logfile from hijack this

Discussion in 'adware, spyware & hijack cleaning' started by killermacca, Apr 25, 2004.

Thread Status:
Not open for further replies.
  1. killermacca

    killermacca Guest

    Thanks for the help with the Win32/TrojanDownloader.Nex.B Trojan.
    I have scanned both drives (the drive with the apparent trojan is the E drive), with both Adaware and then Spybot. There were quite a few detections made and deletions. As of last night, Nod32 picked the trojan up again and quarantined., although scans of my system appear clean. I reformatted my C drive 2 days ago because it locked up during a windows update install, and would not subsequently open windows. I had initially tried repairing and or overlaying windows xp again, but this kept locking up and going back to install. In the end we used my win 98 disc to format the C and reinstall xp. There have been no other real problems with the pc since reformatting, but now that I am using Nod32, I am detecting this trojan.
    Here is my hijack log.
    Logfile of HijackThis v1.97.7
    Scan saved at 7:11:59 AM, on 26/04/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\Smc.exe
    C:\WINDOWS\system32\logonui.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ASUS\Probe\AsusProb.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\iolo\System Mechanic 4 Professional\PopupStopper.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\Jack\LOCALS~1\Temp\Rar$EX00.437\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.everlast.net.au/
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\Program Files\iolo\System Mechanic 4 Professional\PopupStopper.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [EPSON Stylus COLOR 480 (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_AICN03.EXE /P31 "EPSON Stylus COLOR 480 (Copy 1)" /O5 "LPT1:" /M "Stylus COLOR 480"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O10 - Broken Internet access because of LSP provider 'imon.dll' missing


    Regards

    Killermacca
     
    killermacca, Apr 25, 2004
    #1
  2. Kilermacca

    Kilermacca Guest

    Re: win32/TrojanDownloader.Nex.B Trojan

    I just finished posting my data from Hijack This and realised that the info ws from the C drive and not the E drive where the trojan apparently resides. I could not find a way to get Hijack This to scan the E drive. It may not matter at all but thought I'd better bring it up,
    Cheers
     
    Kilermacca, Apr 25, 2004
    #2
  3. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
    Hi Kilermacca,

    What is the exact name and path of the file NOD32 is finding?

    Regards,
    Kent
     
    puff-m-d, Apr 25, 2004
    #3
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...