TROJAN IS TRYING TO KILL ME!!!! hELP!

hey. i'v got a trojan virus on my computer
"Trojan Horse Downloader.Swizzor.AH"
I'v scanned with my ad-aware and with AVG - and nothing finds it
I keep getting these alerts telling me Iv got the virus but i dont kno wat to do about it. I dont kno much bout handlin these things so i relaly need ur help!

heres my logs from hijackThis ->

Logfile of HijackThis v1.97.7
Scan saved at 5:48:31 PM, on 29/06/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\PROGRA~1\Drv grim logo\for mp3 mess.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.news.com.au/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {66FD496B-284C-071F-9411-5E9C24B3C0DF} - C:\PROGRA~1\32PROC~1\Close second.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [City Debug] C:\PROGRA~1\Drv grim logo\for mp3 mess.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

 

Hi,

Is that the complete log ? please make sure you are posting the full log. Close all browser windows and fix these items..

O2 - BHO: (no name) - {66FD496B-284C-071F-9411-5E9C24B3C0DF} - C:\PROGRA~1\32PROC~1\Close second.dll
O4 - HKLM\..\Run: [City Debug] C:\PROGRA~1\Drv grim logo\for mp3 mess.exe

Then reboot, hopefully that was the problem. Please submit those 2 files to me then delete them - submit@diamondcs.com.au this will help stop others getting infected

 

hm? wat do u mean submit them to u?
sorry...i dont understand

 

Hi,

Send an email to submit@diamondcs.com.au
Click "Attach" to attach those files listed, so we can examine them

As long as you have "fixed" those items and rebooted, your problem should be gone

 

gavin means that you should send those files to him.
to be examined closely; THEY ARE POSSIBLE NEW UNKNOWN TROJANS..
that's why it is important to get them so that a detection can be added.

create a new folder on your desktop( right click ans empty space there, select new> folder. copy those 2 files one at a time and paste them into that new folder. then right click that new folder and select send to> compressed folder, compress the folder, start your e-mail program and send that compressed folder to submit@diamondcs.com.au as an attachment

it could be possible that these 2 files have the system/hidden attribute: see here how to show them

 

oh righto..thanks heaps fellas
sending them files now

 

mmm...uh oh.
the alert has come back..
heres another log thing../ what do i do now??


Logfile of HijackThis v1.97.7
Scan saved at 8:14:07 PM, on 29/06/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\downloads\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

 

Swizzor is known in spyware-circles as lop.com aka C2Media

This comes bundled with MessengerPlus, but you can skip install when you choose not to accept the sponsor software when installing MessengerPlus.

Could it be that the (not activated) installer is being found?

By the way, you should update Windows and IE. Other then that your log looks good.

Regards,

Pieter

 

i deleted c2media..but alerts are still coming..

more logs......


Logfile of HijackThis v1.97.7
Scan saved at 8:58:09 PM, on 29/06/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\downloads\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

 

Sorry for the interuption: do you need MS Office at all time? If not, you might like to get it from the startup and just create shortcuts to the programs on your desktop to start them when you need them. It's no security issue, but it's a very resources consuming thing, you'll notice your computer running much faster if it's not active all time.