« previous next »
Pages: [1]   Go Down

Author Topic: Prob with x.bat and couple suspicious running program  (Read 3280 times)

0 Members and 1 Guest are viewing this topic.

MeDIeVaL

  • Guest
Prob with x.bat and couple suspicious running program
« on: December 27, 2009, 04:35:42 PM »
Hi there... can anyone analyze this and give me some solution...

Logged

YoKenny

  • Guest
Re: Prob with x.bat and couple suspicious running program
« Reply #1 on: December 27, 2009, 04:55:57 PM »
You are runing a vulnerable version of Java jre1.6.0_07

Go to Add/Remove Programs and un-install all Java installs.

Recommended Version 6 Update 17
http://java.com/en/download/manual.jsp

IE8 is more secure than IE7 and has a lot better performance:
http://www.microsoft.com/windows/Internet-explorer/default.aspx

Go to Secunia Online Software Inspector then run it to see what other applications are vulnerable:
http://secunia.com/vulnerability_scanning/online
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34060
  • malware fighter
Re: Prob with x.bat and couple suspicious running program
« Reply #2 on: December 27, 2009, 05:04:19 PM »
Hi MeDIeVaL,

Fix using HJT:

O4 - HKUS\S-1-5-19\..\RunOnce: [IE7_012] rundll32 advpack.dll,LaunchINFSectionEx IE7int.inf,AfterUserStart,,4,N (User 'LOCAL SERVICE')


Unknown application could be a leftover of a Nlite installation...


O4 - HKUS\S-1-5-19\..\RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%\System32\rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\custom.inf,OnceFirstLogonInstall,0 (User 'LOCAL SERVICE')



O4 - HKUS\S-1-5-20\..\RunOnce: [ZZZZ1_FirstLogonSetting] %SystemRoot%\System32\rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\custom.inf,OnceFirstLogonInstall,0 (User 'NETWORK SERVICE')



O4 - HKUS\S-1-5-18\..\RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%\System32\rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\custom.inf,NewUserFirstLogonInstall,0 (User 'SYSTEM')




O4 - HKUS\.DEFAULT\..\RunOnce: [ZZZZ2_FirstLogonSetting] %SystemRoot%\System32\rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\custom.inf,NewUserFirstLogonInstall,0 (User 'Default user')

Nasty (2.77 / 5.00)

Survey of active tasks:

smss.exe   
System task

Session Manager Subsystem

winlogon.exe   
System task

Microsoft Windows Logon Process

services.exe   
System task

Windows Service Controller

lsass.exe   
System task

Local Security Authority Service

svchost.exe   
System task

Microsoft Service Host Process

svchost.exe   
System task

Microsoft Service Host Process

aswUpdSv.exe   
Virusscan

Avast Anti-Virus Component

ashServ.exe   
Virusscan

Avast

Explorer.EXE   
System task

Microsoft Windows Explorer

volume.exe    check against virustotal.com

malicious task http://www.bleepingcomputer.com/startups/volume.exe-10362.html

added by Win32.RBOT

ashDisp.exe   
Virusscan

Avast AntiVirus

MobileConnect.exe   
Background task

MobileConnect.exe

lcacc.exe   check against virustotal.com

malicious task http://www.threatexpert.com/report.aspx?md5=c67ffb8af96518dcea19c643116fc8eb

typically added by W32.Bifrose.DN

ctfmon.exe   
System task

Alternative User Input Services

VistaDrv.exe   
Driver

VistaDrv.exe

spoolsv.exe   
System task

Microsoft Printer Spooler Service

emo.exe   Version nummer

MD5 Hash van emo.exe

Risk

0.0.0.0

0802023F66C216B4571FD314ABAB0DB6
Virus

AGOBOT-AGE WORM!

VMCService.exe   
Backgroud task

Vodafone Mobile Connect

ashMaiSv.exe   
Virusscan

Avast Anti-Virus Component

ashWebSv.exe   
Virusscan

avast! Web Scanner

firefox.exe   
Application

Mozilla Firefox

HijackThis.exe   
Application

Hijackthis

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »