Help - Search - Members - Calendar
Full Version: Trojan horse on my system HELP its still Active :(
Suggest A Fix PC Support Forums > Security > Malicious Code: Viruses, Trojans, Spyware and Browser HiJacking
Zenith
Apr 28 2005, 06:07 PM
eek AVG has detected Downloader.Istbar.8.AJ sad.gif help AVG was not able to do anything to it banghead[1].gif

It’s in
C:\Documents and settings\John\Local Settings\Temporary Internet Files\ Content.IE etc I can not see the rest
And this is it istractivex.dll
and ooo6_regular[1].cab

http://img229.echo.cx/my.php?image=viruspic5ss.png

And if you must know how I received this virus I was trying to find a guide to help me reset the admin password in xp, found a site that is helping me but I must of went to one that gave me a little extra as well sad.gif


Could this virus infect my files on other partitions as I have files that have not been backed up recently? And do not want to lose them.

Hope the below may help you help me.

Logfile of HijackThis v1.99.1
Scan saved at 11:07:59 AM, on 29/04/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\ITE\Smart Guardian\ITESmart.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\John\Desktop\HijackThis1991.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SmartGuardian] C:\Program Files\ITE\Smart Guardian\ITESmart.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1110388559328
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntr...ro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess...ss.cab31267.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
LF from MC
Apr 28 2005, 07:36 PM
QUOTE
C:\Documents and Settings\John\Desktop\HijackThis1991.exe


Hi Zenith

I could be wrong, but just wondering did you changed anything in your Hijack This Log? like the quote, that has 1991 in it. I haven't noticed that before. It might not make a differents, but if you changed anything thing else, the experts might not get a good reading to be able to help you. if you didn't change anything, then don't worry, my mistake.

Lorraine
HKEd
Apr 28 2005, 08:12 PM
That's OK, Lorraine. Just a different file name. smile.gif

Hi Zenith...I don't see any malware on your system. The problem is being reported in the Temp Internet Files folder, a location for 'drive-by' infections.

Install CleanUp! and use it to clean out that folder and the temp files on your system. It's free.
Zenith
Apr 28 2005, 09:08 PM
thanks for help smile.gif
yeah I use clean up I find it works well.
QUOTE
did you changed anything in your Hijack This Log?

no I didn't I left it alone.

Its too late windows XP is getting Increasingly unstable, kernel errors, stop errors, registry having to recover itself at boot up, its now beyond worth trying to recover from.
I was trying to hold off reinstalling windows as long as I could but now I have this virus I have been pressed into action and will obliterate this virus and windows and start a fresh.

Now when I am done whats the best tools to protect me from this happening again? I use
AVG, ad aware and spybot SD anything else worth getting.?
Zenith
Apr 28 2005, 10:02 PM
well I still have to wipe windows but running clean up did get rid ot the virus smile.gif
HKEd
Apr 29 2005, 12:07 AM
Look for SpywareBlaster and SpywareGuard for added protection, Zenith. They're both free and take up little if any resources.
Zenith
Apr 29 2005, 12:51 AM
so this the correct place to d/l them?
http://www.javacoolsoftware.com/spywareblaster.html
http://www.javacoolsoftware.com/spywareguard.html

do you use them? how much spyware do you get running these 2 + ad aware and spybot SD
Zenith
Apr 30 2005, 05:23 PM
Update reinstalled windows everything is running much smother smile.gif I used my customized xp cd which is 187MG smile.gif. I have CleanUP,AVG, ad aware and spybot SD with the block bad pages and tea timer turned on,SpywareBlaster and SpywareGuard anything else needed to increase security?, for a firewall I have a hardware firewall SP1 also have NAT on, software wise just the built in one xp has.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.