any help please with message after running WWDC

Discussion in 'malware problems & news' started by Ghoulie1, Dec 20, 2004.

Thread Status:
Not open for further replies.
  1. Ghoulie1

    Ghoulie1 Registered Member

    Joined:
    Dec 20, 2004
    Posts:
    3
    Location:
    Manchester UK
    Can anyone help me with following message I get after running the brilliant windows worms doors cleaner programme-

    When I run it to check, I get a warning first that my SVCHOST memory usage - 22500ko is beyond usual values & suggests I have a virus or trojan. I have run Kaspersky Labs AV v5 (its updated every 3 hours) - this shows nothing untoward, likewise Spysweeper - shows me MSBlast trace & deletes - but always reappears on rerun, Spyware Doctor comes up with nothing. Adaware & Spybot likewise. Any suggestions as to what other steps I can take to sort out this indicated problem
     
  2. Ghoulie1

    Ghoulie1 Registered Member

    Joined:
    Dec 20, 2004
    Posts:
    3
    Location:
    Manchester UK
    I have run Trojan Hunter several times & get the following messages :-

    Registry scan
    Registry value exists: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\windows auto update (matches Worm.Blaster.100)

    Inifile scan
    No suspicious entries found

    Port scan
    Port 3333/UDP is open (Matches Daodan.123. Port being used by process svchost.exe/PID 94:cool:

    Memory scan
    No trojans found in memory

    File scan (autostarted files, running executables)
    No trojan files found

    Likewise I have run Trojan Remover & get the message I have apihookdll.dll in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\"AppInit_DLLs.

    Despite using the delete option for both programmes & rebooting - same messages present on running progs again to check if they're gone.

    Any help gratefully received in ridding my system of whatever ails it.

    I have tried Hijackthis to remove the apihookdll - but reappears everytime.
     
  3. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    You will need to post a “Hijack This” log at one of the forums found at A-SAP.

    The two bigger forums for HijackThis log processing, (meaning they process more log threads each day than most others) are: SpywareInfo.com and CastleCops.com. Be sure to read their posting policy in the links at their log review forum sections prior to posting.

    An expert with HJT logs will be able to sort your problem out.

    Cheers

    Blackspear.
     
  4. Ghoulie1

    Ghoulie1 Registered Member

    Joined:
    Dec 20, 2004
    Posts:
    3
    Location:
    Manchester UK
    cheers m8
     
Loading...
Thread Status:
Not open for further replies.