Talkstocks.A + Downloader.small.7.AF

Discussion in 'malware problems & news' started by Ianua, Oct 2, 2004.

Thread Status:
Not open for further replies.
  1. Ianua

    Ianua Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    22
    Location:
    Wales, UK
    My AVG anti virus is picking up Downloader.small.7.AF and also Talkstocks.A. I've also run Hicjack This which has the following in it's log:

    Logfile of HijackThis v1.98.2
    Scan saved at 11:59:08, on 02/10/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\SISTRAY.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\KHOOKER.EXE
    C:\WINDOWS\ptsnoop.exe
    C:\PROGRAM FILES\PCI AUDIO APPLICATIONS\MIXER.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLDIAL.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\PROGRAM FILES\COMMON FILES\AOL\AOL SPYWARE PROTECTION\AOLSP SCHEDULER.EXE
    C:\WINDOWS\SYSTEM\GSICON.EXE
    C:\WINDOWS\SYSTEM\DSLAGENT.EXE
    C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
    C:\PROGRAM FILES\PACKARD BELL DIAMOND 1200PLUS\DRIVER\WATCH.EXE
    C:\PROGRAM FILES\HP DESKJET 710C SERIES\EREG\REMIND32.EXE
    C:\PROGRAM FILES\AOL 9.0\AOLTRAY.EXE
    C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 3.0 SE\CALCHECK.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\AOL 9.0\WAOL.EXE
    C:\PROGRAM FILES\AOL 9.0\SHELLMON.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\COMMON FILES\AOL\AOLTPSPD.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\REAL\TOOLBAR\REALBAR.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\REAL\TOOLBAR\REALBAR.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\SYSTEM\SISTRAY.EXE
    O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
    O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
    O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
    O4 - HKLM\..\Run: [C-Media Mixer] C:\Program Files\PCI Audio Applications\Mixer.exe /startup
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [Overnet] C:\PROGRAM FILES\OVERNET\Overnet.exe -t
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
    O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Watch.lnk = C:\Program Files\Packard Bell Diamond 1200Plus\Driver\WATCH.exe
    O4 - Startup: Reminder-hpc41001.lnk = C:\Program Files\HP DeskJet 710C Series\ereg\Remind32.exe
    O4 - Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
    O4 - Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
    O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O14 - IERESET.INF: START_PAGE_URL=http://www.aol.co.uk
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
    O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn283.exe
    O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CD} - http://direct.data-line.us/gbn283.exe
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
    O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net

    RAV anti viris PC scan has also picked up the following:

    Scan started at 02/10/04 11:27:11

    Scanning memory...
    c:\WINDOWS\SYSTEM\Mx0n11n3.dll - TrojanDownloader:Win32/Rameh.A -> Infected
    c:\Program Files\Overnet\overnet.exe - Backdoor:Win32/Blarul -> Infected

    Scanned
    ============================
    Objects: 21657
    Directories: 1305
    Archives: 726
    Size(Kb): -503024
    Infected files: 2

    Found
    ============================
    Viruses found: 2
    Suspicious files: 0
    Disinfected files: 0
    Mail files: 76


    How do I get rid of the lot manually.
     
  2. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.