Help - Search - Members - Calendar
Full Version: Hijack This log help
Gladiator Security Forum > Malware Help Forum > HELP! Think you are Infected?
ferpintocrespo
Sep 28 2005, 05:18 PM
help.gif

Hi,
Help me with this log. What do I fix?

Logfile of HijackThis v1.99.1
Scan saved at 11:24:51, on 28/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvctrl.exe
C:\ARCHIV~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\ARCHIV~1\Ontrack\Fix-It\mxtask.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mgabg.exe
C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
C:\Archivos de programa\Norton AntiVirus\IWP\NPFMntor.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Archivos de programa\Copernic Agent\Web\SearchBar.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: HomepageBHO - {893fad3a-931e-4e53-b515-b1426d63799b} - C:\WINDOWS\system32\hp690A.tmp
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Archivos de programa\Copernic Agent\CopernicAgentExt.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\ARCHIV~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Search Using Copernic Agent - C:\Archivos de programa\Copernic Agent\Web\SearchExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\ARCHIV~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\ARCHIV~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\ARCHIV~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{182D6BF7-BC85-4E03-A015-85786B2A3B84}: NameServer = 85.255.113.147,85.255.112.24
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6CC79ED-1541-4198-B28B-0C3723745296}: NameServer = 85.255.113.147,85.255.112.24
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
O23 - Service: Fix-It Task Manager - Ontrack Data International - C:\ARCHIV~1\Ontrack\Fix-It\mxtask.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARCHIV~1\ARCHIV~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Autodad
Sep 28 2005, 09:14 PM
Hi ferpintocrespo,

Please download smitRem from here, and save the file to your desktop.

http://noahdfear.geekstogo.com/smitRem.exe

Doubleclick it and choose install. This will create a new folder on your desktop with the name smitrem.
_ _ _ _

Please download, install, and update the free version of Ewido trojan scanner:
http://www.ewido.net/en/download/

When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK.
From the main ewido screen, click on update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful").

But don't run it yet.
_ _ _ _

If you don't already have Ad-Aware SE 1.06, please get it here:

http://www.lavasoftusa.com/support/download/

Install it, then update it, but don't run it yet.
__________________

Then, reboot to Safe mode (tap F8 while restarting).


Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
_ _ _

Open Ad-aware and do a full scan. Remove all it finds.
_ _ _

Run ewido, click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run.
If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
When the scan finishes, click on "Save Report". This will create a text file. Please then paste the contents of the text file to you next reply.
__________

Then reboot normally

Next, take a free Online Virus scan at Panda ActiveScan
If any infected files are found, delete them.
Then please post the log from them.

Save the scan log and post it along with a new HijackThis Log, the log smitfiles.txt (which you will find on your C:\) and the Ewido Log.
ferpintocrespo
Sep 29 2005, 06:13 PM
I can´t manage to run panda scan. It only runs with Internet Explorer and I´m using Mozilla. Any way, when I switch to Internet Explorer it asks me for an activex control and after it downloads the window says:

ActiveScan has started...
You are about to start the scan and get a second opinion on the security of your PC.

Please wait a moment while ActiveScan completes the download.
If this is the first time you scan your PC, you'll have to download the ActiveX controls (a technology that allows ActiveScan to be run on your computer).
This download size is 8 MB.

And nothing else happens. No download, no scan. Nothing.

In any case here are the logs for everything else:

Logfile of HijackThis v1.99.1
Scan saved at 12:00:40, on 29/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARCHIV~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
C:\ARCHIV~1\Ontrack\Fix-It\mxtask.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mgabg.exe
C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
C:\Archivos de programa\Norton AntiVirus\IWP\NPFMntor.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Archivos de programa\Copernic Agent\Web\SearchBar.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Archivos de programa\Copernic Agent\CopernicAgentExt.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\ARCHIV~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Search Using Copernic Agent - C:\Archivos de programa\Copernic Agent\Web\SearchExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\ARCHIV~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\ARCHIV~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\ARCHIV~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{182D6BF7-BC85-4E03-A015-85786B2A3B84}: NameServer = 85.255.113.147,85.255.112.24
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6CC79ED-1541-4198-B28B-0C3723745296}: NameServer = 85.255.113.147,85.255.112.24
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
O23 - Service: Fix-It Task Manager - Ontrack Data International - C:\ARCHIV~1\Ontrack\Fix-It\mxtask.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARCHIV~1\ARCHIV~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



smitRem log file
version 2.5

by noahdfear


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

msvol.tlb
ld****.tmp
ncompat.tlb
nvctrl.exe
mscornet.exe
hp***.tmp


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

CLEAN! :)


---------------------------------------------------------
ewido security suite - Report de exploración
---------------------------------------------------------

+ Creado en: 11:45:47, 29/09/2005
+ Report-Checksum: 55345991

+ Scan result:

[560] VM_00DB0000 -> TrojanDownloader.Agent.uj : Error durante limpieza
[584] VM_00C40000 -> TrojanDownloader.Agent.uj : Error durante limpieza
[1984] VM_00A20000 -> TrojanDownloader.Agent.uj : Error durante limpieza
C:\Documents and Settings\Amaruka\Configuración local\Temp\Cookies\amaruka@atdmt[2].txt -> Spyware.Cookie.Atdmt : Limpio con backup
:mozilla.8:C:\Documents and Settings\Amaruka\Datos de programa\Mozilla\Firefox\Profiles\8xqoyreo.default\cookies.txt -> Spyware.Cookie.Com : Limpio con backup
:mozilla.9:C:\Documents and Settings\Amaruka\Datos de programa\Mozilla\Firefox\Profiles\8xqoyreo.default\cookies.txt -> Spyware.Cookie.Com : Limpio con backup
:mozilla.18:C:\Documents and Settings\Amaruka\Datos de programa\Mozilla\Firefox\Profiles\8xqoyreo.default\cookies.txt -> Spyware.Cookie.-- The nicest hobby on Earth ;) --counter : Limpio con backup
:mozilla.19:C:\Documents and Settings\Amaruka\Datos de programa\Mozilla\Firefox\Profiles\8xqoyreo.default\cookies.txt -> Spyware.Cookie.-- The nicest hobby on Earth ;) --counter : Limpio con backup
:mozilla.20:C:\Documents and Settings\Amaruka\Datos de programa\Mozilla\Firefox\Profiles\8xqoyreo.default\cookies.txt -> Spyware.Cookie.Advertising : Limpio con backup
:mozilla.22:C:\Documents and Settings\Amaruka\Datos de programa\Mozilla\Firefox\Profiles\8xqoyreo.default\cookies.txt -> Spyware.Cookie.Advertising : Limpio con backup
:mozilla.23:C:\Documents and Settings\Amaruka\Datos de programa\Mozilla\Firefox\Profiles\8xqoyreo.default\cookies.txt -> Spyware.Cookie.Advertising : Limpio con backup
:mozilla.24:C:\Documents and Settings\Amaruka\Datos de programa\Mozilla\Firefox\Profiles\8xqoyreo.default\cookies.txt -> Spyware.Cookie.Advertising : Limpio con backup
:mozilla.25:C:\Documents and Settings\Amaruka\Datos de programa\Mozilla\Firefox\Profiles\8xqoyreo.default\cookies.txt -> Spyware.Cookie.Advertising : Limpio con backup
:mozilla.26:C:\Documents and Settings\Amaruka\Datos de programa\Mozilla\Firefox\Profiles\8xqoyreo.default\cookies.txt -> Spyware.Cookie.Advertising : Limpio con backup
:mozilla.27:C:\Documents and Settings\Amaruka\Datos de programa\Mozilla\Firefox\Profiles\8xqoyreo.default\cookies.txt -> Spyware.Cookie.Advertising : Limpio con backup
:mozilla.28:C:\Documents and Settings\Amaruka\Datos de programa\Mozilla\Firefox\Profiles\8xqoyreo.default\cookies.txt -> Spyware.Cookie.Advertising : Limpio con backup
:mozilla.31:C:\Documents and Settings\Amaruka\Datos de programa\Mozilla\Firefox\Profiles\8xqoyreo.default\cookies.txt -> Spyware.Cookie.Falkag : Limpio con backup
:mozilla.32:C:\Documents and Settings\Amaruka\Datos de programa\Mozilla\Firefox\Profiles\8xqoyreo.default\cookies.txt -> Spyware.Cookie.Falkag : Limpio con backup
:mozilla.33:C:\Documents and Settings\Amaruka\Datos de programa\Mozilla\Firefox\Profiles\8xqoyreo.default\cookies.txt -> Spyware.Cookie.Falkag : Limpio con backup
-> : Error durante limpieza
:mozilla.37:C:\Documents and Settings\Amaruka\Datos de programa\Mozilla\Firefox\Profiles\8xqoyreo.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Limpio con backup
C:\RECYCLER\S-1-5-21-1220945662-1592454029-682003330-1005\Dc10\Cookies\fernando@atdmt[1].txt -> Spyware.Cookie.Atdmt : Limpio con backup
C:\RESPALDO FER\drivers\complete_set_hacking_tools+manuals\hacking_tools\hvlscan.zip/UHANFO.EXE -> Trojan.DOS.ControlDuSockets.a : Limpio con backup
C:\RESPALDO FER\drivers\complete_set_hacking_tools+manuals\hacking_tools\wingatespoof_hlp.zip/UHANFO.EXE -> Trojan.DOS.ControlDuSockets.a : Limpio con backup
C:\System Volume Information\_restore{CCF2A127-F10E-403F-83D0-210F830F615B}\RP48\A0001970.exe -> TrojanDownloader.Agent.uj : Limpio con backup
C:\System Volume Information\_restore{CCF2A127-F10E-403F-83D0-210F830F615B}\RP48\A0001979.exe -> Trojan.Small.fb : Limpio con backup
C:\System Volume Information\_restore{CCF2A127-F10E-403F-83D0-210F830F615B}\RP48\A0001983.exe -> TrojanDownloader.Agent.uj : Limpio con backup
C:\System Volume Information\_restore{CCF2A127-F10E-403F-83D0-210F830F615B}\RP48\A0001989.exe -> Trojan.Small.fb : Limpio con backup
C:\System Volume Information\_restore{CCF2A127-F10E-403F-83D0-210F830F615B}\RP49\A0002000.dll -> Spyware.SBSoft : Limpio con backup
C:\System Volume Information\_restore{CCF2A127-F10E-403F-83D0-210F830F615B}\RP49\A0002002.exe -> TrojanDownloader.Agent.uj : Limpio con backup
C:\System Volume Information\_restore{CCF2A127-F10E-403F-83D0-210F830F615B}\RP49\A0002008.exe -> Trojan.Small.fb : Limpio con backup
C:\System Volume Information\_restore{CCF2A127-F10E-403F-83D0-210F830F615B}\RP49\A0002024.exe -> TrojanDownloader.Agent.uj : Limpio con backup
C:\System Volume Information\_restore{CCF2A127-F10E-403F-83D0-210F830F615B}\RP49\A0002032.exe -> Trojan.Small.fb : Limpio con backup
C:\System Volume Information\_restore{CCF2A127-F10E-403F-83D0-210F830F615B}\RP49\A0003023.exe -> TrojanDownloader.Agent.uj : Limpio con backup
C:\System Volume Information\_restore{CCF2A127-F10E-403F-83D0-210F830F615B}\RP49\A0003032.exe -> Trojan.Small.fb : Limpio con backup
C:\System Volume Information\_restore{CCF2A127-F10E-403F-83D0-210F830F615B}\RP49\A0003191.exe -> TrojanDownloader.Agent.uj : Limpio con backup
C:\System Volume Information\_restore{CCF2A127-F10E-403F-83D0-210F830F615B}\RP49\A0003200.exe -> Trojan.Small.fb : Limpio con backup
C:\System Volume Information\_restore{CCF2A127-F10E-403F-83D0-210F830F615B}\RP49\A0003202.exe -> TrojanDownloader.Agent.uj : Limpio con backup
C:\System Volume Information\_restore{CCF2A127-F10E-403F-83D0-210F830F615B}\RP49\A0003204.exe -> TrojanDownloader.Zlob.ap : Limpio con backup
C:\System Volume Information\_restore{CCF2A127-F10E-403F-83D0-210F830F615B}\RP49\A0003319.exe -> TrojanDownloader.Agent.uj : Limpio con backup
C:\System Volume Information\_restore{CCF2A127-F10E-403F-83D0-210F830F615B}\RP49\A0003334.exe -> Trojan.Small.fb : Limpio con backup
C:\System Volume Information\_restore{CCF2A127-F10E-403F-83D0-210F830F615B}\RP49\A0003336.sys -> TrojanDownloader.Small.bns : Limpio con backup
C:\System Volume Information\_restore{CCF2A127-F10E-403F-83D0-210F830F615B}\RP49\A0005656.exe -> TrojanDownloader.Agent.uj : Limpio con backup
C:\System Volume Information\_restore{CCF2A127-F10E-403F-83D0-210F830F615B}\RP49\A0005664.exe -> Trojan.Small.fb : Limpio con backup
C:\System Volume Information\_restore{CCF2A127-F10E-403F-83D0-210F830F615B}\RP49\A0005667.exe -> TrojanDownloader.Agent.uj : Limpio con backup
C:\System Volume Information\_restore{CCF2A127-F10E-403F-83D0-210F830F615B}\RP49\A0005675.exe -> Trojan.Small.fb : Limpio con backup
C:\System Volume Information\_restore{CCF2A127-F10E-403F-83D0-210F830F615B}\RP49\A0006667.exe -> TrojanDownloader.Agent.uj : Limpio con backup
C:\System Volume Information\_restore{CCF2A127-F10E-403F-83D0-210F830F615B}\RP49\A0006676.exe -> Trojan.Small.fb : Limpio con backup
C:\System Volume Information\_restore{CCF2A127-F10E-403F-83D0-210F830F615B}\RP49\A0006683.exe -> TrojanDownloader.Agent.uj : Limpio con backup
C:\System Volume Information\_restore{CCF2A127-F10E-403F-83D0-210F830F615B}\RP49\A0006692.exe -> Trojan.Small.fb : Limpio con backup
C:\System Volume Information\_restore{CCF2A127-F10E-403F-83D0-210F830F615B}\RP49\A0006740.exe -> TrojanDownloader.Agent.uj : Limpio con backup
C:\System Volume Information\_restore{CCF2A127-F10E-403F-83D0-210F830F615B}\RP49\A0006745.exe -> Trojan.Small.fb : Limpio con backup
C:\System Volume Information\_restore{CCF2A127-F10E-403F-83D0-210F830F615B}\RP49\A0006803.exe -> TrojanDownloader.Agent.uj : Limpio con backup
C:\System Volume Information\_restore{CCF2A127-F10E-403F-83D0-210F830F615B}\RP49\A0006808.exe -> Trojan.Small.fb : Limpio con backup
C:\System Volume Information\_restore{CCF2A127-F10E-403F-83D0-210F830F615B}\RP50\A0006897.exe -> TrojanDownloader.Agent.uj : Limpio con backup
C:\System Volume Information\_restore{CCF2A127-F10E-403F-83D0-210F830F615B}\RP50\A0006903.exe -> Trojan.Small.fb : Limpio con backup
C:\System Volume Information\_restore{CCF2A127-F10E-403F-83D0-210F830F615B}\RP51\A0008896.exe -> TrojanDownloader.Agent.uj : Limpio con backup
C:\System Volume Information\_restore{CCF2A127-F10E-403F-83D0-210F830F615B}\RP51\A0008902.exe -> Trojan.Small.fb : Limpio con backup
C:\System Volume Information\_restore{CCF2A127-F10E-403F-83D0-210F830F615B}\RP51\A0008910.exe -> TrojanDownloader.Agent.uj : Limpio con backup
C:\System Volume Information\_restore{CCF2A127-F10E-403F-83D0-210F830F615B}\RP51\A0008915.exe -> Spyware.Hijacker.Generic : Limpio con backup


::Fin Report


---------------------------------------------
If it is usefull, the Norton windows I had every five minutes saying Trojan.Desktophijack.B and Download.Trojan are deleted, have no loner poped up since I retuned from safe mode.

Thanks for your help...
Autodad
Sep 29 2005, 10:49 PM
Hi ferpintocrespo,

You're welcome.

Open Hijackthis, click Scan, then put a check next to the following entries:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O17 - HKLM\System\CCS\Services\Tcpip\..\{182D6BF7-BC85-4E03-A015-85786B2A3B84}: NameServer = 85.255.113.147,85.255.112.24
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6CC79ED-1541-4198-B28B-0C3723745296}: NameServer = 85.255.113.147,85.255.112.24


Now Close all open Windows and browsers (have only HJT open) and click "Fix Checked".

Then reboot, and please post a new HJT log and let us know if you have any problems.


Here are some other free on-line scans you can try:

HouseCall
BitDefender
F-Secure Online Virus Scanner
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.