« previous next »
Pages: 1 2 [3]   Go Down

Author Topic: Help me remove Trojan horse WIN32:BHO-KD[Trj]  (Read 49363 times)

0 Members and 1 Guest are viewing this topic.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Help me remove Trojan horse WIN32:BHO-KD[Trj]
« Reply #30 on: January 03, 2008, 12:38:53 PM »
Quote from: Davey on January 03, 2008, 09:37:46 AM
Any suggestions?
Yes. Open a new thread for you to follow the suggestions.
General cleaning procedures are:

1. Disable System Restore and reenable it after step 3.
2. Clean your temporary files.
3. Schedule a boot time scanning with avast with archive scanning turned on.
4. Use AVG Antispyware; SUPERantispyware and/or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
5. Test your machine with anti-rootkit applications. I suggest AVG or Trend Micro RootkitBuster.
6. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
7. Immunize your system with SpywareBlaster or Windows Advanced Care.
8. Check if you have insecure applications with Secunia Software Inspector.
Logged
The best things in life are free.

santu_1786

  • Guest
Re: Help me remove Trojan horse WIN32:BHO-KD[Trj]
« Reply #31 on: February 03, 2008, 03:57:04 PM »
hi,plz help me 2 remove the same virus..
Logged

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Help me remove Trojan horse WIN32:BHO-KD[Trj]
« Reply #32 on: February 03, 2008, 04:14:02 PM »
Hi santu_1786  if you could start a new topic, as it can get  confusing otherwise.  Post a Hijackthis log there

 Download & Run HijackThis.exe

  • Download HJTInstall.exe to your Desktop.
  • Doubleclick HJTInstall.exe to install it.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Copy/Paste the log to your next reply please.
Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


Logged

pegasus4

  • Guest
Re: Help me remove Trojan horse WIN32:BHO-KD[Trj]
« Reply #33 on: February 03, 2008, 05:38:30 PM »
I've encountered the same trojan on this PC as well. It's associated with the dll "nddeap". What happens if I delete this dll altogether? Would it affect the OS?
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33897
  • malware fighter
Re: Help me remove Trojan horse WIN32:BHO-KD[Trj]
« Reply #34 on: February 03, 2008, 05:58:18 PM »
Hi pegasus4,

Better do this using a fix tool, so post a hjt log like essexboy suggests, sometimes a special script is needed to delete the dll while the malware is putting it back onto the computer through other means,

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Trojanhater666

  • Guest
Re: Help me remove Trojan horse WIN32:BHO-KD[Trj]
« Reply #35 on: February 18, 2008, 08:18:22 PM »
Quote from: sharadgarg2000 on January 01, 2008, 09:34:26 AM
My windows/system32/dmdskrest.dll\[UPX] file is infected by a Trojan Horse detected by Avast Home edition. The name of Trojan Horse is WIN32:BHO-KD[trj].

Plz tell me what does this Trojan do and how to remove it?


   Trojans are like spyware. they can take control your computer if you dont have good firewall. I recommed zone alarm because windows firewall sucks. i have same trojan too. I think this world baddest trojan.i need too help. I hate this trojan because you cant remove like normal. I need heeelpp!!!  . sorry my bad english
Logged

Trojanhater666

  • Guest
Re: Help me remove Trojan horse WIN32:BHO-KD[Trj]
« Reply #36 on: February 18, 2008, 08:30:43 PM »
Quote from: polonus on January 01, 2008, 07:56:33 PM
Hi mimmo_dm,

Before we continue, I like you to upload the following dll's to virustotal and see what engines flag what:
> cdmodeml.dll
and also
> dgsetupv.dll
If you search for these dll's in your system32 folder, the latter dgsetupv.dll also starts up as a F020 Winlogon, which is considered as very suspicious, because only a very small number of dll's (like that of ZoneAlarm for instance) do this, mostly that do are part of a  trojan in this Hijackthis entry. Please for these dll's give all the info virustotal gives on the uploaded files, hash info and all.
virustotal is here: http://www.virustotal.com/

polonus



i have this trojan file  system32/cryptsv.dll/[UPX]
Logged

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Help me remove Trojan horse WIN32:BHO-KD[Trj]
« Reply #37 on: February 18, 2008, 08:31:18 PM »
Hi Trojanhater666 

Download & Run HijackThis.exe

  • Download HJTInstall.exe to your Desktop.
  • Doubleclick HJTInstall.exe to install it.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Copy/Paste the log to your next reply please.
Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


If you could then start a new topic and post it there
Logged

djsmooth212000

  • Guest
Re: Help me remove Trojan horse WIN32:BHO-KD[Trj]
« Reply #38 on: February 21, 2008, 04:59:48 AM »
ComboFix 08-02-21 - mine 2008-02-20 22:17:23.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.434 [GMT -5:00]
Running from: C:\Documents and Settings\mine\Local Settings\Temporary Internet Files\Content.IE5\1XHU8ASY\ComboFix[1].exe
 * Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\Internet Explorer\nipyradim89104.dll
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Terms.rtf
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\isgTi19
C:\Temp\isgTi19\lPig.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\system32\a1
C:\WINDOWS\system32\aoldia.dll
C:\WINDOWS\system32\drivers\sjauqnep.dat
C:\WINDOWS\system32\evytlbqm.dll
C:\WINDOWS\system32\ggvwwjem.ini
C:\WINDOWS\system32\gjjlm.ini
C:\WINDOWS\system32\gjjlm.ini2
C:\WINDOWS\system32\iiravyow.dll
C:\WINDOWS\system32\ksvnydd.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mejwwvgg.dll
C:\WINDOWS\system32\mljjg.dll
C:\WINDOWS\system32\nGpxx18
C:\WINDOWS\system32\nGpxx18\nGpxx182328.exe
C:\WINDOWS\system32\p9
C:\WINDOWS\system32\p9\liopud89104.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\parcnxjl.dll
C:\WINDOWS\system32\poxmihov.ini
C:\WINDOWS\system32\tbdiekmm.dll
C:\WINDOWS\system32\tuvuspm.dll
C:\WINDOWS\system32\utryquww.dll
C:\WINDOWS\system32\v6
C:\WINDOWS\system32\w11
C:\WINDOWS\system32\w11\hiba3133.exe
C:\WINDOWS\system32\wssdgysu.ini
C:\WINDOWS\system32\wvurpno.dll
C:\WINDOWS\wr.txt
C:\WINDOWS\Fonts\'

----- BITS: Possible infected sites -----

hxxp://80.93.48.74
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_MEBTUVZZ
-------\mebtuvzz


(((((((((((((((((((((((((   Files Created from 2008-01-21 to 2008-02-21  )))))))))))))))))))))))))))))))
.

2008-02-20 20:32 . 2007-12-04 07:54   95,608   --a------   C:\WINDOWS\system32\AvastSS.scr
2008-02-20 20:32 . 2007-12-04 09:55   94,544   --a------   C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-20 20:32 . 2007-12-04 09:56   93,264   --a------   C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-20 20:32 . 2007-12-04 09:51   42,912   --a------   C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-20 20:32 . 2007-12-04 09:49   26,624   --a------   C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-20 20:32 . 2007-12-04 09:53   23,152   --a------   C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-20 20:31 . 2007-12-04 08:04   837,496   --a------   C:\WINDOWS\system32\aswBoot.exe
2008-02-20 20:31 . 2004-01-09 04:13   380,928   --a------   C:\WINDOWS\system32\actskin4.ocx
2008-02-18 20:31 . 2008-02-19 14:11   414   --ahs----   C:\WINDOWS\system32\olmxfluw.ini
2008-02-17 22:31 . 2008-02-17 22:33   <DIR>   d--------   C:\Program Files\Easy MPEG AVI DIVX WMV RM to DVD
2008-02-17 22:31 . 2008-02-20 08:46   67   --a------   C:\WINDOWS\Easy Video to DVD.INI
2008-02-17 22:23 . 2008-02-17 22:24   1,250,147   --ahs----   C:\WINDOWS\system32\wuinducy.tmp
2008-02-17 21:36 . 2008-02-17 21:36   <DIR>   d--------   C:\Program Files\Opera
2008-02-17 20:47 . 2008-02-17 20:47   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-02-17 20:47 . 2008-02-17 20:47   29   --a------   C:\WINDOWS\atid.ini
2008-02-17 18:53 . 2008-02-17 19:10   <DIR>   d--------   C:\Program Files\RegCure
2008-02-17 17:50 . 2008-02-18 08:05   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Authentium
2008-02-17 17:15 . 2008-02-17 17:15   <DIR>   d--------   C:\Program Files\Microsoft Windows OneCare Live
2008-02-17 12:03 . 2008-02-17 12:03   <DIR>   d--------   C:\Program Files\Common Files\RuleSpace
2008-02-17 12:01 . 2008-02-17 12:01   <DIR>   d--------   C:\Program Files\Common Files\Aluria
2008-02-17 11:54 . 2008-02-17 11:54   <DIR>   d--------   C:\Program Files\Common Files\Authentium
2008-02-17 02:33 . 2008-02-17 02:33   <DIR>   d--------   C:\Program Files\Lavasoft
2008-02-17 02:33 . 2008-02-17 02:37   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-17 02:32 . 2008-02-17 02:32   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2008-02-17 02:10 . 2008-02-17 02:10   51,355   --a------   C:\WINDOWS\system32\muzika.xm
2008-02-17 01:07 . 2008-02-17 01:07   <DIR>   d--------   C:\Program Files\Windows Defender
2008-02-16 08:26 . 2008-02-20 20:19   <DIR>   d--------   C:\Documents and Settings\mine\Incomplete
2008-02-16 08:26 . 2008-02-16 08:26   147,456   --a------   C:\WINDOWS\system32\vbzip10.dll
2008-02-16 08:23 . 2008-02-16 19:53   <DIR>   d--------   C:\Program Files\RABCO
2008-02-16 08:23 . 2008-02-16 08:23   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Rabio
2008-02-16 08:22 . 2008-02-20 22:18   <DIR>   d--------   C:\Temp
2008-02-15 21:26 . 2008-02-15 23:37   <DIR>   d--------   C:\my dvd
2008-02-14 13:06 . 2008-02-14 13:06   <DIR>   d--------   C:\Documents and Settings\mine\Application Data\NewsLeecher
2008-02-12 00:37 . 2008-02-12 00:37   <DIR>   d--------   C:\Program Files\LightScribe Diagnostic Utility
2008-02-11 20:24 . 2008-02-11 20:24   <DIR>   d--------   C:\Program Files\Common Files\LightScribe
2008-02-11 20:03 . 2005-11-14 08:33   139,264   -ra------   C:\WINDOWS\system32\geneicon.dll
2008-02-11 20:03 . 2005-11-14 08:33   45,056   -ra------   C:\WINDOWS\system32\usbmonit.exe
2008-02-11 20:03 . 2005-11-14 08:33   36,864   -ra------   C:\WINDOWS\system32\deluidrv.exe
2008-02-11 20:03 . 2005-11-14 08:33   32,768   -ra------   C:\WINDOWS\system32\delentry.exe
2008-02-11 20:03 . 2005-11-14 08:33   24,720   -ra------   C:\WINDOWS\system32\drivers\geneuide.sys
2008-02-11 20:03 . 2005-11-14 08:33   445   -ra------   C:\WINDOWS\system32\iconcfg.ini
2008-02-11 19:20 . 2008-02-11 19:20   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\LightScribe
2008-02-11 18:52 . 2008-02-20 20:04   69   --a------   C:\WINDOWS\NeroDigital.ini
2008-02-10 21:26 . 2008-02-18 21:17   <DIR>   d--------   C:\Documents and Settings\mine\Application Data\Ahead
2008-02-10 21:23 . 2008-02-10 21:23   <DIR>   d--------   C:\Program Files\Nero
2008-02-10 21:23 . 2008-02-10 21:29   <DIR>   d--------   C:\Program Files\Common Files\Ahead
2008-02-10 21:23 . 2008-02-10 21:23   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Nero
2008-02-09 23:29 . 2008-02-09 23:30   <DIR>   d--------   C:\Program Files\Easy Avi Divx Xvid to DVD Burner
2008-02-09 23:29 . 2008-02-20 19:26   67   --a------   C:\WINDOWS\Easy Avi Divx Xvid to DVD Burner.INI
2008-02-09 17:01 . 2008-02-14 13:06   <DIR>   d--------   C:\Program Files\NewsLeecher
2008-02-09 17:00 . 2008-02-09 17:00   <DIR>   d--------   C:\Program Files\ParNRar
2008-02-03 11:15 . 2008-02-03 11:15   111   --a------   C:\WINDOWS\musicmaker.INI
2008-02-03 11:09 . 2004-08-11 20:53   38,912   --a------   C:\WINDOWS\system32\mgxasio.dll
2008-01-21 10:45 . 2008-01-21 10:47   <DIR>   d--------   C:\Movies
2008-01-21 10:43 . 2008-01-21 10:43   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-21 10:43 . 2007-05-13 12:24   86,683   --a------   C:\WINDOWS\system32\pthreadGC2.dll
Logged

djsmooth212000

  • Guest
Re: Help me remove Trojan horse WIN32:BHO-KD[Trj]
« Reply #39 on: February 21, 2008, 05:01:17 AM »
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-20 23:56   ---------   d-----w   C:\Documents and Settings\mine\Application Data\LimeWire
2008-02-20 05:06   ---------   d-----w   C:\Documents and Settings\mine\Application Data\uTorrent
2008-02-18 04:06   ---------   d-----w   C:\Program Files\Java
2008-02-18 03:23   ---------   d-----w   C:\Program Files\Common Files\AOL
2008-02-18 03:22   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\AOL
2008-02-18 03:08   ---------   d-----w   C:\Program Files\Common Files\Authentium Shared
2008-02-17 16:44   ---------   d-----w   C:\Program Files\Clearwire
2008-02-13 03:54   786   ----a-w   C:\Documents and Settings\mine\Application Data\wklnhst.dat
2008-02-13 02:22   ---------   d-----w   C:\Program Files\BitLord
2007-12-30 13:52   ---------   d-----w   C:\Program Files\Native Instruments
2006-10-09 22:40   0   -c-ha-w   C:\Documents and Settings\All Users\Application Data\gwseh.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-07-16 21:29 389120]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 20:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 20:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 20:50 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 18:48 761947]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 15:08 1347584]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 23:30 282624 C:\WINDOWS\stsystra.exe]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-06-29 12:13 1032192]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05 127035]
"ScratchAmp"="C:\Program Files\Stanton\FinalScratch\ScratchAmpControl.exe" [2004-11-18 05:51 1363968]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-09 17:39 98304]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"RegistryMechanic"="C:\Program Files\Registry Mechanic\RegMech.exe" [2007-08-20 11:58 2483496]
"ESP"="C:\Program Files\Clearwire\CSS 3.0\app\start.exe" [2007-11-28 13:26 62952]
"HostManager"="C:\Program Files\Common Files\AOL\1203304959\ee\AOLSoftware.exe" [2006-04-13 15:36 50792]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 08:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 19:04 5562368]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-10-09 17:36:20 24576]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 22:07:32 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^mine^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^mine^Start Menu^Programs^Startup^RABCO - Auto Update.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-05-04 10:39 149040 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
--a------ 2006-03-21 20:30 1191936 C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
--a------ 2006-02-09 17:34 106496 C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-02-23 16:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2006-10-09 17:48 169984 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPhoneVideoConverter_upgrade]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-06-10 10:44 249856 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 10:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2008-01-24 12:32 2289664 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
--------- 2003-09-10 02:24 20480 C:\Program Files\NetWaiting\netWaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a------ 2005-07-12 19:05 1117184 C:\Program Files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2007-08-13 19:04 5562368 C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-05-04 10:59 161328 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a------ 2006-03-21 12:19 69632 C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-09 17:39 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-10-09 17:38 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-09-29 23:14 155648 C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-25 20:44 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebBuying]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-05-14 17:22 35328 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SysmonLog"=3 (0x3)
"ose"=3 (0x3)
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McShield"=2 (0x2)
"McDetect.exe"=2 (0x2)
"gusvc"=3 (0x3)
Logged

landyb16

  • Guest
Re: Help me remove Trojan horse WIN32:BHO-KD[Trj]
« Reply #40 on: February 27, 2008, 12:19:56 AM »
Please, help me out here:
Logged

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: Help me remove Trojan horse WIN32:BHO-KD[Trj]
« Reply #41 on: February 27, 2008, 01:24:58 AM »
You have your own thread now. You probably won't get noticed buried way down here.

click this link and it will take you there  ;)

http://forum.avast.com/index.php?topic=33560.0
Logged
Pages: 1 2 [3]   Go Up
« previous next »