Sign in to follow this  
toplad

Am I Infected ? Please help

Recommended Posts

Hello,

 

Last week I came home to find an Icon in my start tray which said I had been infected. I have used AVG, Ad-Aware, Webroot,Panda and spybot to try and resolve it.

 

Backdoor Trojan and Generic Downloader Trojan are the names of the Virus's.

 

I'm getting different results everytime and 'm not sure what to do ????? :)

 

This is my most recent HJ LogLogfile of HijackThis v1.99.1

Scan saved at 23:01:36, on 17/03/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

D:\avgamsvr.exe

D:\avgupsvc.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

D:\avgfwsrv.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\system32\ICO.EXE

C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe

C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe

C:\Program Files\VoyagerTest\fts.exe

C:\Program Files\Common Files\AOL\1171915376\ee\AOLSoftware.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

D:\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\AOL 9.0\aoltray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\AOL Companion\companion.exe

c:\program files\common files\aol\1171915376\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe

c:\program files\common files\aol\1171915376\ee\aolsoftware.exe

C:\Program Files\AOL 9.0\waol.exe

C:\Program Files\AOL 9.0\shellmon.exe

C:\Program Files\Common Files\AOL\aoltpspd.exe

J:\BS4Launcher.exe

C:\Documents and Settings\kieran\Desktop\hijackthis[1]\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.sony-europe.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://accountservices.passport.net/reg.sr...egXPWizCredOnly

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [DSLSTATEXE] "C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" icon

O4 - HKLM\..\Run: [DSLAGENTEXE] "C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe"

O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"

O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1171915376\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe

O4 - HKLM\..\Run: [AVG7_CC] "D:\avgcc.exe" /STARTUP

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe

O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/

O15 - Trusted Zone: *.sony-europe.com

O15 - Trusted Zone: *.sonystyle-europe.com

O15 - Trusted Zone: *.vaio-link.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1171991764296

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{DB46686C-06AD-4678-A372-646C33110B29}: NameServer = 205.188.146.145

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\avgupsvc.exe

O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - D:\avgfwsrv.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)

O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Unknown owner - C:\Program Files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exe (file missing)

O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe

O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)

O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Unknown owner - C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe (file missing)

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

 

 

I would apprecita any help at all.

 

 

Thanks

 

:lol:

Share this post


Link to post
Share on other sites

Hi topladuk :D

 

First let's get your java updated to Java Runtime Environment (JRE) 6

  • Go to Start > Control Panel double-click on the
    Software icon > add/remove programs.
  • Search in the list for all previously installed versions of Java.
    (J2SE Runtime Environment.... )
     
    It should have this icon next to it:
    javaicon.jpg
    Select it and click Remove.
     
  • Then Download and install the newest version from
    here:

 

Reboot/restart your computer.

 

Now, download AVG Anti-Spyware 7.5 from

http://free.grisoft.com/doc/5390/lng/us/tp...anti-virus-free

and save that file to your desktop.

This is a 30 day trial of the program

  1. Once you have downloaded AVG anti-spyware, locate the icon on the
    desktop and double-click it to launch the set up program.
  2. Once the setup is complete you will need run AVG Anti-Spyware 7.5 and
    update the
    definition files.
  3. On the main screen select the icon "Update" then select the
    "Update now" link.
    • Next select the "Start Update" button, the update will start and a
      progress bar will show the updates being installed.

[*]Once the update has completed select the "Scanner" icon at the top

of the screen, then select the "Settings" tab.

[*]Once in the Settings screen click on "Recommended actions" and

then select "Quarantine".

[*]Under "Reports"

  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

Close AVG Anti-Spyware 7.5, Do Not run a scan just yet, we will

shortly.

  1. Reboot your computer into SafeMode. You can do this by restarting
    your computer and continually tapping the F8 key until a menu
    appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or
    programs while AVG is scanning, it may interfere with the scanning
    proccess:
  2. Lauch AVG Anti-Spyware 7.5 by double-clicking the icon on your desktop.
  3. Select the "Scanner" icon at the top and then the "Scan"
    tab then click on "Complete System Scan".
  4. AVG will now begin the scanning process, be patient this may take a
    little time.
    Once the scan is complete do the following:
  5. If you have any infections you will prompted, then select "Apply all
    actions"
  6. Next select the "Reports" icon at the top.
  7. Select the "Save report as" button in the lower left hand of the
    screen and save it to a text file on your system (make sure to remember
    where you saved that file, this is important).
  8. Close AVG Anti-Spyware 7.5 and reboot your system back into Normal Mode
    and post the results of the report scan and a new HJT log.

Share this post


Link to post
Share on other sites
Sign in to follow this