|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
Thread Tools |
01-07-2005, 08:48 PM
|
#22 (permalink) |
|
Analyst, Security Team
|
Sure, if they still exists. Run another virus scan also to see if it's clean now.
__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. |
|
     
|
|
01-07-2005, 10:01 PM
|
#23 (permalink) |
|
Member
Join Date: Jan 2005
Posts: 21
OS: WinXP
|
I've run my virus and spyware scans and as far as I can tell, my computer is completely clean. I've rebooted and everything. However, Explorer still crashes every single time I try to open any folder anywhere on my computer (including control panel). Any ideas as to what I should do?
|
|
|
|
|
01-07-2005, 10:08 PM
|
#25 (permalink) |
|
Member
Join Date: Jan 2005
Posts: 21
OS: WinXP
|
Here's a recent log file:
Log was analyzed using HijackThis Analyzer - Updated on 1/7/05 Get updates at http://www.greyknight17.com/download.htm#programs ***Security Programs Detected*** C:\PROGRA~1\Symantec\SAV8\DefWatch.exe C:\PROGRA~1\Symantec\SAV8\Rtvscan.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe" O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O23 - Service: Trend Micro Central Control Component - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Trend Micro Real-time Service - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.0 Scan saved at 1  03 AM, on 1/8/2005Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\PROGRA~1\Symantec\SAV8\vptray.exe C:\Program Files\ATI Multimedia\main\launchpd.exe C:\Program Files\Opera7\opera.exe C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe C:\Documents and Settings\Owner\Desktop\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.premierpc.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.premierpc.com/ O2 - BHO: Popup Killer - {4A3A071E-F913-4eee-AE15-AEFFA16FB6BC} - C:\WINDOWS\PopUpWasher21.dll O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\Symantec\SAV8\vptray.exe O4 - HKLM\..\Run: [CM-SmWizard] C:\WINDOWS\System\SmWizard.exe O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM95\\DeadAIM.ocm",ExportedCheckODLs O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O8 - Extra context menu item: Open Client to Monitor &1 - C:\WINDOWS\web\AOpenClient.htm O8 - Extra context menu item: Open Client to Monitor &2 - C:\WINDOWS\web\AOpenClient.htm O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\ua_lsp.dll O14 - IERESET.INF: START_PAGE_URL=http://www.premierpc.com O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\Symantec\SAV8\DefWatch.exe O23 - Service: Symantec AntiVirus Client - Symantec Corporation - C:\PROGRA~1\Symantec\SAV8\Rtvscan.exe O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing) End of HijackThis Analyzer Log. |
|
|
|
|
01-07-2005, 10:09 PM
|
#26 (permalink) |
|
Knower of all that is MS
Join Date: Aug 2004
Posts: 10,755
OS: (multiple machines) 95, 98, 2K & XP Home & Pro
|
Your log is clean. If you disabled System Restore, make sure to enable it now.
To help prevent future spyware installations/infections, please read the Anti-Spyware Section (http://www.greyknight17.com/spyware.htm#prevent) and use the tools provided. Are there any problems now? If not, you should be set to go.
__________________
 GO BIG BLUE!! |
|
|
|
|
01-08-2005, 05:45 AM
|
#28 (permalink) |
|
Analyst, Security Team
|
I posted this earlier, but you didn't say whether you tried running it or not:
Go to Start->Run and type in sfc /scannow and hit OK. Run that program to replace any missing or corrupted system files. You still didn't disable system restore? If you didn't and restore it back to where you were in the beginning, you probably have to, at least, delete the registry entries again (if not including the files themselves). But if you disabled system restore, you can't restore back because you disabled it, thus clearing all the restore points.
__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. |
|
|
|
|
01-08-2005, 11:12 AM
|
#30 (permalink) |
|
Analyst, Security Team
|
Are there any other signs of a virus or spyware? If not, this question should go to the Windows section.
Before you go there, is there any filename that is shown in the error (if any) when explorer crashed? If so, what are they?
__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. |
|
|
|
|
01-08-2005, 11:29 AM
|
#31 (permalink) |
|
Member
Join Date: Jan 2005
Posts: 21
OS: WinXP
|
Adaware, Hijackthis, Spybot, PC-Cillin, Symantec all come up clean. There arent any error messages or anything, just as soon as i click a folder, the desktop goes blank, the taskbars disappear, and then a second later it refreshes. Are there any trojan fixes/repair programs I can use that might help?
|
|
|
|
|
01-08-2005, 11:53 AM
|
#32 (permalink) |
|
Analyst, Security Team
|
OK, here's another program that should do a better job on trojans:
Let's use a program to scan for any trojans that may exist. Download TDS-3. Learn how to use it here. Make sure to update it after you installed it. You can get the manual updates here. When you launch the program, it will scan your memory for running processes. This will take less than 30 seconds. Next go to System Testing on the menu and choose Full System Scan. After that's finished, post the log file by selecting everything on the top pane (select from bottom to top).
__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. |
|
|
|
|
01-08-2005, 04:40 PM
|
#33 (permalink) |
|
Member
Join Date: Jan 2005
Posts: 21
OS: WinXP
|
My realtime virus scan picked up yet another virus, SPYW_BISPY.A in remtm3.exe It says access to the file was denied. TDS-3 scanned over the same file and said it was locked. Any ideas how to clean this one?
TDS-3 also found riskware.tool.destart in restart.exe and two trojan droppers in install.exe files on my secondary harddrive Last edited by Laytox : 01-08-2005 at 04:43 PM. |
|
|
|
|
01-08-2005, 07:55 PM
|
#38 (permalink) |
|
Analyst, Security Team
|
That's a tricky one (restart.exe). Looks bad. I don't have a tools folder here, but it doesn't mean that it's not a valid folder.
Delete the remtm3.exe file. For the two install.exe files, see if they belong to valid programs. If they do, delete them and reinstall the program. If they don't belong to any programs, just delete them. Try using sfc /scannow and see if it will replace the restart.exe file (if there is such a file). If not, just delete it. What else is in the system32\tools folder?
__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. |
|
|
