Tech Support Forum - View Single Post

sunsettseeker · 08-25-2005, 04:48 PM

Ok, I've completed all of the requested steps
The NAV warning appears to have stopped.
====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 6:26:40 PM, on 8/25/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\System32\Hummbird\inetd32.exe
C:\Program Files\Creative\SBLive2k\Creative Diagnostics 2.0\DIAGENT.EXE
C:\Program Files\Exceed.nt\exceed.exe
C:\Program Files\pgt\imix\daemons\pgtprintd.exe
C:\Program Files\pgt\imix\daemons\shutdown.exe
C:\Program Files\Python\command-center.exe
C:\Program Files\Python\file-chooser.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.psu.edu/
O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive2k\Creative Diagnostics 2.0\DIAGENT.EXE startup
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive2k\Program\AHQInit.exe
O4 - Global Startup: exceed.lnk = C:\Program Files\Exceed.nt\exceed.exe
O4 - Global Startup: pgtprintd.lnk = C:\Program Files\pgt\imix\daemons\pgtprintd.exe
O4 - Global Startup: shutdown.lnk = C:\Program Files\pgt\imix\daemons\shutdown.exe
O4 - Global Startup: command-center.lnk = C:\Program Files\Python\command-center.exe
O4 - Global Startup: file-chooser.lnk = C:\Program Files\Python\file-chooser.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1124743471203
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E81C1DC3-1708-4B63-8561-223A5D8EA32E}: Domain = bmb.psu.edu
O17 - HKLM\System\CCS\Services\Tcpip\..\{E81C1DC3-1708-4B63-8561-223A5D8EA32E}: NameServer = 130.204.1.4,128.118.25.3
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Hummingbird Inetd (HCLInetd) - Hummingbird Communications Ltd. - C:\WINNT\System32\Hummbird\inetd32.exe

End of KRC HijackThis Analyzer Log.
====================================================================

I had trouble scanning My Computer so I just did the C drive. The computer is part of an Electron Microscope and the other drives are on a SUN system. The scanner kept crashing when it got to those drives.

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, August 25, 2005 18:24:31
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 26/08/2005
Kaspersky Anti-Virus database records: 137025
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - Folders:
C:\

Scan Statistics:
Total number of scanned objects: 34745
Number of viruses found: 2
Number of infected objects: 5939
Number of suspicious objects: 0
Duration of the scan process: 1414 sec

Infected Object Name - Virus Name
C:\WINNT\win32dev.exe Infected: Backdoor.Win32.Aimbot.ae
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05F80097.VBN Infected: Rootkit.Win32.Agent.p
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05F80098.VBN Infected: Rootkit.Win32.Agent.p
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05F80099.VBN Infected: Rootkit.Win32.Agent.p
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05F8009A.VBN Infected: Rootkit.Win32.Agent.p
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05F8009B.VBN Infected: Rootkit.Win32.Agent.p
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05F8009C.VBN

Alot more of the same files as above....had to delete from text due to posting limits

Scan process completed.

08-25-2005, 04:48 PM	#3 (permalink)
sunsettseeker Registered User Join Date: Aug 2005 Posts: 4 OS: 2000	Ok, I've completed all of the requested steps The NAV warning appears to have stopped. ==================================================================== Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05 Get updates at http://www.greyknight17.com/download.htm#programs *Security Programs Detected* C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 6:26:40 PM, on 8/25/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\Program Files\ewido\security suite\ewidoctrl.exe C:\WINNT\System32\Hummbird\inetd32.exe C:\Program Files\Creative\SBLive2k\Creative Diagnostics 2.0\DIAGENT.EXE C:\Program Files\Exceed.nt\exceed.exe C:\Program Files\pgt\imix\daemons\pgtprintd.exe C:\Program Files\pgt\imix\daemons\shutdown.exe C:\Program Files\Python\command-center.exe C:\Program Files\Python\file-chooser.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.psu.edu/ O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive2k\Creative Diagnostics 2.0\DIAGENT.EXE startup O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive2k\Program\AHQInit.exe O4 - Global Startup: exceed.lnk = C:\Program Files\Exceed.nt\exceed.exe O4 - Global Startup: pgtprintd.lnk = C:\Program Files\pgt\imix\daemons\pgtprintd.exe O4 - Global Startup: shutdown.lnk = C:\Program Files\pgt\imix\daemons\shutdown.exe O4 - Global Startup: command-center.lnk = C:\Program Files\Python\command-center.exe O4 - Global Startup: file-chooser.lnk = C:\Program Files\Python\file-chooser.exe O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1124743471203 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E81C1DC3-1708-4B63-8561-223A5D8EA32E}: Domain = bmb.psu.edu O17 - HKLM\System\CCS\Services\Tcpip\..\{E81C1DC3-1708-4B63-8561-223A5D8EA32E}: NameServer = 130.204.1.4,128.118.25.3 O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: Hummingbird Inetd (HCLInetd) - Hummingbird Communications Ltd. - C:\WINNT\System32\Hummbird\inetd32.exe End of KRC HijackThis Analyzer Log. ==================================================================== I had trouble scanning My Computer so I just did the C drive. The computer is part of an Electron Microscope and the other drives are on a SUN system. The scanner kept crashing when it got to those drives. ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Thursday, August 25, 2005 18:24:31 Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195) Kaspersky On-line Scanner version: 5.0.67.0 Kaspersky Anti-Virus database last update: 26/08/2005 Kaspersky Anti-Virus database records: 137025 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - Folders: C:\ Scan Statistics: Total number of scanned objects: 34745 Number of viruses found: 2 Number of infected objects: 5939 Number of suspicious objects: 0 Duration of the scan process: 1414 sec Infected Object Name - Virus Name C:\WINNT\win32dev.exe Infected: Backdoor.Win32.Aimbot.ae C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05F80097.VBN Infected: Rootkit.Win32.Agent.p C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05F80098.VBN Infected: Rootkit.Win32.Agent.p C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05F80099.VBN Infected: Rootkit.Win32.Agent.p C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05F8009A.VBN Infected: Rootkit.Win32.Agent.p C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05F8009B.VBN Infected: Rootkit.Win32.Agent.p C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05F8009C.VBN Alot more of the same files as above....had to delete from text due to posting limits Scan process completed.