|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| General Computer Security Get Help With System Security - This forum is not for malware removal assistance. For malware removal assistance, read the sticky topic at the top of the HijackThis Log Help forum, or the "First Steps" link at the top right of each page. |
 |
|
|
Thread Tools |
07-01-2008, 05:29 PM
|
#1 (permalink) |
|
Registered User
Join Date: Jul 2008
Posts: 1
OS: xp media centre version 2002 service pack 3
|
Trojan was detected and initial report
Username "Tim McNeice" - 02/07/2008 9:57:53 [Fixwareout edited 9/01/2007]
~~~~~ Prerun check HKLM\SOFTWARE\~\Winlogon\ "System"="kdehr.exe" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters "nameserver"="85.255.113.78 85.255.112.40" <Value cleared. Successfully flushed the DNS Resolver Cache. System was rebooted successfully. ~~~~~ Postrun check HKLM\SOFTWARE\~\Winlogon\ "system"="" .... .... ~~~~~ Misc files. .... ~~~~~ Checking for older varients. .... ~~~~~ Other C:\WINDOWS\Temp\kdehr.ren 52224 14/04/2008 ~~~~~ Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe" "igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe" "igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe" "igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe" "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32" "MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC" "PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC" "PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\jusched.exe\"" "SigmatelSysTrayApp"="stsystra.exe" "Dell QuickSet"="C:\\Program Files\\Dell\\QuickSet\\quickset.exe" "DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\"" "DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe" "dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe" "ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup" "ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start" "IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\"" "IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless" "Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\"" "NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe" "OneCareUI"="\"C:\\Program Files\\Microsoft Windows OneCare Live\\winssnotify.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="C:\\Program Files\\NetWaiting\\netWaiting.exe" "DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup" "OM2_Monitor"="\"C:\\Program Files\\OLYMPUS\\OLYMPUS Master 2\\MMonitor.exe\" -NoStart" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" .... Hosts file was reset, If you use a custom hosts file please replace it... ~~~~~ End report ~~~~~ |
|
     |
|
07-01-2008, 08:51 PM
|
#2 (permalink) | ||
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 25,526
OS: 2000 Pro; XP Pro; XP Home
|
Re: Trojan was detected and initial report
It looks like you've had a Wareout infection.
from the top of this forum: Quote:
We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a Quote:
--------------------------------------------------------------------------------------------- Please follow our 5 Step process outlined here: IMPORTANT - Read This Before Posting For Malware Removal Help After running through all the steps, you shall have a proper set of logs. After running through all the steps, please post the requested logs in the HijackThis Log Help forum, not here. If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply. Please note that the HijackThis Log Help forum is extremely busy, and it may take a while to receive a reply. This thread will be closed.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you.  Our help is voluntary, but this site needs donations to operate.
Please consider Donating to the Forum. Please do not ask for help via Private Message. Ask in the forums, so all may gain from the experience. |
||
|
|
|
|
| Thread Tools | |
|
|
