/27/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\prdhy.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://prdhy.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://prdhy.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\prdhy.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://prdhy.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\prdhy.dll/sp.html#96676
O2 - BHO: (no name) - {372EF314-6508-92AB-732E-258B08992A73} - C:\WINDOWS\d3uc.dll
O4 - HKLM\..\Run: [mswspl] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [apiid32.exe] C:\WINDOWS\apiid32.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF97B015-1FF3-46FD-A784-709AC574A598}: NameServer =

thank you.  


  • Guest
Re:rapid reproducing trojan
« Reply #2 on: June 28, 2004, 06:50:50 PM »

booting in safeMode or a boot-time scan with avast (and moving the file to quarantine) doesn't help ?

it can be cleaned with avast + some manual digging, but here's a
quick'n'dirty solution ;)

Download ESCAN from here:

deactivate systemRESTORE &
reboot to safeMode (f8-Boot)
Then start ESCAN, set the options according to screenshot in this link:;f=24;t=000001

let escan scan & clean everything..

reboot normally..
maybe set your startpage again in IE

also read the link below "VirusRemoval" to secure your System/IE, or the trojan/hijacker will come back... ;)
« Last Edit: June 28, 2004, 06:53:38 PM by whocares »


  • Guest
Re:rapid reproducing trojan
« Reply #3 on: June 29, 2004, 12:39:51 AM »
I downloaded Escan, but it won't let me use it because it says that it is more than 30 days old.  Do you happen to know where I can find a newer version?  Also, yes, the pre windows Avast! scan didn't work for me.  I really apreciate your time.  


  • Guest
Re:rapid reproducing trojan
« Reply #4 on: June 29, 2004, 01:38:55 AM »
got it.  one of the links must have been old.  using it now.


  • Guest
Re:rapid reproducing trojan
« Reply #5 on: June 29, 2004, 07:32:53 PM »
escan did find some viruses that avast missed, and I did the scan twice in safe mode.  I did another scan before windows loaded, and ran all of my other virus software.  I also deleted all cookies and history.  This was all done before dialing up the internet.  Unfortunately, the trojan is still here.  Exactly the same.  I have been trying to delete this thing for 4 or 5 days now, and I think I am just going to have to reformat.  Thanks for trying.   :-\