Need help with Trojan Horse Virus'

Discussion in 'adware, spyware & hijack cleaning' started by mezger, May 18, 2004.

Thread Status:
Not open for further replies.
  1. mezger

    mezger Registered Member

    Joined:
    May 1, 2004
    Posts:
    9
    Found Torjan Horse PSW.Briss.d
    C:\WINDOWS\INFAMOUS.EXE
    Found Torjan Horse Downloader.Small.5.Y
    C:\Program Files\Windows Media Player\WMPLAY~1.TMP

    Attached Hijack this file:
    Logfile of HijackThis v1.97.7
    Scan saved at 9:20:41 PM, on 18/05/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Common Files\Smith Micro Shared\Directory\SMIPTray.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy:8080/
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Internet Directory.lnk = C:\Program Files\Common Files\Smith Micro Shared\Directory\SMIPTray.exe
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38109.6902893518
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    Please Advise
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,440
    Location:
    Netherlands
  3. mezger

    mezger Registered Member

    Joined:
    May 1, 2004
    Posts:
    9
    I have searched for these files and they don't seem to exist. I have rechecked my AVG Virus scan log and the addresses are correct the files are just not there. What should I do now?
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,440
    Location:
    Netherlands
  5. mezger

    mezger Registered Member

    Joined:
    May 1, 2004
    Posts:
    9
    I did have checked show hidden files. So I am a bit confused as to how AVG has found an infected file that doesn't seem to exist. What can I try now?
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,440
    Location:
    Netherlands
  7. mezger

    mezger Registered Member

    Joined:
    May 1, 2004
    Posts:
    9
    I have done another Adaware and AVG scan and there are no longer any virus' on my PC. I have no idea what we did but whatever it was worked. Thanks
    Here is the TDS file anyway:
    15:20:28 [Init] Trojan Defence Suite v3.2.0 (UNLICENSED)
    15:20:28 [Init] Started 21-05-04 15:20:28 Eastern Standard Time (UTC: 5), Internet Time @847.55
    15:20:28 [Init] Loading TDS-3 Systems ...
    15:20:28 [Init] Token successfully adjusted.
    15:20:28 [Init] • TDS Privileges : OK. Adjusted TDS-3 token privileges to maximum
    15:20:28 [Init] • Plugins : OK. Loaded 13
    15:20:28 [Init] • Exec Protection : Not Installed
    15:20:28 [Init] WARNING: Your Radius.TD3 database needs to be updated!
    15:20:29 [Init] Please download the latest from http://tds.diamondcs.com.au/radius.td3
    15:20:29 [Init] Licensed users can use the Update facility from the TDS menu
    15:20:29 [Init] Loading Radius Advanced Scanning Systems ... <R3 Engine, DCS Labs>
    15:20:34 [Init] • Radius Advanced Specialist Extensions on standby for 13 trojan families
    15:20:34 [Init] • Systems Initialised [34619 references - 13190 primaries/9775 traces/11654 variants/other]
    15:20:34 [Init] Radius Systems loaded. <Databases updated 21-05-2004>
    15:20:34 [Init] TDS-3 Ready. <Rob@24.102.43.58, 127.0.0.1 - Canada>
    15:20:34 [Tip Of The Day] Update weekly or even daily for maximum protection against new-release trojans and worms. It's as easy as clicking TDS-3 | Update TDS Databases Now!
    15:20:34 [TDS] Good afternoon Rob.
    15:20:36 [Mutex Memory Scan] Started...
    15:20:38 [Mutex Memory Scan] Finished (no trojan mutexes found).
    15:20:38 [Trace Scan] Started...
    15:20:46 [Trace Scan] Finished.
    15:20:46 [TDS-3] This is an EVALUATION
     
    Last edited: May 21, 2004
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.