« previous next »
Pages: [1]   Go Down

Author Topic: possible virus or trojan?  (Read 6677 times)

0 Members and 1 Guest are viewing this topic.

iamgiggs

  • Guest
possible virus or trojan?
« on: December 11, 2003, 02:48:00 AM »
hi....a while ago, i surfed the net...then suddenly this page became my homepage without me changing anything....after that, i cannot seem to load any javascripts with my internet explorer...the internet explorer would just hang...also, i found this file suddenly in my hard drive ehbphexzhxs.exe.....i'm not sure if all these is related...but please help me if u think that this is a virus or a trojan
Logged

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:possible virus or trojan?
« Reply #1 on: December 11, 2003, 12:57:46 PM »
Please post a hijackthis log: Download the file here: http://www.tomcoyote.org/hjt/  then unzip the file and double click on the "HijackThis" icon. When finished loading click on the "Scan button".
Next click on the "Save Log" button. Save the log somewhere you will remember and open the log file with notepad. Then copy the contents and paste them in a reply to be checked.
Logged
MfG Ralf

iamgiggs

  • Guest
Re:possible virus or trojan?
« Reply #2 on: December 11, 2003, 01:18:25 PM »
Logfile of HijackThis v1.97.7
Scan saved at 20:30:18, on 10/12/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\PROGRA~1\EzButton\CPLBTS88.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\ICQ\ICQ.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashserv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Andrew Ong\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.sg/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wwwcache.ed.ac.uk/config/proxy-config.pac
O2 - BHO: (no name) - {00110011-4B0B-44D5-9718-90C88817369B} - C:\WINDOWS\NavExt.dll (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [CPLBTS88] C:\PROGRA~1\EzButton\CPLBTS88.EXE
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKCU\..\RunOnce: [ICQ] C:\Program Files\ICQ\ICQ.exe -trayboot
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37966.0975462963
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Logged

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:possible virus or trojan?
« Reply #3 on: December 11, 2003, 03:08:42 PM »
Hm, seems to be clean. Maybe you should FIx this:

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

and maybe download a new version of ms virtual machine:
http://www.microsoft.com/downloads/details.aspx?FamilyId=DD870EAC-69EF-4287-9A07-6C740F162644&displaylang=en
or via www.windowsupdate.com
Logged
MfG Ralf

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:possible virus or trojan?
« Reply #4 on: December 11, 2003, 03:13:34 PM »
Forgot this one, let this fix too:
O2 - BHO: (no name) - {00110011-4B0B-44D5-9718-90C88817369B} - C:\WINDOWS\NavExt.dll (file missing)

O3 - Toolbar: &SearchBar -
{0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
and after a restart the whole C:\Program Files\MyWay\ folder it is Spyware
Logged
MfG Ralf

iamgiggs

  • Guest
Re:possible virus or trojan?
« Reply #5 on: December 11, 2003, 03:16:09 PM »
i've downloaded the new windows updates already...still can't resolve my problem...any clues....another guy on the forum has the same problem as me and he claims a virus caused this...but avast didn't detect any virus for me
Logged

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:possible virus or trojan?
« Reply #6 on: December 11, 2003, 03:22:52 PM »
The log looks pretty clean. Checkt the IE security settings?
Logged
MfG Ralf

Offline .: Mac :.

  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 5093
Re:possible virus or trojan?
« Reply #7 on: December 11, 2003, 09:49:37 PM »
run spybot search and destroy on your system to clean the myway folder and any other spyware. Please update it first.


the program is avalible here just go to bottom for the download
http://www.safer-networking.org/index.php?lang=en&page=download


the detection update is avalible here just scrool down and on the left look for "updates detections" and download and apply them
http://www.safer-networking.org/
« Last Edit: December 11, 2003, 09:50:51 PM by MacLover2000 »
Logged
"People who are really serious about software should make their own hardware." - Alan Kay
Pages: [1]   Go Up
« previous next »