NeverSpoken

I just got home and noticed my thrash can was full. I thought that was odd considering I didn't leave anything in it when I left for work earlier. Then again, several people use this computer. So I decided to open it up and see what was inside. Nothing. Even after enabling "view hidden files" I didn't see anything. But when I right click and go to "empty thrash" it asks if I want to delete WINDOWS.

Can anyone tell me what's going on?

mimo2005

hi


Go here http://housecall.trendmicro.com/and do an online virus scan.

Be sure and put a check in the box by "Auto Clean" before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the exact file name and file location so you can delete it yourself.


Reboot.


download this program and install it in a permanent folder.
scan and save log and paste it here .
http://www.softpedia.com/public/cat/...10-17-69.shtml

NeverSpoken

Here are the viruses found (which are the same viruses I thought I had gotten rid of last time).

Trojan horse: PSW.Briss.C
Trojan horse: Downloader.Lookme.A
Trojan horse: Downloader.Delf.3.D
Trojan horse: Startpage.5.BD



I had help with my HJT log not too long ago, so that should still be clean. But here it is anyways.


Logfile of HijackThis v1.98.2
Scan saved at 7:44:33 PM, on 10/31/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\Program Files\Winamp\winamp.exe
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" //mailurl:mailto:IT-Help@indstate.edu
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Documents and Settings\Owner\Desktop\Apple\Website Copier\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Documents and Settings\Owner\Desktop\Apple\Website Copier\WinHTTrackIEBar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab

mimo2005

your log is clean.

make sure you have some of these free programs ,it seems that you get infected very easily .

bho demon 2.0
spybot search and destroy 1.3 (scan twice a week)
adware se 1.5 (scan twice a week)
A good antivirus (scan twice a week)
winpatrol
firewall zonealarm

good luck.

NeverSpoken

I have zonealarm, spyboy, and adaware. I use AVG as my antivirus program (it doesn't seem to do anything to the viruses listed).

What should I do about the viruses?

Thanks for the help.

BriEBaBy

Hey! Maybe you should try using a different type of virus scan like norton...it could be like spy ware where one scan picks up something that another scan doesn't. Have you up-dated the virus scan program you're using? Maybe it's just not recognizing the viruses. Good Luck!

BriEBaBy

http://www.faqs.org/qa/qa-11503.html check this site out, it's just another suggestion kind of thing where people answer other peoples questions, but they have a couple ways of how to get rid of the Trojan viruses. Pay special attention to E.Patterson's answer, a couple people said they took his advice and it worked! Also, you may have to pay for Norton, but it really works well for us and it should get rid of Trojan's.

MicroBell

Most antivirus programs will miss trojans. If you want a good trojan detector then try TDS-3. If you can find the listed trojan files then delete them. Also empty ALL your temp folders and the recycle bin as trojans love to hide in TEMP directorys.

__________________

NeverSpoken

Hot damn! I managed to find a boatload of trojans using TDS-3. Luckily it appears I was able to delete them with no problem. TDS-3 is a great program. Too bad it's not freeware.