Tech Support banner

Status
Not open for further replies.
1 - 8 of 8 Posts

·
Registered
Joined
·
4 Posts
Discussion Starter #1
i have pasted the result generated by hijackthis below...please help me on this..

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 3:29:34 PM, on 9/20/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
d:\antispyware\ewido\security suite\ewidoctrl.exe
d:\antispyware\ewido\security suite\ewidoguard.exe
C:\Program Files\Ulead Systems\Ulead PhotoImpact 5\ABMTSR.EXE
D:\antispyware\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.182.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.182.*
O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - D:\PROGRAM FILES\DAP\DAPIEBAR.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D28-C3F9-4efb-9B51-7695ECA05670} - D:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_0_2_6.DLL
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\PROGRAM FILES\DAP\DAPIEBAR.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_0_2_6.DLL
O4 - HKLM\..\Run: [SCAN_U~1.EXE] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\EACDownload\SCAN_U~1.EXE -k
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.hwd /autorun
O4 - Global Startup: Album Fast Start.lnk = C:\Program Files\Ulead Systems\Ulead PhotoImpact 5\ABMTSR.EXE
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\Program Files\ICQLite\ICQLite.exe (file missing)
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.maalaimalar.com/wfplayer/tdserver.cab
O16 - DPF: {528E3D73-D4B9-11D4-8D3B-0050BA8987F1} (WdTamIocCtrl Class) - http://www.epatra.com/components/activex/wdtamioc.cab
O16 - DPF: {A03FD91B-2861-49B5-9D54-8EC46129059C} (MciApiActXP.RecordVoiceUsrCntrl) - file://D:\Scribetrak\Activex\MciApiActXP.ocx
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0727.dll
O16 - DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} (kasRmtHlp Class) - https://ksa.accessredbox.net/inc/kaxRemote.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{A16605F5-BE5D-416E-9197-658C91CEDC82}: NameServer = 192.168.182.1
O20 - Winlogon Notify: nwprovau - C:\WINDOWS\SYSTEM32\nwprovau.dll
O23 - Service: ANTS Load distributed test service (ANTSLoad) - Unknown owner - C:\Program Files\ANTS Load\RedGate.Ants.AntsService.exe
O23 - Service: Crystal Query Server - Unknown owner - C:\Program Files\Seagate Software\Query Server\querysrv.exe" -service (file missing)
O23 - Service: DB2 - DB2-0 (DB2-0) - International Business Machines Corporation - D:\PROGRA~1\IBM\SQLLIB\bin\db2syscs.exe
O23 - Service: DB2 - DB2CTLSV-0 (DB2CTLSV-0) - International Business Machines Corporation - D:\PROGRA~1\IBM\SQLLIB\bin\db2syscs.exe
O23 - Service: DB2DAS - DB2DAS00 (DB2DAS00) - International Business Machines Corporation - D:\Program Files\IBM\SQLLIB\\bin\db2dasrrm.exe
O23 - Service: DB2 Warehouse Logger (DB2DWLogger) - International Business Machines Corporation - D:\Program Files\IBM\SQLLIB\BIN\iwh2log.exe
O23 - Service: DB2 Warehouse Server (DB2DWServer) - International Business Machines Corporation - D:\Program Files\IBM\SQLLIB\BIN\iwh2serv.exe
O23 - Service: DB2 Governor (DB2GOVERNOR) - International Business Machines Corporation - D:\Program Files\IBM\SQLLIB\BIN\db2govds.exe
O23 - Service: DB2 JDBC Applet Server (DB2JDS) - International Business Machines Corporation - D:\Program Files\IBM\SQLLIB\BIN\db2jds.exe
O23 - Service: DB2 License Server (DB2LICD) - International Business Machines Corporation - D:\Program Files\IBM\SQLLIB\BIN\db2licd.exe
O23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business Machines Corporation - D:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
O23 - Service: DB2 Remote Command Server (DB2REMOTECMD) - International Business Machines Corporation - D:\Program Files\IBM\SQLLIB\BIN\db2rcmd.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - d:\antispyware\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - d:\antispyware\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)


End of KRC HijackThis Analyzer Log.
====================================================================
 

·
Manager, The Conversation Pit/Analyst, Security Te
Joined
·
14,513 Posts
Hello and Welcome to TSF!!

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm and then click OK.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Make sure to update Windows and Internet Explorer at http://v5.windowsupdate.microsoft.com/v5consumer/default.aspx?ln=en-us.

Make sure you downloaded, installed, updated and ran these programs (run in Safe Mode) already - Ad-aware, Spybot and Ewido. If you didn't, do them now. For more information, go to http://www.greyknight17.com/spyware.htm

Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!.

Download LSPFix http://www.greyknight17.com/spy/LSPFix.exe and run it. Click on newdotnet6_38.dll on the left window and click on the arrow pointing to the right. Click Finish and follow the prompts.

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers.

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

NewDotNet

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

O4 - HKLM\..\Run: [SCAN_U~1.EXE] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\EACDownload\SCA N_U~1.EXE -k
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.maalaimalar.com/wfplayer/tdserver.cab
O16 - DPF: {528E3D73-D4B9-11D4-8D3B-0050BA8987F1} (WdTamIocCtrl Class) - http://www.epatra.com/components/activex/wdtamioc.cab
O16 - DPF: {A03FD91B-2861-49B5-9D54-8EC46129059C} (MciApiActXP.RecordVoiceUsrCntrl) - file://D:\Scribetrak\Activex\MciApiActXP.ocx
O16 - DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} (kasRmtHlp Class) - https://ksa.accessredbox.net/inc/kaxRemote.dll



Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

c:\program files\newdotnet

Run CleanUp! and click on the Options button. Uncheck 'Scan local drives for temporary files'. Also uncheck those two Newsgroup entries if you don't want to delete them. Click OK and then click on the CleanUp! button. Let it run. After it's done, choose Yes to logoff.


Restart and run a new HijackThis scan. Save the log file and post it here.
 

·
Registered
Joined
·
4 Posts
Discussion Starter #3
spyware/adware/virus/---axx160

i have pated the result genrated by hijackthis analyzer.. so plz can aby one help me on this....


====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 4:18:46 PM, on 9/20/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

Running processes:
F:\security suite\ewidoctrl.exe
F:\security suite\ewidoguard.exe
C:\WINNT\system32\userdump.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
F:\antispyware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.182.1:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~2\SPYBOT~1\SDHelper.dll
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.anandabazar.com/wfplayer/tdserver.cab
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite.net/dlmanager/dev/code/IE_1081/DownloadManager_release_1.081.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B8F2EC4-7D75-4991-9AAB-A7D6587A76B1}: NameServer = 192.168.182.141
O23 - Service: ewido security suite control - ewido networks - F:\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - F:\security suite\ewidoguard.exe
O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\Tomcat5.0\bin\tomcat5.exe


End of KRC HijackThis Analyzer Log.
====================================================================
 

·
Registered
Joined
·
4 Posts
Discussion Starter #5
Hijackthis 2003ServerAdavanced--axxon

hi , i have some serious problems with my win2003 advanced server.. the sytem is become very very slow and does'nt boot properly at times .. i carried a series of scans : 1-Panda Active scan, 2-ewido, 3-spybot, cwshredder, and finally hijackthis.
When i run the ad-adware it gives a memory error--saying could not reference the memory.. and then adware terminates.

below i have pasted the result generated by hijackthis and the ActiveScan result....please help me on this ... awaiting reply...


hijackthis result:-
====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 6:08:27 PM, on 9/23/2005
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
E:\antispyware\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://google.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.182.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.182.*;<local>
O1 - Hosts: 202.159.228.4 mumbaiftp.mtnl.net.in
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - e:\antispyware\Spybot-Search&Destroy\SDHelper.dll
O4 - HKCU\..\Run: [SpybotSD TeaTimer] e:\antispyware\Spybot-Search&Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = D:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.maalaimalar.com/wfplayer/tdserver.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} (kasRmtHlp Class) - https://ksa.accessredbox.net/inc/kaxRemote.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{04DCD920-D50C-4FBA-8991-7E80FA800480}: NameServer = 192.168.182.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{9940E8E9-3D1E-462D-8C86-60ED10E4ED55}: NameServer = 61.1.96.69,61.1.96.71
O17 - HKLM\System\CS1\Services\Tcpip\..\{04DCD920-D50C-4FBA-8991-7E80FA800480}: NameServer = 192.168.182.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{04DCD920-D50C-4FBA-8991-7E80FA800480}: NameServer = 192.168.182.1
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: dimsntfy - D:\WINDOWS\SYSTEM32\dimsntfy.dll
O23 - Service: ANTS Load distributed test service (ANTSLoad) - Unknown owner - D:\Program Files\ANTS Load\RedGate.Ants.AntsService.exe
O23 - Service: ewido security suite control - ewido networks - e:\antispyware\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - e:\antispyware\ewido\security suite\ewidoguard.exe
O23 - Service: ntop for Win32 (ntop) - Unknown owner - D:\Program Files\OPENXTRA\NTopWin32\ntop.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92Agent - Oracle Corporation - C:\oracle\ora92\bin\agntsrvc.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: OracleOraHome92HTTPServer - Unknown owner - C:\oracle\ora92\Apache\Apache\apache.exe" --ntservice (file missing)
O23 - Service: OracleOraHome92PagingServer - Unknown owner - C:\oracle\ora92/bin/pagntsrv.exe
O23 - Service: OracleOraHome92SNMPPeerEncapsulator - Unknown owner - C:\oracle\ora92\BIN\ENCSVC.EXE
O23 - Service: OracleOraHome92SNMPPeerMasterAgent - Unknown owner - C:\oracle\ora92\BIN\AGNTSVC.EXE
O23 - Service: OracleOraHome92TNSListener - Unknown owner - C:\oracle\ora92\BIN\TNSLSNR.exe
O23 - Service: OracleServiceORCL9 - Oracle Corporation - c:\oracle\ora92\bin\ORACLE.EXE
O23 - Service: VNC Server (winvnc) - Unknown owner - D:\Program Files\UltraVNC\winvnc.exe" -service (file missing)


End of KRC HijackThis Analyzer Log.
====================================================================


ActiveScan Result:-


Incident Status Location

Virus:W32/Parite.B Disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\waunst_.exe
Virus:W32/Parite.B Disinfected C:\j2re1.4.0\bin\java.exe
Virus:W32/Parite.B Disinfected C:\j2re1.4.0\bin\javaw.exe
Virus:W32/Parite.B Disinfected C:\j2re1.4.0\bin\keytool.exe
Virus:W32/Parite.B Disinfected C:\j2re1.4.0\bin\orbd.exe \bin\servertool.exe
Virus:W32/Parite.B Disinfected C:\jsdk1.4.2\jre\bin\rmid.exe
Virus:W32/Parite.B Disinfected C:\jsdk1.4.2\jre\bin\rmiregistry.exe
Virus:W32/Parite.B Disinfected C:\jsdk1.4.2\jre\bin\servertool.exe
Virus:W32/Parite.B Disinfected C:\jsdk1.4.2\jre\javaws\javaws.exe
Virus:W32/Parite.B Disinfected C:\oracle\ora92\Apache\Apache\bin\startapache.exe
Virus:W32/Parite.B Disinfected C:\oracle\ora92\Apache\Jsdk\bin\servletrunner.exe
Virus:W32/Parite.B Disinfected C:\oracle\ora92\Apache\open_ssl\bin\openssl.exe
Virus:W32/Parite.B Disinfected C:\oracle\ora92\Apache\perl\5.00503\bin\MSWin32-x86\perl95.exe
Virus:W32/Parite.B Disinfected C:\oracle\ora92\Apache\perl\5.00503\bin\MSWin32-x86\perlglob.exe Virus:W32/Parite.B Disinfected C:\oracle\ora92\network\chsttype.exe
Virus:W32/Parite.B Disinfected C:\oracle\ora92\ODBC\dsnconvert.exe
Virus:W32/Parite.B Disinfected C:\oracle\ora92\oem_webstage\cgi-bin\oemapp_cgi.exe
Virus:W32/Parite.B Disinfected C:\Program Files\ANTS Load\RedGate.Ants.AntsService.exe
Virus:W32/Parite.B Disinfected C:\Program Files\ComPlus Applications\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
Virus:W32/Parite.B Disinfected C:\Program Files\ComPlus Applications\Common Files\Microsoft Shared\MSInfo\OFFPROV.EXE
Virus:W32/Parite.B Disinfected C:\Program Files\ComPlus Applications\Common Files\Microsoft Shared\VS7Debug\mdm.exe
Virus:W32/Parite.B Disinfected C:\Program Files\ComPlus Applications\Common Files\Microsoft Shared\web server extensions\40\admcgi\scripts\fpadmcgi.exe
Virus:W32/Parite.B Disinfected C:\Program Files\ComPlus Applications\Common Files\Symantec Shared\CCEVTMGR.EXE
Virus:W32/Parite.B Disinfected C:\Program Files\Norton Internet Security\nisfirst.exe
Virus:W32/Parite.B Disinfected C:\Program Files\Norton Internet Security\NISUM.EXE
\WINNT\ServicePackFiles\i386\mstask.exe
Virus:W32/Parite.B Disinfected C:\TempEI4\WINNT\ServicePackFiles\i386\nbtstat.exe

Virus:W32/Parite.B Disinfected C:\TempEI4\WINNT\vgxuninst.exe
Virus:W32/Parite.B Disinfected D:\Documents and Settings\Administrator\Desktop\Desktop Files\Demo\dcmdump.exe
Virus:W32/Parite.B Disinfected D:\Documents and Settings\Administrator\Desktop\Desktop Files\Demo\dcmprscp.exe
Virus:W32/Parite.B Disinfected D:\Documents and Settings\Administrator\Desktop\Desktop Files\Demo\dcmprscu.exe
Virus:W32/Parite.B Disinfected D:\Documents and Settings\Administrator\Desktop\Desktop Files\Demo\dcmpschk.exe
Virus:W32/Parite.B Disinfected D:\Program Files\Oracle\jre\1.3.1\bin\java.exe Virus:W32/Parite.B Disinfected D:\WINDOWS\$hf_mig$\KB819696\update\update.exe \WindowsServer2003-KB889101-SP1-x86-ENU.exe
 

·
TSF Security Team, Emeritus
Joined
·
6,962 Posts
Question...

Are you using a proxy server? Are these entrys related to your ISP....

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 192.168.182.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 192.168.182.*;<local>
O1 - Hosts: 202.159.228.4 mumbaiftp.mtnl.net.in
O17 - HKLM\System\CCS\Services\Tcpip\..\{04DCD920-D50C-4FBA-8991-7E80FA800480}: NameServer = 192.168.182.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{9940E8E9-3D1E-462D-8C86-60ED10E4ED55}: NameServer = 61.1.96.69,61.1.96.71
O17 - HKLM\System\CS1\Services\Tcpip\..\{04DCD920-D50C-4FBA-8991-7E80FA800480}: NameServer = 192.168.182.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{04DCD920-D50C-4FBA-8991-7E80FA800480}: NameServer = 192.168.182.1


61.1.96.69 and 202.159.228.4 <---Asia Pacific Network

192.168.182.1 <--Internet Assigned Numbers Authority (IANA)
 

·
Registered
Joined
·
4 Posts
Discussion Starter #7
win2003 advanced server...axxonet

yes i am using a proxy server, and the entries are related to the ISP, right now my system is also not able to boot properly in other words it comes up to the login screen but does'nt promt for the name and the passwd....plz suggest some solutions on this...
 

·
Premium Member
Joined
·
14,311 Posts
When did this just happen? Right after the fixes or just out of the blue? Can you boot into Safe Mode and give us a HijackThis log (although not recommended, but if you can't get to normal mode, this will do for now).
 
1 - 8 of 8 Posts
Status
Not open for further replies.
Top