Help, nod32 doesn't work with this one

Discussion in 'NOD32 version 2 Forum' started by emina, Aug 27, 2004.

Thread Status:
Not open for further replies.
  1. emina

    emina Registered Member

    Joined:
    May 28, 2004
    Posts:
    1
    Location:
    Zagreb
    nod32 keeps notifying about some trojan but when I run nod32 it can't find anything wrong. Here it is:

    8/23/2004 16:59:39 - AMON - Antivirus monitor Program Virus Alert triggered on SALON_1: C:\WINDOWS\System32\pcc.dll infected with Win32/StartPage.IS trojan.

    8/24/2004 8:12:26 - AMON - Antivirus monitor Program Virus Alert triggered on SALON_1: C:\WINDOWS\System32\lbgoda.dll infected with Win32/StartPage.IS trojan.


    8/26/2004 16:48:43 - AMON - Antivirus monitor Program Virus Alert triggered on SALON_1: C:\WINDOWS\System32\pfm.dll infected with Win32/StartPage.IS trojan.

    and this is the hijackthis log:

    Logfile of HijackThis v1.97.7
    Scan saved at 14:32:29, on 26.8.2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Executive Software\Diskeeper\DkService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
    C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\zstatus.exe
    C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
    C:\Documents and Settings\bbm.SALON1\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - Startup: DelHighCalc.bat
    O4 - Startup: NaturalColorLoad.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: NaturalColorLoad.lnk = ?
    O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O10 - Broken Internet access because of LSP provider 'imon.dll' missing
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38061.1711111111
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{071C8E18-2521-4EE3-9354-A25627F39DD5}: NameServer = 213.149.32.20,213.149.32.19
    O17 - HKLM\System\CS1\Services\Tcpip\..\{071C8E18-2521-4EE3-9354-A25627F39DD5}: NameServer = 213.149.32.20,213.149.32.19
    O17 - HKLM\System\CS2\Services\Tcpip\..\{071C8E18-2521-4EE3-9354-A25627F39DD5}: NameServer = 213.149.32.20,213.149.32.19


    Since I am one vulgaris domesticus female, please help me you big guys!
    :-*
     
    emina, Aug 27, 2004
    #1
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Can you please reboot your PC into "Safe Mode" by tapping/pressing F8 while booting.

    Run a scan with Nod32 while in Safe Mode.

    Let us know how you go...

    Cheers :D
     
    Blackspear, Aug 27, 2004
    #2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...