Need help with Trojan Horse Virus'

Discussion in 'adware, spyware & hijack cleaning' started by mezger, May 18, 2004.

Thread Status:
Not open for further replies.
  1. mezger

    mezger Registered Member

    Joined:
    May 1, 2004
    Posts:
    9
    Found Torjan Horse PSW.Briss.d
    C:\WINDOWS\INFAMOUS.EXE
    Found Torjan Horse Downloader.Small.5.Y
    C:\Program Files\Windows Media Player\WMPLAY~1.TMP

    Attached Hijack this file:
    Logfile of HijackThis v1.97.7
    Scan saved at 9:20:41 PM, on 18/05/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Common Files\Smith Micro Shared\Directory\SMIPTray.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy:8080/
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Internet Directory.lnk = C:\Program Files\Common Files\Smith Micro Shared\Directory\SMIPTray.exe
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38109.6902893518
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    Please Advise
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
  3. mezger

    mezger Registered Member

    Joined:
    May 1, 2004
    Posts:
    9
    I have searched for these files and they don't seem to exist. I have rechecked my AVG Virus scan log and the addresses are correct the files are just not there. What should I do now?
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
  5. mezger

    mezger Registered Member

    Joined:
    May 1, 2004
    Posts:
    9
    I did have checked show hidden files. So I am a bit confused as to how AVG has found an infected file that doesn't seem to exist. What can I try now?
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
  7. mezger

    mezger Registered Member

    Joined:
    May 1, 2004
    Posts:
    9
    I have done another Adaware and AVG scan and there are no longer any virus' on my PC. I have no idea what we did but whatever it was worked. Thanks
    Here is the TDS file anyway:
    15:20:28 [Init] Trojan Defence Suite v3.2.0 (UNLICENSED)
    15:20:28 [Init] Started 21-05-04 15:20:28 Eastern Standard Time (UTC: 5), Internet Time @847.55
    15:20:28 [Init] Loading TDS-3 Systems ...
    15:20:28 [Init] Token successfully adjusted.
    15:20:28 [Init] • TDS Privileges : OK. Adjusted TDS-3 token privileges to maximum
    15:20:28 [Init] • Plugins : OK. Loaded 13
    15:20:28 [Init] • Exec Protection : Not Installed
    15:20:28 [Init] WARNING: Your Radius.TD3 database needs to be updated!
    15:20:29 [Init] Please download the latest from http://tds.diamondcs.com.au/radius.td3
    15:20:29 [Init] Licensed users can use the Update facility from the TDS menu
    15:20:29 [Init] Loading Radius Advanced Scanning Systems ... <R3 Engine, DCS Labs>
    15:20:34 [Init] • Radius Advanced Specialist Extensions on standby for 13 trojan families
    15:20:34 [Init] • Systems Initialised [34619 references - 13190 primaries/9775 traces/11654 variants/other]
    15:20:34 [Init] Radius Systems loaded. <Databases updated 21-05-2004>
    15:20:34 [Init] TDS-3 Ready. <Rob@24.102.43.58, 127.0.0.1 - Canada>
    15:20:34 [Tip Of The Day] Update weekly or even daily for maximum protection against new-release trojans and worms. It's as easy as clicking TDS-3 | Update TDS Databases Now!
    15:20:34 [TDS] Good afternoon Rob.
    15:20:36 [Mutex Memory Scan] Started...
    15:20:38 [Mutex Memory Scan] Finished (no trojan mutexes found).
    15:20:38 [Trace Scan] Started...
    15:20:46 [Trace Scan] Finished.
    15:20:46 [TDS-3] This is an EVALUATION
     
    Last edited: May 21, 2004
Thread Status:
Not open for further replies.