GeekPolice
Would you like to react to this message? Create an account in a few clicks or log in to continue.

GeekPoliceLog in

 


Malware: Trojan attack

2 posters

descriptionMalware: Trojan attack EmptyMalware: Trojan attack31st March 2010, 4:45 am

more_horiz
My computer is over-run with 30 viruses. I ran a Hijack log. Could you take a look and help me? Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:04:36 PM, on 3/30/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PANDA SOFTWARE\AVTC\PavSrv51.exe
C:\Program Files\PANDA SOFTWARE\AVTC\AVENGINE.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\AClient\AClient.exe
C:\WINDOWS\system32\PMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\PANDA SOFTWARE\AVTC\PsCtrlS.exe
C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe
C:\Program Files\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe
C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\pagentwd.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\PANDA SOFTWARE\AVTC\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Administrator 3\PavReport\PavReport.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\PANDA SOFTWARE\AVTC\PSCtrlC.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Altiris\AClient\AClntUsr.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\amisiak\Local Settings\Application Data\ave.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.ask.com?o=15007&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: Free TV Bar Toolbar -
{a0729639-d831-46c9-811b-9b0aa79fb45a} - C:\Program
Files\Free_TV_Bar\tbFre1.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -
C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Free TV Bar Toolbar - {a0729639-d831-46c9-811b-9b0aa79fb45a}
- C:\Program Files\Free_TV_Bar\tbFre1.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program
Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO -
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} -
C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} -
C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F}
- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Free TV Bar Toolbar -
{a0729639-d831-46c9-811b-9b0aa79fb45a} - C:\Program
Files\Free_TV_Bar\tbFre1.dll
O4 - HKLM\..\Run: [Panda Controller Client] "C:\Program Files\PANDA
SOFTWARE\AVTC\PSCtrlC.exe"
O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program
Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog
Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major
Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [EPA_EZ_GPO_Tool] C:\WINDOWS\system32\EZ_GPO_Tool.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common
Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common
Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] "C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater]
C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465
-"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6; .NET CLR
1.1.4322; .NET CLR 2.0.50727; InfoPath.1; .NET CLR 3.0.4506.2152; .NET
CLR 3.5.30729)"
-"http://www.fossweb.com/modules3-6/Variables/activities/blasto.html"
O4 - S-1-5-18 Startup: OpenOffice.org 3.1.lnk = C:\Program
Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 3.1.lnk = C:\Program
Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user')
O4 - .DEFAULT User Startup: OpenOffice.org 3.1.lnk = C:\Program
Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org
3\program\quickstart.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research
In Motion\BlackBerry\DesktopMgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program
Files\Google\Google
Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583}
- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = iisd1.lcl
O17 - HKLM\Software\..\Telephony: DomainName = iisd1.lcl
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = iisd1.lcl
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. -
C:\Program Files\Altiris\AClient\AClient.exe
O23 - Service: Energy Star(TM) EZ GPO Power Management Configuration
Tool (EPA_GPO_PMService) - TerraNovum -
C:\WINDOWS\system32\PMService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: Panda Software Controller - Panda Software
International - C:\Program Files\PANDA SOFTWARE\AVTC\PsCtrlS.exe
O23 - Service: Panda AdminSecure Communications Agent (PAVAGENTE) -
Panda Software - C:\Program Files\Panda Software\Panda Administrator
3\Pav_Agent\Pagent.exe
O23 - Service: Panda AdminSecure Scheduler (PavAtScheduler) - Panda
Software - C:\Program Files\Panda Software\Panda Administrator
3\Scheduler\pavsched.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda
Security - C:\Program Files\Common Files\Panda
Software\PavShld\pavprsrv.exe
O23 - Service: Panda Antivirus Report Service (PavReport) - Panda
Software - C:\Program Files\Panda Software\Panda Administrator
3\PavReport\PavReport.exe
O23 - Service: Panda Antivirus Service (PavSrv) - Panda Software
International - C:\Program Files\PANDA SOFTWARE\AVTC\PavSrv51.exe
O23 - Service: Panda AntiSpam Engine (PMShellSrv) - Panda Software
International - C:\Program Files\PANDA SOFTWARE\AVTC\PSKMsSvc.exe
O23 - Service: Panda IManager Service (PsImSvc) - Panda Software
International - C:\Program Files\PANDA SOFTWARE\AVTC\PsImSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common
Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program
Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9774 bytes

descriptionMalware: Trojan attack EmptyRe: Malware: Trojan attack31st March 2010, 4:53 am

more_horiz
Please download ComboFix Malware: Trojan attack Combofix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum