Other > Viruses and worms

I need some help with hijackthis

(1/4) > >>

jon_2004_85:
What do you guys think of this:

Logfile of HijackThis v1.97.7
Scan saved at 5:32:04 PM, on 12/15/2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashserv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINNT\system32\musirc4.72.exe
C:\aim.exe
D:\HijackThis.exe

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Windows MeTaLRoCk service] metalrock.exe
O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [MusIRC (irc.musirc.com) client] musirc4.72.exe
O4 - HKLM\..\Run: [Services] C:\aim.exe
O4 - HKLM\..\RunServices: [Windows MeTaLRoCk service] metalrock.exe
O4 - HKLM\..\RunServices: [MusIRC (irc.musirc.com) client] musirc4.72.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37966.6811458333
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.rav.ro/scan/ravonline.cab

.: Mac :.:
what is metalrock.exe?
 I see nothing obvious that could be spyware but wait for out hijackthis expert raman to awnser

raman:
I think you are infected by some Malware. Let Hijackthis fix this:
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Windows MeTaLRoCk service] metalrock.exe
O4 - HKLM\..\Run: [MusIRC (irc.musirc.com) client] musirc4.72.exe
O4 - HKLM\..\Run: [Services] C:\aim.exe
O4 - HKLM\..\RunServices: [Windows MeTaLRoCk service] metalrock.exe
O4 - HKLM\..\RunServices: [MusIRC (irc.musirc.com) client] musirc4.72.exe

Like MacLover2000 already said, it seems to be a worm(Randex variant?).
Test the files after a restart here: http://www.kaspersky.com/remoteviruschk.html and if they are infected, delete them, or send them to virus@asw.cz, so Avast can include them.
To make MacLover2000 a bit happy, ;) did RAV not find them?
Please post a new log after all this.

.: Mac :.:

--- Quote ---To make MacLover2000 a bit happy,  did RAV not find them?
--- End quote ---
oh that WOULD brighten my day  :D :D :D ;D

.: Mac :.:
als test with trend http://housecall.trendmicro.com

Navigation

[0] Message Index

[#] Next page

Go to full version