« previous next »
Pages: [1]   Go Down

Author Topic: need help  (Read 4845 times)

0 Members and 1 Guest are viewing this topic.

htracey

  • Guest
need help
« on: March 05, 2005, 03:01:38 PM »
computer has Win32 Trojan-gen

i can us spybot, adaware, and avast but it comes back as soon as i hook up my cable modum. I have used hijackthis but i dont know what to do with the results. please help
Logged

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31072
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: need help
« Reply #1 on: March 05, 2005, 03:05:24 PM »
Click on the link in my signature and visit the HJT section.
It has all you need (to know) about HijackThis

But I suggest you 1st visit the MS update site and make Windows, IE and Office up-to-date.
Your system is very much outdated and therfor very vulnarably to infections/hacking attacks and such.
Logged

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31072
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: need help
« Reply #2 on: March 05, 2005, 03:23:51 PM »
This is the result of my HijackThis log analyzer:

--------------------------------------------------------------------------------
CHECKING HIJACKTHIS, INTERNET EXPLORER, WINDOWS AND SOFTWARE FIREWALL:
--------------------------------------------------------------------------------
You are using the latest version of HijackThis.
Old version of Internet Explorer detected, please update.
INMEDIATLY visit http://windowsupdate.microsoft.com and install ALL security patches/updates.
No software firewall detected. If you are not using a
hardware firewall, it is highly recommended to install one.

--------------------------------------------------------------------------------
THESE ARE EITHER HARMFULL OR A SECURITY RISK
WE STRONGLY RECOMMEND TO FIX THEM :
--------------------------------------------------------------------------------
\windows\system32\msupdate.cmd
r3 - default urlsearchhook is missing
f2 - reg:system.ini: userinit=c:\windows\system32\wsaupdater.exe,
o2 - bho: (no name) - software - (no file)
o3 - toolbar: tadow! search bar - {1973395e-67f8-4723-bcc0-832cf4a5ddbc} - c:\windows\downloaded program files\toolbar.dll (file missing)
o4 - hklm\..\run: [wintimer] "c:\windows\system32\msupdate.cmd"
o8 - extra context menu item: &tadow! search bar search - res://c:\windows\downloaded program files\toolbar.dll/search.html
o16 - dpf: {26cbf141-7d0f-46e1-aa06-718958b6e4d2} - http://download.ebay.com/turbo_lister/us/install.cab
o16 - dpf: {df780f87-ff2b-4df8-92d0-73db16a1543a} (popcaploader object) - http://antu.popcap.com/games/popcaploader_v5.cab

--------------------------------------------------------------------------------
THE FOLLOWING ITEMS ARE NOT NEEDED TO LOAD
AT BOOTIME FOR THE SYSTEM TO WORK PROPERLY:
--------------------------------------------------------------------------------
o4 - hklm\..\run: [fasttvsync] "c:\program files\common files\intervideo\fasttvsync\fasttvsync.exe"
o4 - hklm\..\run: [clonedvdelbydelay] "c:\program files\elaborate bytes\clonedvd\elbycheck.exe" /l elbydelay
o4 - hkcu\..\run: [msmsgs] "c:\program files\messenger\msmsgs.exe" /background
o4 - hkcu\..\run: [spyware begone] c:\freescan\freescan.exe -fastscan

--------------------------------------------------------------------------------
WE HAVE NO INFO ON THE FOLLOWING ITEMS. THEY CAN BE BAD OR GOOD.
YOU HAVE TO VERIFY THEM MANUALLY. PLEASE TELL US IF YOU HAVE INFO ON THEM :
--------------------------------------------------------------------------------
o4 - hklm\..\run: [kihupabqcng] c:\windows\system32\cflxaq.exe
« Last Edit: March 05, 2005, 03:50:18 PM by Eddy »
Logged

lee16

  • Guest
Re: need help
« Reply #3 on: March 05, 2005, 03:44:52 PM »
@ Eddy,

Why telling him to remove parts of Avast?
Also as there no info on "cflxaq.exe" i think its safe to say its Malware.

@ htracey,

Don't remove these:

o23 - service: avast! mail scanner - unknown owner - c:\program files\alwil software\avast4\ashmaisv.exe" /service (file missing)
o23 - service: avast! web scanner - unknown owner - c:\program files\alwil software\avast4\ashwebsv.exe" /service (file missing)

A bug in Hijackthis reported them as not there, this should be fixed in the next release.



Also you may want to remove this:

o4 - hklm\..\run: [kihupabqcng] c:\windows\system32\cflxaq.exe

And them delete the file:

c:\windows\system32\cflxaq.exe


Also run/use the scanners suggested on Eddys site that you havn't used yet. (CWShredder/spywareblaster etc).

--lee





Logged

htracey

  • Guest
Re: need help
« Reply #4 on: March 05, 2005, 03:49:57 PM »
thank you after running hijackthis should i remove all but the 2 you mentioned, or should i just remove the 1 you mentioned??
Logged

lee16

  • Guest
Re: need help
« Reply #5 on: March 05, 2005, 03:51:34 PM »
Remove all but the ones i said not to remove  ;)

--lee
Logged

htracey

  • Guest
Re: need help
« Reply #6 on: March 05, 2005, 03:51:43 PM »
also when i go into safe mode to run and remove items should i disconnect cable modum?
Logged

htracey

  • Guest
Re: need help
« Reply #7 on: March 05, 2005, 03:54:21 PM »
also what kind of problems can be caused by running computer with this trojan?
Logged

lee16

  • Guest
Re: need help
« Reply #8 on: March 05, 2005, 03:57:52 PM »
Quote
also when i go into safe mode to run and remove items should i disconnect cable modum?

A common mistake is to go into safe mode and run scanners etc, if you do this, most malware would not of started and therefore will remain on your system, run hijackthis in "normal" mode and remove the items suggested.

Also, are you saying that the hijackthis log you posted was done from safe mode?

Quote
also what kind of problems can be caused by running computer with this trojan?

Its not a trojan, its malware  ;), more commonly known as Spyware/adware, one of the names avast gives these Spyware/adware is Win32 Trojan-gen.

--lee
Logged
Pages: [1]   Go Up
« previous next »