LSP's?

Discussion in 'NOD32 version 2 Forum' started by TimBud, Jul 4, 2005.

Thread Status:
Not open for further replies.
  1. TimBud

    TimBud Registered Member

    Joined:
    May 7, 2005
    Posts:
    10
    Location:
    Log Home in the North Ga Mountains
    I accidentally discovered that I can't show any HJT, etc. logs here. Was half awake from sleepless hours at the time.

    I do run NOD32 2.5 and was wondering if my posting this info below about the LSP's would give me any insight as to what's going on. Is this a possible corruption of my NOD32? o_O Reveals that I have IMON files missing?

    I also just discovered in my threat file the following, didn't know it was there:


    Time Module Object Name Threat Action User Information
    6/28/2005 9:33:13 AM IMON file http:***ysbweb.com/ist/scripts/ysb_prompt.php?retry=2&loadfirst=1&delayload=0&software_id=10&account_id
    =1001693&recurrence=always&adid=a1100075729&event_type=onload&user_level=3
    JS/TrojanDownloader.IstBar.J trojan quarantined - Connection terminated

    It says it was quaranteened but I also just discovered the Troj/LanFilt-J Internet Trojan Alias: Backdoor.Win32.Delf.zc , in my Registry. NOD32 nor any other of my prog's found it, I did by accident. Should I post this in the trojan forums? :eek: From what I am reading of it, it's a pretty bad one.

    LSP's:

    NameSpace #1: C:\WINDOWS\TEMP\System32\mswsock.dll
    NameSpace #2: C:\WINDOWS\TEMP\System32\winrnr.dll
    NameSpace #3: C:\WINDOWS\TEMP\System32\mswsock.dll
    Protocol #1: imon.dll (file MISSING)
    Protocol #2: imon.dll (file MISSING)
    Protocol #3: imon.dll (file MISSING)
    Protocol #4: imon.dll (file MISSING)
    Protocol #5: imon.dll (file MISSING)
    Protocol #6: imon.dll (file MISSING)
    Protocol #7: imon.dll (file MISSING)
    Protocol #8: imon.dll (file MISSING)
    Protocol #9: imon.dll (file MISSING)
    Protocol #10: imon.dll (file MISSING)
    Protocol #11: C:\WINDOWS\TEMP\system32\mclsp.dll
    Protocol #12: C:\WINDOWS\TEMP\system32\mclsp.dll
    Protocol #13: C:\WINDOWS\TEMP\system32\mclsp.dll
    Protocol #14: C:\WINDOWS\TEMP\system32\mclsp.dll
    Protocol #15: C:\WINDOWS\TEMP\system32\mclsp.dll
    Protocol #16: C:\WINDOWS\TEMP\system32\mclsp.dll
    Protocol #17: C:\WINDOWS\TEMP\system32\mclsp.dll
    Protocol #18: C:\WINDOWS\TEMP\system32\mclsp.dll
    Protocol #19: C:\WINDOWS\TEMP\system32\mswsock.dll
    Protocol #20: C:\WINDOWS\TEMP\system32\mswsock.dll
    Protocol #21: C:\WINDOWS\TEMP\system32\mswsock.dll
    Protocol #22: C:\WINDOWS\TEMP\system32\rsvpsp.dll
    Protocol #23: C:\WINDOWS\TEMP\system32\rsvpsp.dll
    Protocol #24: C:\WINDOWS\TEMP\system32\mswsock.dll
    Protocol #25: C:\WINDOWS\TEMP\system32\mswsock.dll
    Protocol #26: C:\WINDOWS\TEMP\system32\mswsock.dll
    Protocol #27: C:\WINDOWS\TEMP\system32\mclsp.dll
    Protocol #28: C:\WINDOWS\TEMP\system32\mswsock.dll
    Protocol #29: C:\WINDOWS\TEMP\system32\mswsock.dll
    Protocol #30: C:\WINDOWS\TEMP\system32\mswsock.dll
    Protocol #31: C:\WINDOWS\TEMP\system32\mswsock.dll
    Protocol #32: C:\WINDOWS\TEMP\system32\mswsock.dll
    Protocol #33: C:\WINDOWS\TEMP\system32\mswsock.dll
    Protocol #34: C:\WINDOWS\TEMP\system32\mswsock.dll
    Protocol #35: C:\WINDOWS\TEMP\system32\mswsock.dll
    Protocol #36: C:\WINDOWS\TEMP\system32\mswsock.dll
    Protocol #37: C:\WINDOWS\TEMP\system32\mswsock.dll
    Protocol #38: C:\WINDOWS\TEMP\system32\mswsock.dll
    Protocol #39: C:\WINDOWS\TEMP\system32\mswsock.dll
    Protocol #40: C:\WINDOWS\TEMP\system32\mswsock.dll
    Protocol #41: C:\WINDOWS\TEMP\system32\mswsock.dll
    Protocol #42: C:\WINDOWS\TEMP\system32\mswsock.dll
    Protocol #43: C:\WINDOWS\TEMP\system32\mswsock.dll
    Protocol #44: C:\WINDOWS\TEMP\system32\mswsock.dll
    Protocol #45: C:\WINDOWS\TEMP\system32\mswsock.dll
    Protocol #46: imon.dll (file MISSING)


    Thanks in advance if anyone can be helpful with this. The trojan just appeared/surfaced on the net back on May 8th.

    Tim
     
    Last edited by a moderator: Jul 4, 2005
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
    TimBud

    You really should post a log at one of the forums mentioned in your first post.

    Are you running another antivirus along with NOD?
     
  3. TimBud

    TimBud Registered Member

    Joined:
    May 7, 2005
    Posts:
    10
    Location:
    Log Home in the North Ga Mountains
    Hey Ron,


    Meaning, Castlecops, etc? Ok, no problem.

    No, just NOD32 at the moment. Was running McAfee, then Norton's and the Trojan at the time corrupted both. I deleted them, still have instances of McAfee floating around I can't get rid of. Got NOD and it seems to be doing ok, except for this new infection. Other than that, I have Diamonds TDS, "had" Wormguard, it became corrupt also. :doubt:
     
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
    What program is telling you imon.dll is missing?
     
  5. TimBud

    TimBud Registered Member

    Joined:
    May 7, 2005
    Posts:
    10
    Location:
    Log Home in the North Ga Mountains
    Ron:

    That program would be HiJackThis.exe\ Misc. Tools section\ Startup List tool.
     
  6. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
    Thanks Tim. In the meantime, post your log at one of the forums mentioned. Your computer needs an expert to sort out the problems.
     
  7. TimBud

    TimBud Registered Member

    Joined:
    May 7, 2005
    Posts:
    10
    Location:
    Log Home in the North Ga Mountains
    Uhhh....no, thank you for your patience and understanding from my beginning stumble into becoming a member here :cool:

    I will let you know what happens.

    Now onto my 38th 16 oz. cup of joe and posting away....but .... "over there"

    ;)


    Tim
     
  8. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    Hi TimBud,

    Honestly with all that left over crap from Norton and McAfee I would save all that you can and do a clean install of Windows!!

    IMHO :D

    Cheers,
     
  9. TimBud

    TimBud Registered Member

    Joined:
    May 7, 2005
    Posts:
    10
    Location:
    Log Home in the North Ga Mountains
    Oh man, please don't say those ugly words. :D I don't know what you're looking at to specify Norton's and McAfee but I am sure you know what you're talking about. Yes, I know they left alot of trash. Yes, if it's the last resort I will have to do the above mentioned. Just trying to stay away from it of course.
     
  10. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    As only as a Last Resort do a reinstall!! That's what I would do!!!

    Cheers,
     
  11. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    Have you tried running one of those WinXP tcp/winsock repair tools? Or at least manually doing it?
     
Thread Status:
Not open for further replies.