Other > Viruses and worms
I need some help with hijackthis
jon_2004_85:
What do you guys think of this:
Logfile of HijackThis v1.97.7
Scan saved at 5:32:04 PM, on 12/15/2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashserv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINNT\system32\musirc4.72.exe
C:\aim.exe
D:\HijackThis.exe
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Windows MeTaLRoCk service] metalrock.exe
O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [MusIRC (irc.musirc.com) client] musirc4.72.exe
O4 - HKLM\..\Run: [Services] C:\aim.exe
O4 - HKLM\..\RunServices: [Windows MeTaLRoCk service] metalrock.exe
O4 - HKLM\..\RunServices: [MusIRC (irc.musirc.com) client] musirc4.72.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37966.6811458333
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.rav.ro/scan/ravonline.cab
.: Mac :.:
what is metalrock.exe?
I see nothing obvious that could be spyware but wait for out hijackthis expert raman to awnser
raman:
I think you are infected by some Malware. Let Hijackthis fix this:
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Windows MeTaLRoCk service] metalrock.exe
O4 - HKLM\..\Run: [MusIRC (irc.musirc.com) client] musirc4.72.exe
O4 - HKLM\..\Run: [Services] C:\aim.exe
O4 - HKLM\..\RunServices: [Windows MeTaLRoCk service] metalrock.exe
O4 - HKLM\..\RunServices: [MusIRC (irc.musirc.com) client] musirc4.72.exe
Like MacLover2000 already said, it seems to be a worm(Randex variant?).
Test the files after a restart here: http://www.kaspersky.com/remoteviruschk.html and if they are infected, delete them, or send them to virus@asw.cz, so Avast can include them.
To make MacLover2000 a bit happy, ;) did RAV not find them?
Please post a new log after all this.
.: Mac :.:
--- Quote ---To make MacLover2000 a bit happy, did RAV not find them?
--- End quote ---
oh that WOULD brighten my day :D :D :D ;D
.: Mac :.:
als test with trend http://housecall.trendmicro.com
Navigation
[0] Message Index
[#] Next page
Go to full version