help help :(

simmer · 05-03-2008, 04:39 PM

hi my frnds plz help me i'm infected by a undectable trojan plz tell me how to remove it. it is making a small red icon on my browser see. plz help me very very urgent i had tried all antivirueses every possible thing which i can do plz help ur my las hope.thanx.

**~~ViT~~** · 05-03-2008, 04:41 PM

download this porg make a scan with the 1 option and paster here the notpade

[Only registered users can see links. ]

**~~ViT~~** · 05-03-2008, 04:55 PM

plz u are not copy well from the notpade and post so plz make a new scan use the 1 oprion copy and paster here the not pade or upload the not pade in 2hared tx

simmer · 05-03-2008, 04:59 PM

bro plz don'tmind bt i don't get u?? u mean i scan wt first option nd put result here?plz tell me bro.^:)^

**~~ViT~~** · 05-03-2008, 05:08 PM

when u scan with the 1 option do a system scan and a log file he create a notpade copy and paste here the notpade

or simple upload the notpade in and put here the link

[Only registered users can see links. ]

simmer · 05-03-2008, 05:11 PM

Logfile of HijackThis v1.99.1
Scan saved at 10:40:13 PM, on 5/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5503)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\FixCamera.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\gh\Desktop\New Folder\rapget.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\gh\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {83F8572D-3D50-40B9-A03F-9305A53569F4} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\All Users\Local Settings\Application Data\cftmon.exe
O4 - HKLM\..\Run: [PC Auto Shutdown] "C:\Program Files\PC Auto Shutdown\AutoShutdown.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\All Users\Local Settings\Application Data\cftmon.exe
O4 - HKCU\..\Run: [DepositFiles Uploader] C:\Documents and Settings\gh\Desktop\DepositUploader.exe /m
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer\Add_AllO.htm
O8 - Extra context menu item: Download List Of Files Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_list.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: PCAutoShutdown_Service - GoldSolution Software, Inc. - C:\Program Files\PC Auto Shutdown\ShutdownService.exe
O23 - Service: SolarWinds TFTP Server - SolarWinds - C:\Documents and Settings\gh\Application Data\SolarWinds\TFTPServer\SolarWinds TFTP Server.exe

**~~ViT~~** · 05-03-2008, 05:14 PM

is not find bro or log dont have teh \ in all so they make very complicate to read

or plus dont put inside quote just paste

plz upload the notpade in 2share

simmer · 05-03-2008, 05:29 PM

uploaded. i was in bathroom sorry for late reply bro.

simmer · 05-03-2008, 05:33 PM

here it is.plz hel-p me bro ur very helping thanx

**~~ViT~~** · 05-03-2008, 05:37 PM

READ WELL BEFORE TRY U MUST KNOW GOO TO SAFE MODE

download this prog rebout or pc press f8 and start or pc in safe mode

is totaly need u be in safe mode any scan without be in safe mode is just lose the time

after be in safe mode use combofix 1 just follow the menu and let finish

after open sdfix he goo create a new folder with the same name in drive C:
just open that new folder with the same name sdfix and open the exe RUNTHIS and follow the menu

after u make all post here a new hijackthis scan

[Only registered users can see links. ]

[Only registered users can see links. ]

to goo to safe mode rebout or pc in the 1 image after rebote press
f8 after if u dont see a menu in black with all option and u see
a blue window just press enter and press again f8 now from the black menu
choose safe mode without conection and press enter now use the prog

05-03-2008, 04:39 PM	#1 (permalink)
simmer Junior Member Join Date: Apr 2008 Posts: 187 Thanks: 18 Thanked 131 Times in 79 Posts Reputation: 2	help help :( hi my frnds plz help me i'm infected by a undectable trojan plz tell me how to remove it. it is making a small red icon on my browser see. plz help me very very urgent i had tried all antivirueses every possible thing which i can do plz help ur my las hope.thanx.

05-03-2008, 04:41 PM	#2 (permalink)
~~ViT~~ Administrator Join Date: Feb 2007 Location: In the middle of nothing... in the middle of everything ... Posts: 27,372 Thanks: 834 Thanked 86,286 Times in 16,274 Posts Reputation: 129795	Re: help help :( download this porg make a scan with the 1 option and paster here the notpade [Only registered users can see links. ]

05-03-2008, 04:55 PM	#3 (permalink)
~~ViT~~ Administrator Join Date: Feb 2007 Location: In the middle of nothing... in the middle of everything ... Posts: 27,372 Thanks: 834 Thanked 86,286 Times in 16,274 Posts Reputation: 129795	Re: help help :( plz u are not copy well from the notpade and post so plz make a new scan use the 1 oprion copy and paster here the not pade or upload the not pade in 2hared tx

05-03-2008, 04:59 PM	#4 (permalink)
simmer Junior Member Join Date: Apr 2008 Posts: 187 Thanks: 18 Thanked 131 Times in 79 Posts Reputation: 2	Re: help help :( bro plz don'tmind bt i don't get u?? u mean i scan wt first option nd put result here?plz tell me bro.^:)^

05-03-2008, 05:08 PM	#5 (permalink)
~~ViT~~ Administrator Join Date: Feb 2007 Location: In the middle of nothing... in the middle of everything ... Posts: 27,372 Thanks: 834 Thanked 86,286 Times in 16,274 Posts Reputation: 129795	Re: help help :( when u scan with the 1 option do a system scan and a log file he create a notpade copy and paste here the notpade or simple upload the notpade in and put here the link [Only registered users can see links. ]

05-03-2008, 05:11 PM	#6 (permalink)
simmer Junior Member Join Date: Apr 2008 Posts: 187 Thanks: 18 Thanked 131 Times in 79 Posts Reputation: 2	Re: help help :( Logfile of HijackThis v1.99.1 Scan saved at 10:40:13 PM, on 5/3/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5503) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgfws8.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\FixCamera.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\gh\Desktop\New Folder\rapget.exe C:\Program Files\Opera\Opera.exe C:\Documents and Settings\gh\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1 local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {83F8572D-3D50-40B9-A03F-9305A53569F4} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing) O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\All Users\Local Settings\Application Data\cftmon.exe O4 - HKLM\..\Run: [PC Auto Shutdown] "C:\Program Files\PC Auto Shutdown\AutoShutdown.exe" O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [DLD.EXE] C:\Program Files\Download Direct\DLD.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\All Users\Local Settings\Application Data\cftmon.exe O4 - HKCU\..\Run: [DepositFiles Uploader] C:\Documents and Settings\gh\Desktop\DepositUploader.exe /m O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer\Add_UrlO.htm O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer\Add_AllO.htm O8 - Extra context menu item: Download List Of Files Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_list.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe O23 - Service: PCAutoShutdown_Service - GoldSolution Software, Inc. - C:\Program Files\PC Auto Shutdown\ShutdownService.exe O23 - Service: SolarWinds TFTP Server - SolarWinds - C:\Documents and Settings\gh\Application Data\SolarWinds\TFTPServer\SolarWinds TFTP Server.exe

05-03-2008, 05:14 PM	#7 (permalink)
~~ViT~~ Administrator Join Date: Feb 2007 Location: In the middle of nothing... in the middle of everything ... Posts: 27,372 Thanks: 834 Thanked 86,286 Times in 16,274 Posts Reputation: 129795	Re: help help :( is not find bro or log dont have teh \ in all so they make very complicate to read or plus dont put inside quote just paste plz upload the notpade in 2share

05-03-2008, 05:29 PM	#8 (permalink)
simmer Junior Member Join Date: Apr 2008 Posts: 187 Thanks: 18 Thanked 131 Times in 79 Posts Reputation: 2	Re: help help :( uploaded. i was in bathroom sorry for late reply bro.

05-03-2008, 05:37 PM	#10 (permalink)
~~ViT~~ Administrator Join Date: Feb 2007 Location: In the middle of nothing... in the middle of everything ... Posts: 27,372 Thanks: 834 Thanked 86,286 Times in 16,274 Posts Reputation: 129795	Re: help help :( READ WELL BEFORE TRY U MUST KNOW GOO TO SAFE MODE download this prog rebout or pc press f8 and start or pc in safe mode is totaly need u be in safe mode any scan without be in safe mode is just lose the time after be in safe mode use combofix 1 just follow the menu and let finish after open sdfix he goo create a new folder with the same name in drive C: just open that new folder with the same name sdfix and open the exe RUNTHIS and follow the menu after u make all post here a new hijackthis scan [Only registered users can see links. ] [Only registered users can see links. ] to goo to safe mode rebout or pc in the 1 image after rebote press f8 after if u dont see a menu in black with all option and u see a blue window just press enter and press again f8 now from the black menu choose safe mode without conection and press enter now use the prog

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode