I'm currently running Win2K/SP4 on a PC that's about to be discarded - as it has no disk burning facility and it fails to see any installed USB stick, I intend using Laplink to transfer my data.
Meantime I've discovered that the W2K machine is infected with various Trojans (as outlined below) which were unearthed by SpyZooka. This seems to be the only security pkg that continues to support W2K and, while it obviously will be able to remove the Trojans, it first requires the pkg to be paid for but needless to say, I cannot engage in financial transcations on an infection-riddled PC and I don't have access to another.
Therefore any input you can offer as to how to get shot of the Trojans would be much appreciated - for that purpose you may wish to note: programs such as HJT or Combofix do not open on my PC; I cannot do a temporary data-backup prior to fix due to previously mentioned USB/CDRW issues; I do not have a Windows Install disc or a Boot CD. (I do however have a very big sledgehammer
------------------------------------------------
TROJANS FOUND BY SPYZOOKS:
Trojan. Totem [Malware]
C:\WINNT\sed.exe
Trojan. Agent/Gen-FakeAlert.Process [Malware]
C:\WINNT\$NtUpdateRollupPackUninstall$\crypt32.dll
C:\WINNT\ServicePackFiles\i386\crypt32.dll
C:\WINNT\system32\CRYPT32.DLL
Trojan. Agent/Gen-VB[Syn] [Malware]
C:\WINNT\Pixtran\scandrv\Avaspi32.dll
Trojan. FakeAlert-MinimoX.BHO [Malware]
C:\WINNT\system32\svchost.exe
------------------------------------------------
DDS 'file', Attach.zip and Ark.zip below...
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2800.1106
Run by BEA at 18:39:37 on 2012-02-12
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.158.58 [GMT 0:00]
.
.
============== Running Processes ===============
.
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
mURLSearchHooks: H - No File
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\system32\browseui.dll
mRun: [Synchronization Manager] mobsync.exe /logon
mRun: [IgfxTray] c:\winnt\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\winnt\system32\hkcmd.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Ulead AutoDetector] c:\program files\ulead systems\ulead photo explorer 8.0 se basic\Monitor.exe
dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop
StartupFolder: c:\docume~1\bea\startm~1\programs\startup\desktop.lnk - c:\documents and settings\bea\Desktop
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\epsons~1.lnk - c:\winnt\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
Trusted Zone: microsoft.com\*.update
Trusted Zone: windowsupdate.com\download
DPF: DirectAnimation Java Classes -
file://c:\winnt\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java -
file://c:\winnt\java\classes\xmldso.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/icaweb-20070115.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169091425756
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212423720635
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{65606C36-A64C-4043-96EC-7BA767F5F488} : DhcpNameServer = 192.168.1.254
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;pavboot;c:\winnt\system32\drivers\pavboot.sys [2009-6-29 28552]
R3 KeyScrambler;KeyScrambler;c:\winnt\system32\drivers\keyscrambler.sys [2012-2-10 173880]
RUnknown SASDIFSV;SASDIFSV; [x]
RUnknown SASKUTIL;SASKUTIL; [x]
.
=============== Created Last 30 ================
.
2012-02-10 02:12:48 -------- d-----w- c:\documents and settings\bea\application data\QFX Software
2012-02-10 02:12:48 -------- d-----w- c:\documents and settings\all users\application data\QFX Software
2012-02-10 02:05:28 173880 ----a-w- c:\winnt\system32\drivers\keyscrambler.sys
2012-02-10 02:05:28 -------- d-----w- c:\program files\KeyScrambler
2012-02-10 01:19:51 -------- d-----w- c:\program files\SpyZooka
.
==================== Find3M ====================
.
.
============= FINISH: 18:40:41.35 ===============
Chevy Camaro Forum
Ford Mustang Forum
Jeep Wrangler Forum
Volkswagen Touareg Forum
Land Rover Defender Forum
