Go Back  DVD Talk Forum > General Discussions > Tech Talk
Reload this Page >

Trojan...please help!

Tech Talk Discuss PC Hardware, Software, Internet and Other Technology

Trojan...please help!

Old 04-23-06, 02:29 PM
  #1  
DVD Talk Reviewer
Thread Starter
 
pro-bassoonist's Avatar
 
Join Date: May 2000
Location: Blu-ray.com
Posts: 10,380
Likes: 0
Received 0 Likes on 0 Posts
Trojan...please help!

I would like to ask for your assistance:

Since this morning my PC has been slow, very very slow! I found only one Trojan while running AdAware-SE and Norton. But even when the system indicates that the film has been deleted it still comes back. My quesion is is there a way where I could manually remove it (and even check for other harmful "visitors"). Here's teh message i get:

Scan type: Auto-Protect Scan
Event: Threat Found!
Threat: Trojan.ByteVerify
File: C:\DOCUME~1\SVETAT~1\LOCALS~1\Temp\AAWTMP\C3603890\38D5B9\Installer.class
Location: C:\DOCUME~1\SVETAT~1\LOCALS~1\Temp\AAWTMP\C3603890\38D5B9
Computer:
User:
Action taken: Clean failed : Quarantine failed : Delete succeeded : Access denied
Date found: Sunday, April 23, 2006 1:21:03 PM


Thank you in advance for all your help.

Ciao,
Pro-B
Old 04-23-06, 05:02 PM
  #2  
DVD Talk Platinum Edition
 
Join Date: Jan 2000
Location: Florida
Posts: 3,533
Likes: 0
Received 0 Likes on 0 Posts
If you want to see how infected your system is download HijackThis, scan, and copy the log to this thread.

HijackThis - http://majorgeeks.com/HijackThis_d3155.html
Old 04-23-06, 05:30 PM
  #3  
Member
 
Join Date: Jan 2005
Location: Bay Area
Posts: 189
Likes: 0
Received 0 Likes on 0 Posts
Use a trojan scanner like ewido
http://www.ewido.net/en/

Most spyware and anti-virus scanners do almost nothing to get rid of trojans.
Old 04-23-06, 09:02 PM
  #4  
DVD Talk Reviewer
Thread Starter
 
pro-bassoonist's Avatar
 
Join Date: May 2000
Location: Blu-ray.com
Posts: 10,380
Likes: 0
Received 0 Likes on 0 Posts
DVD-HO78 and BenboC:

Thank you for the suggestions....I am going to download both and post the results.

Thank you again

Pro-B
Old 04-23-06, 09:16 PM
  #5  
DVD Talk Reviewer
Thread Starter
 
pro-bassoonist's Avatar
 
Join Date: May 2000
Location: Blu-ray.com
Posts: 10,380
Likes: 0
Received 0 Likes on 0 Posts
Here's what I got: (now what to do next)

Logfile of HijackThis v1.99.1
Scan saved at 8:17:03 PM, on 4/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Plaxo\2.6.2.7\PlaxoHelper.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\SVETAT~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis-1.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.6.2.7\PlaxoHelper.exe -a
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1109104228686
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe



Ciao,
Pro-B
Old 04-23-06, 11:17 PM
  #6  
Senior Member
 
Join Date: Nov 2000
Posts: 415
Received 0 Likes on 0 Posts
Easiest thing to do next is paste your log file here http://www.hijackthis.de/index.php?langselect=english to analyze your logfile.
Old 04-23-06, 11:31 PM
  #7  
DVD Talk Reviewer
Thread Starter
 
pro-bassoonist's Avatar
 
Join Date: May 2000
Location: Blu-ray.com
Posts: 10,380
Likes: 0
Received 0 Likes on 0 Posts
Thank you!! The report did not show a single harmful file!

Pro-B

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Thread Tools
Search this Thread

Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service - Do Not Sell My Personal Information

Copyright 2018 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.