« previous next »
Pages: [1]   Go Down

Author Topic: Problem with trojan  (Read 3662 times)

0 Members and 1 Guest are viewing this topic.

Time8ter

  • Guest
Problem with trojan
« on: June 06, 2004, 12:53:38 AM »
Since todaY, I'm having a problem with a trojan. When I press "Y", it asked to insert a password.


This mY hijackthis.log:


Logfile of HijackThis v1.97.7
Scan saved at 23:48:45, on 05-06-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\runservice.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\MMTrayLSI.exe
C:\WINDOWS\System32\MMTray2k.exe
C:\WINDOWS\System32\MMTray.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Programas\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\progra~1\sibs\mbnet\mbnet.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\WINDOWS\System32\ARS.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programas\Netcount\Netcount.exe
C:\Programas\Creative\SBAudigy\TaskBar\CTLTray.exe
C:\Programas\Creative\SBAudigy\TaskBar\CTLTask.exe
C:\Programas\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Ficheiros\hijackthis\HijackThis.exe
C:\Programas\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\WINDOWS\System32\ARSwb.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\K-Lite Codec Pack\real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programas\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programas\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programas\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programas\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [assistse] "C:\PROGRA~1\3721\assistse.exe"
O4 - HKLM\..\Run: [MBNet] c:\progra~1\sibs\mbnet\mbnet.exe
O4 - HKLM\..\Run: [ICQ Net] C:\WINDOWS\winlogon.exe -stealth
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programas\Ficheiros comuns\Sonic\Update Manager\sgtray.exe" /r
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Netcount] C:\Programas\Netcount\Netcount.exe
O4 - HKCU\..\Run: [TaskTray] C:\Programas\Creative\SBAudigy\TaskBar\CTLTray.exe
O4 - HKCU\..\Run: [TaskBar] C:\Programas\Creative\SBAudigy\TaskBar\CTLTask.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with GetRight - C:\Programas\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programas\GetRight\GRbrowse.htm
O8 - Extra context menu item: View Link Source - C:\windows\web\viewsource.html
O9 - Extra button: MBNet (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12119/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O16 - DPF: {4E592651-4590-11D6-BC20-00C095EEAD5D} (MBNet) - https://www.mbnet.pt/cc/mbnetbrws.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {67925165-C4B6-11D2-B9C6-0000E84F59A6} - http://www.warnerbros.co.uk/content/multipath/projector/bdeinsta/bdeinsta.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://housecall.trendmicro-europe.com/housecall/Xscan53.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37675.4513310185
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://kr.pristontale.com/nprotect/nprotect/npx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - http://runonce.msn.com/setacceptlang.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/ocx/12119/CTPID.cab



It's a annoYing problem. What can I do to clean it?
Logged

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:Problem with trojan
« Reply #1 on: June 06, 2004, 09:59:07 AM »
Please fix this:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\WINDOWS\System32\ARSwb.dll (*)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32 (*)
O4 - HKLM\..\Run: [assistse] "C:\PROGRA~1\3721\assistse.exe" (*)

If you do not know this site:
https://www.mbnet.pt/
Fix this,too:
O4 - HKLM\..\Run: [MBNet] c:\progra~1\sibs\mbnet\mbnet.exe

Please send the files marked with (*) to virus@asw.cz, and delete them.
BTW: Th things above seems to be Keyloggers. So it maybe would better to change your passwords.
Logged
MfG Ralf

Fletch

  • Guest
Re:Problem with trojan
« Reply #2 on: June 06, 2004, 07:42:25 PM »
for trojans try this http://www.moosoftware/thecleaner
for hijacking try this adaware http://www.lavasoft.de

let me know how it turns out at.

http://home.primus.ca/~efletcher
http://fletch1.proboards27.com
email: efletcher@primus.ca

hope this helps.
« Last Edit: June 06, 2004, 07:46:17 PM by Fletch »
Logged
Pages: [1]   Go Up
« previous next »