AVG detected HOtpriv.a

Discussion in 'malware problems & news' started by Podge, Nov 25, 2003.

Thread Status:
Not open for further replies.
  1. Podge

    Podge Registered Member

    Joined:
    Nov 25, 2003
    Posts:
    2
    Hi everyone.
    I've done the adaware and spyblaster thing and this is my Logfile.
    I originally got a message from AVG saying it had found HOtpriv.a.
    All help greatfully received.
    How often should I run adaware, spyblaster, HJT?

    :'(

    Logfile of HijackThis v1.97.7
    Scan saved at 8:46:00 AM, on 11/25/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\LEXBCES.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\ptsnoop.exe
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    E:\PER\NEW FOLDER\DOWNLOADS\HIJACK\HIJACKTHIS.EXE

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
    O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - Startup: Reboot.exe
    O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37905.4566782407
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
    O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
     
  2. Unzy

    Unzy Registered Member

    Joined:
    Nov 2, 2003
    Posts:
    1,098
    Location:
    Belgium
    Hi Podge,

    Hmmm I've seen this a few times already now and the starngest thing is I do not seem to be able to find it back on AVG's search pages/database.

    It can be that it came in your e-mail with an attachment, so can you clean out your e-mails which you do not need anymore/not recognize, certainly the ones with an attachment. Also clean out temporary internet files.

    Keep us posted,

    Cheers,
     
  3. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
  4. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    I recognise the website. It opened in my Mozilla the otherday . But none of the AV including AVG finds it.
     
  5. Podge

    Podge Registered Member

    Joined:
    Nov 25, 2003
    Posts:
    2
    Thanks Unzy, Pieter, JayK

    Ok it's gone but where did it come from?
    Here's what we have. While running 'Inboxcop' yesterday it suddenly announced it was shutting down because it had downloaded an update. So I clicked OK and waited a couple of minutes then rebooted incase I needed to do so to allow the update to load up and then a few minutes later the same message came up and I did the same thing and so forth and so fifth. I didn't really think anything of it except I remembered that when I first installed 'Inboxcop' about a month ago AVG detected 3 hidden extensions in 'inboxcop' straight away (and healed them). And because of that I updated my AVG virus database (previously about 8 days old) and ran it. Hey presto, it said I had a virus (but applied no fix).
    Looking at this now I see it was associated with 'inboxcop\spool\ -various identifying guff -\parsedmsgs\ - more personal stuff - \MYMOVIE.ZIP:\My-Priva.exe.
    I remember seeing it as clicked through the Spam messages halted by Inboxcop, however, I did not open the file.
    I have shredded all the Spam and Deleted headers recorded by Inboxcop and I've deleted the contents of my OE 'deleted items' folder. Running AVG again shows nothing has been detected. So mission accomplished. I am not sure why it detected it but it did ....
    Here is a page form Network Associates which shows the MYMOVIE.ZIP is a fairly well known piece of Spam
    Http://vil.nai.com/vil/content/v_100807.htm

    Now then, is there anything in my Log I need to worry about?
    And do you have any idea why when I launch Inboxcop I seem to suddenly start running:
    InboxCop Anti-Spam
    Inboxcop
    Winoldap
    Inboxcop
    Inboxcop

    Thank you for all your help. It is nice to know someone cares about thickos like me! o_O
     
Loading...
Thread Status:
Not open for further replies.