Trojan help pls

Discussion in 'adware, spyware & hijack cleaning' started by Antreaper, May 3, 2004.

Thread Status:
Not open for further replies.
  1. Antreaper

    Antreaper Registered Member

    Joined:
    May 3, 2004
    Posts:
    1
    I used Ad-Aware to scan for spyware, then used the HijackThis. I am experiencing messages that say that i have a Trojan Horse Dropper.Small.4.AK in a Windows folder, the actual file is named A0009670.exe...It then says to run AVG 6.0 Anti Virus System to scan for it, which it fails to find.
    Here is a log of my Hijack This review
    -----------------------------------------------------
    Logfile of HijackThis v1.97.7
    Scan saved at 3:29:31 PM, on 5/3/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
    C:\Program Files\Warez P2P Client\warez.exe
    C:\Program Files\Creative\ShareDLL\MediaDet.Exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Winamp\winamp.exe
    C:\unzipped\hijackthis1977\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R3 - Default URLSearchHook is missing
    O1 - Hosts: 207.36.196.189 auto.search.msn.com
    O1 - Hosts: 207.36.196.189 search.netscape.com
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi Antreaper,

    You only posted the top bit of the log. We will need the whole thing.
    But looking at the filename the Trojan is found in the _Restore folder
    Is that correct? If so read here how disabling System Restore and rebooting will flush that empty:
    http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam

    I still would like to see your complete log though, because I already saw three entries that will need fixing.

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.