Author Topic: Win32:Trojano-998 [Trj] in QB.exe  (Read 9079 times)

0 Members and 1 Guest are viewing this topic.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Win32:Trojano-998 [Trj] in QB.exe
« Reply #15 on: May 30, 2005, 11:53:49 PM »
avast seems that is not doing a fully job  :P
Did you try scanning with antispywares and antitrojans?

Antispyware applications (freeware): download, install, update and run it.
Ad-Aware
Spybot Search and Destroy
Spywareblaster
A-squared
Ewido
The best things in life are free.

Serverboats

  • Guest
Re: Win32:Trojano-998 [Trj] in QB.exe
« Reply #16 on: May 31, 2005, 12:17:25 AM »
Ewido scan currently running. MSWsearch and Delphin Media viewer found so far.  Here comes another one.....

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: Win32:Trojano-998 [Trj] in QB.exe
« Reply #17 on: May 31, 2005, 12:58:38 AM »
1. The other thread can't be closed/deleted (only edited/modified) once created, only the forum moderator can delete a thread, which is why I said to keep things in this thread to avoud duplication and confusion.

Run another HJT scan (normal not safe mode), save the results and paste the contents here and we will see if there is anything we can pin down.

Rather than attach it you can copy the contents and paste them into a post. That way anyone assisting you doesn't have to download the file open it and then comment.

C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE (what is this norton process?)
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

You have remnants of Norton on your system (Or the System Works/ Security Suite), you need to ensure any anti-virus elements are removed. You should be able to use msconfig to stop those AV elements, Windows Start, Run, type msconfig, startup tab, find the NORTON entry/s for NPROTECT.EXE (I'm assuming this is a nortpn AV element?) and untick it/them.

Is this something you installed
X C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

Check - suspicious (to me and on-line analyser)
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {C62DFDC7-2EEC-4C2C-827A-BC0BFB4260B3} (IMViewerControl Class) - http://companion.logitech.com/companion/logitech/ver1.4.0.1071/bin/imvid.cab

Very Suspect - Fix in HJT
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)
See - http://www.liutilities.com/products/wintaskspro/processlibrary/wtoolss/
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Serverboats

  • Guest
Re: Win32:Trojano-998 [Trj] in QB.exe
« Reply #18 on: May 31, 2005, 01:12:47 AM »
This system has Norton Systemworks installed. The A/V components have been removed.

NPROTECT I believe is the Norton protected wastebasket.

C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
is the Norton defragmenting tool.

Is this something you installed
X C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
I think this one has something to do with AIM?


O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)
I keep tagging this line and HJT can't seem to get it out. I went into the services and disabled it maybe it will get it next time.

Serverboats

  • Guest
Re: Win32:Trojano-998 [Trj] in QB.exe
« Reply #19 on: May 31, 2005, 01:33:41 AM »
The Ewido suite found an additional 68 items....WOW!   No more self gererating .exe files.   Thanks for the help folks. ;D


Well Done,

Serverboats



Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: Win32:Trojano-998 [Trj] in QB.exe
« Reply #20 on: May 31, 2005, 02:39:36 PM »
See these links that a google search for 'wintools removal' without the quotes returned.
http://www.wilderssecurity.com/showthread.php?t=43104
http://www.pchell.com/support/wintools.shtml

PCHell is a good resource to bookmark for the future.

Google is your friend and a great tool, you just need to spend a little time learning how to get the best from it, like any tool.
« Last Edit: May 31, 2005, 02:44:57 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security