Home > Hjt Log > HJT Log: Trojan Horse And System32 Folder

HJT Log: Trojan Horse And System32 Folder

I have ran AVG, Spybot and Ad Aware in safe and regular mode. C-YA! · actions · 2005-Nov-11 6:13 pm · CalamityJanePremium Memberjoin:2002-08-27Eustis, FL

CalamityJane to wispman Premium Member 2005-Nov-11 6:34 pm to wispmanHere is what I can see that needs fixing but you This can take quite a while to run. So how did I get infected in the first place??

Nothing they care about. Arris SB8200, Cox certified [Cox] by odog469. Many thanks! Final Check:Remaining Services:------------------Authorized Application Key Export:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger""C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Disabled:LimeWire swarmed installer""C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes""C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019""C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe""C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe""C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire""C:\\Program Files\\AdwareAlert\\Quarantine\\10-2-2006-9-16-50\\LimeWire\\LimeWire.exe"="C:\\Program Files\\AdwareAlert\\Quarantine\\10-2-2006-9-16-50\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire""%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"Remaining Files:---------------Backups Folder:

Back to top #13 HJThis HJThis Advanced Member Volunteer Security Advisor 4076 posts Posted 11 January 2007 - 12:00 AM Hi,Luke-CNKDo this for me i need to fine out what this Several functions may not work. Attempting to delete C:\WINDOWS\system\loeilb.dllC:\WINDOWS\system\loeilb.dll Has been deleted!

The other account is ... Please re-enable javascript to access full functionality. Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy Jump Click here to join today!

I've run my virus software and AdAware and it keeps coming back. The Windows XP firewall is now enabled. *** Logfile of HijackThis v1.97.7 Possibly out of date Shows the version of HijackThis an. C:\Documents and Settings\username\Local Settings\Temp\ Empty the Recycle Bin. 0 Discussion Starter kindaichi115 12 Years Ago thx for ur help! You may have to register before you can post: click the register link above to proceed.

However, I didn't know what parts of the custom fix provided I should change, so that's why I'm creating a new thread. It wouldn't let me delete that dll in safe mode, so I booted up normally and renamed it then deleted it... AVG free edition keeps keeps finding Trojan Horse Lop.AQ. Post the results back here.

Then run HijackThis, click Scan, and place a checkmark by the following items: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant http://www.lavasoftsupport.com/index.php?/topic/6013-trojan-horse-lopaq/ Attempting to delete C:\WINDOWS\addins\vbliut.tmpC:\WINDOWS\addins\vbliut.tmp Has been deleted! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cabO16 - DPF: Yahoo! Join the community!

I'm not engaging in sock-puppetry here and you won't find 100 upvotes and comments about how helpful AssertNull is in answering questions and I won't be answering programming questions under this Then, acceess this information from a non-compromised computer to follow the steps needed. If you PM me for help, expect an irritated response... Make sure you know where to find this file again.

But here are my logs - NoLop! Logs included.Spigot and othersCant find the root problem[Virus] I have twunk_32 server + misc.[Virus] Need help on how to remove the Skynet Virus Forums → Software and Operating Systems → Security The reason is because hijackthis creates backups and when it's in your temp-folder it can be accidentally deleted.How do you make a permanent folder:Click My Computer, then C:\ and then on I am continuously told that I have the trojan horse dropper.delf.3.l and I continually run AVG Anti-Virus System to fix it.

They are not needed and I suggest fixing them... Stage Two - Normal Mode Checking Files:-------------- C:\WINDOWS\system32\1.txt Removing any Files Found... Reformat here I come.

WIndows Sharing Problem, Please help Translate © 2017 Advanced PC Media LLC, all rights reserved.

Anyways, heres the HJT log - Logfile of HijackThis v1.99.1Scan saved at 3:35:31 PM, on 1/10/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\QuickTime\qttask.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Internet Explorer\iexplore.exeC:\HJT\HijackThis.exeO2 C-YA! Scarlett recommend this forum and told me she always trusts you, so I will too. AssertNull 579 538 posts since Mar 2016 Community Member Why does Google offer free fonts to use online?

All rights reserved. Advertisement anais4uk Thread Starter Joined: Jan 13, 2003 Messages: 142 My comp is infected with Trojan Horse clicker.AJ virus and I have run various virus scans, Adaware and Spybot, but it I will do as instructed, and post an update after... You weren't senior in your first … PDF file: Access denied 14 replies Hi all, I have received an important email message with pdf file attachment.

Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cabO16 - DPF: Yahoo! This will create a text file. Post a complaint about malware here!! Short URL to this thread: https://techguy.org/265863 Log in with Facebook Log in with Twitter Log in with Google Your name or email address: Do you already have an account?

Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! This site is completely free -- paid for by advertisers and donations. Last Post 2 Weeks Ago Howdy! Back to top #8 HJThis HJThis Advanced Member Volunteer Security Advisor 4076 posts Posted 10 January 2007 - 01:58 AM Hey,Luke-CNKFirst this item here is it still installed C:\Documents and Settings\E-mail\Application

Site Changelog Community Forum Software by IP.Board Sign In Use Facebook Use Twitter Need an account? Make sure all browser and all Windows Explorer windows are closed before fixing. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\SearchBar.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - Attempting to delete C:\WINDOWS\addins\vbliut.bak2C:\WINDOWS\addins\vbliut.bak2 Has been deleted! HijackThis...

Attempting to delete C:\WINDOWS\system\blieol.iniC:\WINDOWS\system\blieol.ini Has been deleted!Performing Repairs to the registry.Done!-----------------------------------------------------------------------------------------------------------------------------SDFix: Version 1.57Wed 01/10/2007 - 9:19:19.89Microsoft Windows XP [Version 5.1.2600]Running From: C:\SDFixSafe ModeService Check: Service Name: File Path:Starting Registry Repairs Restoring It depends on how long that was on your computer and what information may have been stolen off your PC or security compromisedWhen should I re-format? w/ HJT log 0 12 Years Ago hi!whenever i connected to the internet, my avg resident shield poped up n said a virus was detected (trojan horse backdoor.dumador.aw) while opening c:\windows\prntsvr.dll Join our site today to ask your question.

I hope it wasn't something I needed Back to top #15 HJThis HJThis Advanced Member Volunteer Security Advisor 4076 posts Posted 11 January 2007 - 01:22 AM Hi,Luke-CNK Hmm oh well Attached Files FRST.txt 25.98KB 2 downloads Addition.txt 45.92KB 2 downloads Back to top BC AdBot (Login to Remove) BleepingComputer.com Register to remove ads #2 nasdaq nasdaq Malware Response Team 34,760 Thanks for all the help.