Hi i cannot for the life of me get rid of a trojan dialler named .6.g this is a copy of my log file, and my computer is now realy slow, does this trojan have any effect on the speed of my machine, whnever i run adaware or spybot i get loads but they always come back. please help
Logfile of HijackThis v1.97.7
Scan saved at 18:51:09, on 14/03/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\Explorer.EXE
G:\PROGRA~1\Grisoft\AVG6\avgserv.exe
G:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
G:\WINDOWS\System32\hphmon03.exe
G:\Program Files\QuickTime\qttask.exe
G:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
G:\Program Files\Messenger\msmsgs.exe
G:\PROGRA~1\AIM95\aim.exe
G:\Program Files\SuperGOO\EREG\US\REMIND32.EXE
G:\WINDOWS\System32\tcpsvcs.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\System32\HPHipm09.exe
G:\WINDOWS\System32\wuauclt.exe
G:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE
G:\Program Files\nbpro\nbpro.exe
G:\Program Files\Ahead\Nero\nero.exe
G:\WINDOWS\System32\imapi.exe
G:\Program Files\Ahead\Nero\nero.exe
G:\Program Files\Internet Explorer\iexplore.exe
G:\Documents and Settings\Gwaimie\Local Settings\Temporary Internet Files\Content.IE5\8DI7K9EZ\hijackthis[1]\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] G:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] G:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [AVG_CC] G:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] G:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] G:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=031404 serial=DR12WEX-1504397-kty lang=EN
O4 - HKLM\..\Run: [P2P Networking] G:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [updmgr] G:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [gmouse] G:\Gmouse\gmouse.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] G:\PROGRA~1\MyWay\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] G:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\ctfmon.exe
O4 - Startup: reminder-ScanSoft Product Registration.lnk = G:\Program Files\SuperGOO\EREG\US\REMIND32.EXE
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Reboot.exe
O4 - Global Startup: RunAP.exe
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.6.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200401...meInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://live.ntyneside.ac.uk/activex/AxisCamControl.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_In...ller/dwnldr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...323/mcfscan.cab
Full Version: Hijack this logfile
Hi gwaimie and welcome to the forum 
I'm not seeing a dialler on your log although there are a few items that need fixing. I assume AVG is giving you an alert. Could you please let us know the file name and location (full path) is it alerting you on?
First, please make a new folder to put your HijackThis.exe into. Anywhere on your hard drive is fine other than your Desktop or the Temp folder. We suggest you use C:\Program Files\HijackThis but feel free to use any name or folder you like. Unzip HijackThis again and save the contents (Hijackthis.exe) to the new folder you made. Then navigate to it and run HijackThis from there. This is to ensure it makes the necessary backups for recovery if needed.
Next, please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an x in the boxes next to these items, then press *fix checked*
O4 - HKLM\..\Run: [P2P Networking] G:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [updmgr] G:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] G:\PROGRA~1\MyWay\bar\1.bin\mwsoemon.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.6.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
............................
Reboot your PC and delete the following named in bold:
G:\Program Files\Common files\updmgr (entire folder)
G:\PROGRA~1\MyWay (entire folder)
Next: It is generally recommended that you uninstall the P2P Networking:
You can uninstall P2P Networking through Add/Remove Programs. If/when asked whether you also want to remove Altnet components, say 'Yes'.
P2P Networking is a totally useless Kazaa add-on, and it's been reported to be responsible for serious system slowdowns.
Then remove the P2P Networking folder in C:\Windows\System32, if still there.
Reboot your PC after completing those and scan once more with HijackThis - post a new log back here, along with the details of the detection of a trojan by AVG (or whatever program is telling you this), AND the details of the files below
.................................................
I'm curious about two items in your Global startups, could you please rightclick (only) do NOT leftclick on each of these and copy down the information provided on the tabs at the top (Properties or General, etc.)
Reboot.exe
RunAP.exe
I'm not seeing a dialler on your log although there are a few items that need fixing. I assume AVG is giving you an alert. Could you please let us know the file name and location (full path) is it alerting you on?
First, please make a new folder to put your HijackThis.exe into. Anywhere on your hard drive is fine other than your Desktop or the Temp folder. We suggest you use C:\Program Files\HijackThis but feel free to use any name or folder you like. Unzip HijackThis again and save the contents (Hijackthis.exe) to the new folder you made. Then navigate to it and run HijackThis from there. This is to ensure it makes the necessary backups for recovery if needed.
Next, please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an x in the boxes next to these items, then press *fix checked*
O4 - HKLM\..\Run: [P2P Networking] G:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [updmgr] G:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] G:\PROGRA~1\MyWay\bar\1.bin\mwsoemon.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.6.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
............................
Reboot your PC and delete the following named in bold:
G:\Program Files\Common files\updmgr (entire folder)
G:\PROGRA~1\MyWay (entire folder)
Next: It is generally recommended that you uninstall the P2P Networking:
You can uninstall P2P Networking through Add/Remove Programs. If/when asked whether you also want to remove Altnet components, say 'Yes'.
P2P Networking is a totally useless Kazaa add-on, and it's been reported to be responsible for serious system slowdowns.
Then remove the P2P Networking folder in C:\Windows\System32, if still there.
Reboot your PC after completing those and scan once more with HijackThis - post a new log back here, along with the details of the detection of a trojan by AVG (or whatever program is telling you this), AND the details of the files below
.................................................
I'm curious about two items in your Global startups, could you please rightclick (only) do NOT leftclick on each of these and copy down the information provided on the tabs at the top (Properties or General, etc.)
Reboot.exe
RunAP.exe
Thanks so much for your super quick response, i did everything that u said, this is my new log
Logfile of HijackThis v1.97.7
Scan saved at 20:22:56, on 14/03/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
G:\WINDOWS\System32\hphmon03.exe
G:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
G:\Program Files\QuickTime\qttask.exe
G:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
G:\Program Files\Messenger\msmsgs.exe
G:\PROGRA~1\AIM95\aim.exe
G:\WINDOWS\System32\ctfmon.exe
G:\Program Files\Netropa\Onscreen Display\OSD.exe
G:\Program Files\SuperGOO\EREG\US\REMIND32.EXE
G:\PROGRA~1\Grisoft\AVG6\avgserv.exe
G:\WINDOWS\System32\tcpsvcs.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\System32\HPHipm09.exe
G:\Program Files\hijack this\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] G:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] G:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [AVG_CC] G:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] G:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] G:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=032904 serial=DR12WEX-1504397-kty lang=EN
O4 - HKLM\..\Run: [gmouse] G:\Gmouse\gmouse.exe
O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] G:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\ctfmon.exe
O4 - HKLM\..\RunOnce: [Restart] LostRun.exe
O4 - Startup: reminder-ScanSoft Product Registration.lnk = G:\Program Files\SuperGOO\EREG\US\REMIND32.EXE
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Reboot.exe
O4 - Global Startup: RunAP.exe
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200401...meInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://live.ntyneside.ac.uk/activex/AxisCamControl.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_In...ller/dwnldr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...323/mcfscan.cab
file
As for the reboot.exe and the run ap, all tabs are empty apart from the titles marked application.
Thanks again
Logfile of HijackThis v1.97.7
Scan saved at 20:22:56, on 14/03/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
G:\WINDOWS\System32\hphmon03.exe
G:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
G:\Program Files\QuickTime\qttask.exe
G:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
G:\Program Files\Messenger\msmsgs.exe
G:\PROGRA~1\AIM95\aim.exe
G:\WINDOWS\System32\ctfmon.exe
G:\Program Files\Netropa\Onscreen Display\OSD.exe
G:\Program Files\SuperGOO\EREG\US\REMIND32.EXE
G:\PROGRA~1\Grisoft\AVG6\avgserv.exe
G:\WINDOWS\System32\tcpsvcs.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\System32\HPHipm09.exe
G:\Program Files\hijack this\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] G:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] G:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [AVG_CC] G:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] G:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] G:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=032904 serial=DR12WEX-1504397-kty lang=EN
O4 - HKLM\..\Run: [gmouse] G:\Gmouse\gmouse.exe
O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] G:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\ctfmon.exe
O4 - HKLM\..\RunOnce: [Restart] LostRun.exe
O4 - Startup: reminder-ScanSoft Product Registration.lnk = G:\Program Files\SuperGOO\EREG\US\REMIND32.EXE
O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Reboot.exe
O4 - Global Startup: RunAP.exe
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200401...meInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://live.ntyneside.ac.uk/activex/AxisCamControl.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_In...ller/dwnldr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...323/mcfscan.cab
file
As for the reboot.exe and the run ap, all tabs are empty apart from the titles marked application.
Thanks again
p.s here is a copy of my avg report
Results of Complete Test, date and time 14/03/2004 16:42:00 :
Testing C:\ serial 1C57-1B00
Testing G:\ serial 7089-56FF
G:\HIBERFIL.SYS Cannot open; not checked!
G:\Documents and Settings\GWAIMIE\NTUSER.DAT Cannot open; not checked!
G:\Documents and Settings\GWAIMIE\ntuser.dat.LOG Cannot open; not checked!
G:\Documents and Settings\GWAIMIE\Local Settings\Application Data\Microsoft\WINDOWS\USRCLASS.DAT Cannot open; not checked!
G:\Documents and Settings\GWAIMIE\Local Settings\Application Data\Microsoft\WINDOWS\UsrClass.dat.LOG Cannot open; not checked!
G:\Documents and Settings\GWAIMIE\Local Settings\TEMP\SQLITE~3 Cannot open; not checked!
G:\Documents and Settings\GWAIMIE\Local Settings\Temporary Internet Files\CONTENT.IE5\C1GJ8B8Z\GVX143~1.EXE Trojan horse Dialer.6.G
G:\Documents and Settings\LocalService\NTUSER.DAT Cannot open; not checked!
G:\Documents and Settings\LocalService\ntuser.dat.LOG Cannot open; not checked!
G:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\WINDOWS\USRCLASS.DAT Cannot open; not checked!
G:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\WINDOWS\UsrClass.dat.LOG Cannot open; not checked!
G:\Documents and Settings\NetworkService\NTUSER.DAT Cannot open; not checked!
G:\Documents and Settings\NetworkService\ntuser.dat.LOG Cannot open; not checked!
G:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\WINDOWS\USRCLASS.DAT Cannot open; not checked!
G:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\WINDOWS\UsrClass.dat.LOG Cannot open; not checked!
G:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Cannot open; not checked!
Test finished, duration 00:31:59.6 s
15168 objects tested, 1 found infected
Results of Complete Test, date and time 14/03/2004 16:42:00 :
Testing C:\ serial 1C57-1B00
Testing G:\ serial 7089-56FF
G:\HIBERFIL.SYS Cannot open; not checked!
G:\Documents and Settings\GWAIMIE\NTUSER.DAT Cannot open; not checked!
G:\Documents and Settings\GWAIMIE\ntuser.dat.LOG Cannot open; not checked!
G:\Documents and Settings\GWAIMIE\Local Settings\Application Data\Microsoft\WINDOWS\USRCLASS.DAT Cannot open; not checked!
G:\Documents and Settings\GWAIMIE\Local Settings\Application Data\Microsoft\WINDOWS\UsrClass.dat.LOG Cannot open; not checked!
G:\Documents and Settings\GWAIMIE\Local Settings\TEMP\SQLITE~3 Cannot open; not checked!
G:\Documents and Settings\GWAIMIE\Local Settings\Temporary Internet Files\CONTENT.IE5\C1GJ8B8Z\GVX143~1.EXE Trojan horse Dialer.6.G
G:\Documents and Settings\LocalService\NTUSER.DAT Cannot open; not checked!
G:\Documents and Settings\LocalService\ntuser.dat.LOG Cannot open; not checked!
G:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\WINDOWS\USRCLASS.DAT Cannot open; not checked!
G:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\WINDOWS\UsrClass.dat.LOG Cannot open; not checked!
G:\Documents and Settings\NetworkService\NTUSER.DAT Cannot open; not checked!
G:\Documents and Settings\NetworkService\ntuser.dat.LOG Cannot open; not checked!
G:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\WINDOWS\USRCLASS.DAT Cannot open; not checked!
G:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\WINDOWS\UsrClass.dat.LOG Cannot open; not checked!
G:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Cannot open; not checked!
Test finished, duration 00:31:59.6 s
15168 objects tested, 1 found infected
Thanks for the info.
That trojan dialler detection is in the Temporary Internet Files folder. Just empty the contents of that folder and that should stop the alerts.
I would like for you to check the other two files here please:
Single file check (KAV)
http://www.kaspersky.com/remoteviruschk.html
And also a new one....so check these three:
Reboot.exe
RunAP.exe
LostRun.exe
First, please make sure your PC is configured to show hidden files:
How to Show Hidden Files
http://www.xtra.co.nz/help/0,,4155-1916458,00.html
Kaspersky will give you a report at the end of each file scan. Copy those and post back here :)
That trojan dialler detection is in the Temporary Internet Files folder. Just empty the contents of that folder and that should stop the alerts.
I would like for you to check the other two files here please:
Single file check (KAV)
http://www.kaspersky.com/remoteviruschk.html
And also a new one....so check these three:
Reboot.exe
RunAP.exe
LostRun.exe
First, please make sure your PC is configured to show hidden files:
How to Show Hidden Files
http://www.xtra.co.nz/help/0,,4155-1916458,00.html
Kaspersky will give you a report at the end of each file scan. Copy those and post back here :)
OT
On those files do you by chance have an Epson printer..if not then how about a cannon with that pc at one time...there seems to be all kinds of mysteries about files like these..
*************************************
Hi,
i recently found RunAP.exe (366 KB) in the autostart
folder. There was also an entry in the registry and
/system32 a small file named LostRun.exe (379 KB).
Does anyone know something about these exes ??
and
Name : LOSTRUN.EXE
Location : c:\windows\system
Type : Application
Size : 378kb
Attributes : Archive
There are several other similar files in my system folder (by this I mean
similar icons...) They are.....
Name : RESTART.EXE
Size : 373kb
Other details as above
Name: RUNAP.EXE
Size : 366kb
Other details as above
Name : DELETE~1.EXE
Size : 520kb
Other details as above
Name : CHECKP~1.EXE
Size : 343kb
Other details as above
Name: CHANGE.EXE
Size : 291kb
Other details as above
Name: RUNONCE.EXE
Size : 36kb
Other details as above plus version info....
File Version 3.3
Desc. Run Once Wrapper
Company : Microsoft
Name: DXDLLREG.EXE
Size : 39kb
Other details as above plus version info...
File Version 4.08.01.0881
Company : Microsoft
In particular I am interested to learn about RUNAP.EXE and LOSTRUN.EXE as
both appear in my startup list and I have no clue as to what they do :(
***********************************
I think they are all coming from this....
Epson Status Monitor 3. This self-extracting file contains the EPSON 1000 ICS Status Monitor 3 v3.0a for Windows 98/Me/2000/XP. NOTE: If you don't already have a download manager (an application which allows you to easily resume downloading should an error occur), you may want to install one before attempting to download large files.
http://www.hotwinfiles.com/software_details.asp?r=3793
and i think that monitor also installed off the cd for the Canon Multipass C555 and/or the Epson...
But not sure those are the file.
Thanks for checking. :)
after checking these 3 files, i got this report
Known viruses: 83988 Updated: 15.03.2004
File size (Kb): 379 Scan time: 00:00:01
Speed (Kb/sec): 379 Virus bodies: 0
Archives: 0 Packed: 0
Folders: 0 Files: 1
Suspicious: 0 Warnings: 0
it was basically the same for all 3 files,
In response to hunter, i do not have any epson devices but i do have a canon scanner.
Thanks for your help
G
Known viruses: 83988 Updated: 15.03.2004
File size (Kb): 379 Scan time: 00:00:01
Speed (Kb/sec): 379 Virus bodies: 0
Archives: 0 Packed: 0
Folders: 0 Files: 1
Suspicious: 0 Warnings: 0
it was basically the same for all 3 files,
In response to hunter, i do not have any epson devices but i do have a canon scanner.
Thanks for your help
G
Thanks, gwaimie
Just wanted to make sure we didn't have anything malicious going on with those. ;)
You need to get ALL the Windows critical security updates recommended for your OS and for IE. That's really important to protect you from the malware using exploits in windows to install on you silently. You can get them here:
http://v4.windowsupdate.microsoft.com/en/default.asp
Then you need to reset your system restore in XP if you haven't done that yet:
You just disable it, reboot and re-enable it (this will clear out any infected files in the XP system restore backup)
How to Enable and Disable System Restore
http://support.microsoft.com/default.aspx?...kb;en-us;264887
Next, we highly recommend you get some extra protection to prevent future infections. Here are some things you can do and some free programs to help :).
How to Stop Hijackers & Spyware Infections, And other malware too!
http://forum.gladiator-antivirus.com/index...?showtopic=9857
Just wanted to make sure we didn't have anything malicious going on with those. ;)
You need to get ALL the Windows critical security updates recommended for your OS and for IE. That's really important to protect you from the malware using exploits in windows to install on you silently. You can get them here:
http://v4.windowsupdate.microsoft.com/en/default.asp
Then you need to reset your system restore in XP if you haven't done that yet:
You just disable it, reboot and re-enable it (this will clear out any infected files in the XP system restore backup)
How to Enable and Disable System Restore
http://support.microsoft.com/default.aspx?...kb;en-us;264887
Next, we highly recommend you get some extra protection to prevent future infections. Here are some things you can do and some free programs to help :).
How to Stop Hijackers & Spyware Infections, And other malware too!
http://forum.gladiator-antivirus.com/index...?showtopic=9857
@chief ray kelp
Your post has been moved to a topic of it's own.
You can follow it here:
chief ray kelp trojan dialler.6.g
http://forum.gladiator-antivirus.com/index...showtopic=11830
Your post has been moved to a topic of it's own.
You can follow it here:
chief ray kelp trojan dialler.6.g
http://forum.gladiator-antivirus.com/index...showtopic=11830
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.