Trojan?

Discussion in 'adware, spyware & hijack cleaning' started by randels7, Jun 11, 2004.

Thread Status:
Not open for further replies.
  1. randels7

    randels7 Registered Member

    Joined:
    Jun 11, 2004
    Posts:
    2
    Was recently told that I had a trojan in system. Ran a serch and sure enough found the trojan Revop C on system. Came here and followed directions to a tee, Ran both the ad aware and sypbot, then downloaded and ran the hijackthis and saved the log file.

    I run a spy program everyday, keep the cache cleaned, history cleaned and cookies clean on a regular basis.(with spycop) Run anti-virus weekly. (f-prot)

    The only popups, popunders, ect. that I usually receive are on certain sites that I visit on a regular basis. Emails that I have tried to send, especially with attachments, which are few and strictly for business, I receive a reply that there is an worm, or virus in the mail I just sent. Have received about 4 of these in the past month. Below is hijackthis log file. Any help I can get would be much appreciated!!!
    Have a great day! or evening!
    Bridget :D

    Logfile of HijackThis v1.97.7
    Scan saved at 3:44:50 PM, on 6/11/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
    C:\Program Files\FSI\F-Prot\F-StopW.EXE
    C:\Program Files\FSI\F-Prot\F-Sched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\2Wire\Gateway\2PortalMon.exe
    C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe
    C:\Program Files\Desktop Alert\desktopalert_1377492.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Bridget Randels\My Documents\New Folder\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bellsouth.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/yessentials_cq/defaults/sp/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/s/s.dll?spage=ch/cc/cc_main.htm&only=y&ck=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/s/s.dll?spage=ch/cc/cc_main.htm&only=y&ck=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/yessentials_cq/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bellsouth.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/yessentials_cq/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BellSouth
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Clixies Bar - {E39FEDC3-8B80-428f-A2DE-6A09D67704EF} - C:\Program Files\Internet Explorer\PLUGINS\Clixies.dll
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
    O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\Gateway\2PortalMon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKLM\..\RunOnce: [Compaq_RBA] C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe -z
    O4 - Startup: Desktop Alert.lnk = C:\Program Files\Desktop Alert\desktopalert_1377492.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Clixies Bar (HKLM)
    O9 - Extra 'Tools' menuitem: Clixies Bar (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O14 - IERESET.INF: START_PAGE_URL=http://www.bellsouth.net
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/registration/3_0_0_785/sdcregie.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7b77298065d0b9/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38087.2082407407
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.com/games/popcaploader_v5.cab
     
  2. LoPhatPhuud

    LoPhatPhuud Spyware Fighter

    Joined:
    Jul 19, 2003
    Posts:
    45
    Location:
    Albuquerque, NM
    Your log is clean. The notices are probably false positives.

    t last, your system is clean and free of spyware! Want to keep it that way?

    Here are some simple steps you can take to reduce the chance of infection in the future.

    1. Visit Windows Update:
    Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS.
    a. Windows Update: http://v4.windowsupdate.microsoft.com/en/default.asp

    1. Adjust your security settings for ActiveX:
    Go to Internet Options/Security/Internet, press 'default level', then OK.
    Now press "Custom Level."
    In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'.

    2. Download and install the following free programs]
    a. SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html
    b. SpywareGuard: http://www.wilderssecurity.net/spywareguard.html
    c. IE/Spyad: http://www.staff.uiuc.edu/~ehowes/resource.htm

    1. Install Spyware Detection and Removal Programs:
    You may also want to consider installing either or both of AdAware (free version) and Spybot S&D (freeware). Use these programs to regularly scan your system for and remove many forms of spyware/malware.
    a. AdAware: http://www.lavasoft.de/
    b. Spybot S&D: http://security.kolla.de/index.php?lang=en&page=download


    For more information about Spyware, the tools available, and other informative material, including information on how you may have been infected in the first place, please check out this link: http://forum.gladiator-antivirus.com/index.php?showtopic=9857
     
  3. randels7

    randels7 Registered Member

    Joined:
    Jun 11, 2004
    Posts:
    2
    Thanks!!! Will do. :D
     
Thread Status:
Not open for further replies.