Thread: possible Backdoor.PcClient.jhu infection
View Single Post
Old 12-04-2008, 11:07 AM   #1 (permalink)
#coin-op#
Registered User
 
Join Date: Apr 2006
Posts: 16
OS: xp


Evil possible Backdoor.PcClient.jhu infection
Hello,

I'm using a combination of Avast/Spybot/AVG/Spyware Blaster/Peerguardian and Sygate Personal Firewall, on a Windows Xp SP3 pc.


Everything has been fine until earlier today, when AVG found an infection (Backdoor.PcClient.jhu) in a file. the file in question has been on the PC for about 6 months (in which time i must've scanned it with AVG at least 30 times without it ever reporting the infection) I deleted the file as advised by AVG.

After finding this, I decided to run an online Panda Active scan, and it found traces of a Generic Trojan (ID:03862754) in another file. Again I deleted the offending file but am a little bit worried in case either of these trojans have done anything nasty to my setup.

Since this, I've been getting a dreaded blue screen of death when shutting the PC down.

Any help from someone more experienced than myself would be greatly appreciated.

Many thanks



DDS (Version 1.0) - NTFSx86
Run by ANT at 17:54:42.68 on 04/12/2008

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.myspace.com/
uSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
mSearch Page =
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [NvMixerTray] c:\program files\nvidia corporation\nvmixer\NvMixerTray.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [SmcService] c:\progra~1\sygate\spf\smc.exe -startgui
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [basicsmssmenu] "c:\program files\seagate\basics\basics status\MaxMenuMgrBasics.exe"
mRun: [Name of App] c:\program files\samsung\fw liveupdate\FWManager.exe r
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
IE: Convert To Image
IE: Download all with iGetter
IE: Download with iGetter
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: {3F5168E6-379A-4F8A-8A1F-C5493F27BE69} = 192.168.1.1
Notify: WBSrv - c:\program files\stardock\object desktop\windowblinds\wbsrv.dll
AppInit_DLLs: wbsys.dll
SEH: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2008-12-04 17:32 250 a------- c:\windows\gmer.ini
2008-11-30 09:34 <DIR> --d----- c:\program files\Panda Security
2008-11-26 20:22 <DIR> --d----- c:\docume~1\ant\applic~1\REAPER
2008-11-26 20:22 <DIR> --d----- c:\program files\REAPER
2008-11-23 19:59 410,976 a------- c:\windows\system32\deploytk.dll
2008-11-22 15:26 81 a------- c:\windows\WB.ini
2008-11-22 15:13 42,672 a------- c:\windows\system32\wbsys.dll
2008-11-22 15:13 <DIR> --d----- c:\program files\Stardock
2008-11-12 17:42 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2008-11-12 17:37 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys

==================== Find3M ====================

2008-12-04 17:29 <DIR> --d----- c:\program files\PeerGuardian2
2008-12-04 17:29 <DIR> --d----- c:\docume~1\ant\applic~1\uTorrent
2008-12-03 18:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-12-03 18:51 <DIR> --d----- c:\docume~1\ant\applic~1\foobar2000
2008-12-03 17:22 <DIR> --d----- c:\program files\Mozilla Sunbird
2008-11-29 17:54 <DIR> --d----- c:\program files\SpywareBlaster
2008-11-18 16:56 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-11-01 15:43 <DIR> --d----- c:\program files\AlbumArtDownloader
2008-10-29 21:03 <DIR> --d----- c:\docume~1\ant\applic~1\Mp3tag
2008-10-29 19:02 <DIR> --d----- c:\program files\Mp3tag
2008-10-25 19:17 <DIR> --d----- c:\docume~1\ant\applic~1\SharePod
2008-10-25 18:21 <DIR> --d----- c:\program files\iPod
2008-10-20 16:13 <DIR> --d----- c:\program files\Messenger
2008-10-19 15:38 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-10-19 15:32 <DIR> --d----- c:\program files\Windows NT
2008-09-15 12:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 a------- c:\windows\system32\msxml6.dll
2008-08-21 10:18 <DIR> --d----- c:\docume~1\ant\applic~1\Songbird2
2008-05-24 14:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Seagate
2008-04-17 14:21 <DIR> --d----- c:\docume~1\ant\applic~1\Propellerhead Software
2008-04-17 14:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Propellerhead Software
2008-04-15 09:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SongbirdVLC
2008-04-15 09:37 <DIR> --d----- c:\docume~1\ant\applic~1\Songbird1
2007-10-31 20:08 <DIR> --d----- c:\docume~1\ant\applic~1\Microsoft Games
2007-10-31 20:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Microsoft Games
2007-09-21 12:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Last.fm
2007-06-29 10:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Grisoft
2007-04-15 12:25 <DIR> --d----- c:\docume~1\ant\applic~1\Ableton
2006-05-10 19:48 <DIR> --d----- c:\docume~1\ant\applic~1\Elaborate Bytes
2006-04-08 08:52 <DIR> --d----- c:\docume~1\ant\applic~1\Symantec

============= FINISH: 17:55:11.70 ===============

P.S. neither dds or gmer has allowed me to create an 'attach' file as mentioned when following the 'First Steps' section. Hence it is not included.
Attached Files
File Type: txt gmer.txt (201.8 KB, 2 views)
#coin-op# is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here