Trojan/Virus - cannot clean system

Trojan/Virus - cannot clean system (Full Version)

All Forums >> [Community] >> Computer Software and Hardware issues

Message

chanchan -> Trojan/Virus - cannot clean system (11/19/2005 14:27:11)
I was infected with a trojan the other day and cannot seem to clean my system. I keep getting pop-up ads and IE crashing regardless if I have IE open or not. The error message I recieve when IE crashes is "Internet Explorer has encountered a problem and needs to close. We are sorry for the inconvenience." Nothing about sending or viewing an error report. Here is what I've currently done/ran: Ad-Aware Spyware XoftSpy Stopzilla Ewido Norton Antivirus I ran these programs both in Safe Mode and normal. I've also unchecked enable third-party browser extensions and made sure all Browser Helper Objects were safe. I then ran a registry cleaner. Here is my hijackthis log: Logfile of HijackThis v1.99.1 Scan saved at 1:10:45 PM, on 11/19/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\STOPzilla!\szserver.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Spyware Software\security suite\ewidoctrl.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\nvraidservice.exe C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\VISION~2\ONETOU~2.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Spyware Software\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYWAR~1\SPYBOT~1\SDHelper.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\Spyware Software\STOPzilla\SZIEBHO.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~2\ONETOU~2.EXE O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\Spyware Software\STOPzilla\STOPzilla.exe /autostart O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O21 - SSODL: SysTray.Exys - {7368D5FC-6F5C-4f5b-B964-E67214F67852} - (no file) O21 - SSODL: SysTray.Excn2 - {1722ECFF-4356-4f5b-B534-E67294FE75E9} - (no file) O21 - SSODL: IEFFAIBE - {76730D16-14FB-4A11-73EE-4CA66A865803} - (no file) O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\Spyware Software\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\Spyware Software\security suite\ewidoguard.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\szserver.exe Any help would be GREATLY appreciated.

caz -> RE: Trojan/Virus - cannot clean system (11/19/2005 14:32:27)
For help with Hijackthis logs try http://castlecops.com/c3-Privacy.html but be prepared for a wait.

Taz -> RE: Trojan/Virus - cannot clean system (11/19/2005 14:49:26)
Do you have System Restore turned on or off BTW?

chanchan -> RE: Trojan/Virus - cannot clean system (11/19/2005 15:38:06)
I do have System Restore on. I tried restoring to a couple days before this happened, but it tells me it can't restore to that point because nothing has changed. Should I try an even earlier point?

Taz -> RE: Trojan/Virus - cannot clean system (11/19/2005 15:59:24)
If you are catching and deleting things with Spyware/Adaware with System restore turned on they can sometimes sneak back in once you reboot, so sometimes it's worth switching it off, then deleting the files needed and do a reboot. Myself I never bother even having System Restore turned on cos it's neither use nor ornament IMO. Follow Caz's advice first though cos they really know their stuff and should get to the bottom of the issues. =]

Nightrider1962 -> RE: Trojan/Virus - cannot clean system (1/1/2006 8:32:03)
I understand your Dilema well, And I look for answers everywhere, Usually Google is my source. And it just depends on HOW you word it, Don't get technical and you will get more results. #1. Have you gone to your Control Panel and clicked on internet options and delete all cookies,Temporary Internet Filesdelete files, Clear history. "Helps to speed up computer system also". #2. Start menu/accessories/system tools/disk clean up, Almost every box there can be checked (right click each description to understand what each box is) and clean out your old unused or un-needed temp files and delete them. "Helps to speed up computer system also". #3. Then reboot system, This helps to purge/clean your system. Refreshed Scan as "Complete System" Scan. My first complete scan for a 30 gig hard drive took almost 2 1/2 hours and check for other viruses. Using AVG personal. "Usually if theres ONE theres more!" YOU will need Visual Basic 6 Runtime Libraries to run this program". http://download.microsoft.com/download/vb60pro/Redist/sp5/WIN98ME/EN-US/vbrun60sp5.exe HijackThis* : A general homepage hijackers detector and remover. Initially based on the article Hijacked!, but expanded with almost a dozen other checks against hijacker tricks. It is continually updated to detect and remove new hijacks. It does not target specific programs/URLs, just the methods used by hijackers to force you onto their sites. As a result, false positives are imminent and unless you are sure what you're doing, you should always consult with knowledgable folks (e.g. the forums) before deleting anything. Currently at version: 1.99.1 -> Download from Merijn: http://www.Merijn.org ->Download from Subratam: http://downloads.subratam.org/hijackthis.zip -> Download from UniteTheCows: http://www.unitethecows.com/software/HijackThis.exe -> Download from BleepingComputer: http://www.bleepingcomputer.com/files/Merijn/HijackThis.zip -> Download from DKnoppix: http://www.dknoppix.com/cgi-bin/download.cgi?HijackThis -> Download from SpywareInfo: http://www.spywareinfo.com/~merijn/files/hijackthis.zip -> Download from CastleCops: http://castlecops.com/downloads-file-328.html HijackThis direct download: http://216.180.233.162/~merijn/files/HijackThis.exe Compatible with at least Windows 98, 98SE, ME, 2000, XP and newer. HijackThis log tutorial On the forums of frontpagewebmaster, a lot of people new to browser hijacking post topics asking for help analyzing logs from HijackThis, because they don't understand what stuff is good and what is bad. This is a basic guide as to what the log means, and some tips on reading it yourself. This should in no way replace asking for help in the fpwm forums, but help you somewhat in understanding the log yourself. My source I wish I could say was myself but I too am still learning, But I do give credit where credit is due. "My Source" http://www.spywareinfo.com/~merijn/htlogtutorial.html Hope this helps. If I can help, I will! How to reset your Restore cache. (Restore Program) You can Clear your Restore program to prevent any misdirections of returning to a previously saved time that was corrupted. Right click My Computer and find System Properties, Look for System Restore tab and make sure that the box is CHECKED. Reboot your computer Right click my computer again and find Restore System tab again and Now Un-Check the box, You have just cleared the Restore Cache So from this point on your system will be up to date and you will be able to use your restore if needed in the future. :) Enjoy

Giomanach -> RE: Trojan/Virus - cannot clean system (1/1/2006 9:03:11)
The HiJack This report is fine, nothing wrong there. I would follow Taz's advice & turn off system restore, let the files delete, reboot the system, scan again, and if all clear, turn system restore back on. I don't use System Restore either, mainly because I need the hard drive space it uses, and I find it's th perfect hidey hole for viruses & standard virus scanners/spayware programs can't remove the problem due to Windows Lockdown Permissions on the files. :)

Aleksandr_8 -> RE: Trojan/Virus - cannot clean system (1/3/2006 7:58:47)
try to uninstall IE and than install it again. use some good clean program. maybe the problem in cookies. i like TRACK ERASER pro that clean everything in IE. cookies, history, cash etc. and advice. dont use those bad sites u have checked often before. :)

BobbyDouglas -> RE: Trojan/Virus - cannot clean system (1/3/2006 16:15:10)
Try everything else suggested here before you decide to reinstall IE (something I think would end up causing quite a bit of problems).

Kitka -> RE: Trojan/Virus - cannot clean system (1/3/2006 18:33:03)
/wonders why Nightrider to BobbyDouglas are replying to a post first made on 20 Nov last year. [sm=ask.gif] I imagine that chanchan has found some suitable solution ages ago.

BobbyDouglas -> RE: Trojan/Virus - cannot clean system (1/3/2006 19:19:51)
For the future people who find this thread... Doubtful the OP is going to come back and think our replies are useful [8D] but others who come across the thread should know what to do and what not to do. Reinstalling IE should be one of the last things to do.

Electric_Cowboy -> RE: Trojan/Virus - cannot clean system (1/7/2006 19:37:37)
If you still have your Windows XP install disk you can run recovery console to repair your operating system. Just reinstall over your existing installation without changing the file system, you will also need your cd key code although it should not ask to be reactivated. It's also not a bad idea to run 'fixmbr' and 'fixboot' from the recovery console before you use it to repair.

rafael_bancer -> RE: Trojan/Virus - cannot clean system (1/25/2006 9:43:08)
Honestly...system restore is a memory hog..i suggest using Acrnois True Image 9..u can backup while runing windows..unliky crappy norton ghost..yuck...the chance of data loss is less then that of norton...now as to unwanted programs infiltrating yer winblows...have u thought of maybe using linux based OS..with x server...hmm..just a thought:)

jcm001 -> RE: Trojan/Virus - cannot clean system (1/26/2006 14:09:25)
I recently had my pc hijacked to a search engine after taking a blog-walk-about. I used hijack this and also this germany-based site to interpret the log file. http://www.hijackthis.de/ I found it Very helpful. The problem seems to be fixed.

Texjd -> RE: Trojan/Virus - cannot clean system (2/2/2006 10:48:40)
I do local computer repair and support. I can tell you that 90% of service calls are now security related. It's probably the number one issue today with computer problems. If you want to read one of my articles I just published on how to help keep you out of trouble and protect your data go here: http://www.jdwebworks.com/computersecurity.htm It will give the basics and explain ways to keep your computer and data secure.

Page: [1]

Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

0.171875