Advertisement

02.22.2007 at 11:29AM PST, ID: 22407289 | Points: 500
[x]
Attachment Details

Virus/Spyware Causing RDR Redirect Errors - Hijack log attached.

Asked by jhaiken in Operating Systems, Windows NT Operating System

Tags: ,

I contracted the w32.ircbot virus/spyware yesterday. Eventually I was able to quarantine it; but now I am getting 8013 RDR errors in my system log and I believe it is slowing my network down.  The error detail is "The redirector has timed out a request to <IP ADDRESS>"

I ran Hijackthis and this is the log file:

Logfile of HijackThis v1.99.1
Scan saved at 1:40:05 PM, on 2/22/07
Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\spoolss.exe
C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
C:\WINNT\System32\nddeagnt.exe
C:\PROGRA~1\SAV\DefWatch.exe
C:\Program Files\HP Web JetAdmin\hpwebjetd.exe
C:\WINNT\system32\cba\pds.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\llssrv.exe
C:\PROGRA~1\SAV\Rtvscan.exe
C:\WINNT\System32\loadwc.exe
C:\WINNT\System32\PROMon.exe
C:\PROGRA~1\SAV\vptray.exe
C:\WINNT\System32\secsvc.exe
C:\WINNT\System32\HPJETDSC.EXE
C:\WINNT\System32\LOCATOR.EXE
C:\WINNT\system32\RpcSs.exe
C:\WINNT\system32\ams_ii\hndlrsvc.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\system32\cba\xfr.exe
C:\Program Files\SSC\NSCTOP.EXE
C:\WINNT\System32\pstores.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\wins.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\dns.exe
C:\WINNT\System32\taskmgr.exe
C:\WINNT\system32\EVENTVWR.EXE
C:\TEMP\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /logon
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SAV\vptray.exe
O4 - HKLM\..\Run: [Security Service] C:\WINNT\System32\secsvc.exe
O4 - HKCU\..\Run: [HP JetDiscovery] HPJETDSC.EXE
O12 - Plugin for .spop: C:\PROGRA~1\Plus!\MICROS~1\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pace
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pace
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 192.168.30.8
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = pace
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 192.168.30.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 192.168.30.8
O23 - Service: Backup Exec Remote Agent for Windows NT/2000 (BackupExecAgentAccelerator) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SAV\DefWatch.exe
O23 - Service: HP Web JetAdmin (HPWebJetAdmin) - Hewlett-Packard - C:\Program Files\HP Web JetAdmin\hpwebjetd.exe
O23 - Service: Intel Alert Handler - Intel Corporation - C:\WINNT\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel File Transfer - Intel Corporation - C:\WINNT\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINNT\system32\cba\pds.exe
O23 - Service: Symantec AntiVirus Server (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SAV\Rtvscan.exe
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\Program Files\SSC\NSCTOP.EXE

Anything that can be stopped safely?

Start Free Trial
 
Keywords: Virus/Spyware Causing RDR Redirect…
Title
1 Assistance with contents of Hijackthis …
2 Spyware
3 Remove viruses and spyware
4 Can not remove spyware
5 Analyze this HijackThis log
6 Hijack this log
 
Loading Advertisement...
 
[+][-]02.22.2007 at 04:17PM PST, ID: 18592762

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02.22.2007 at 04:22PM PST, ID: 18592783

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02.22.2007 at 04:25PM PST, ID: 18592791

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02.22.2007 at 04:31PM PST, ID: 18592811

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02.22.2007 at 04:41PM PST, ID: 18592865

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02.22.2007 at 05:04PM PST, ID: 18592966

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02.23.2007 at 11:21AM PST, ID: 18598500

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02.26.2007 at 04:15PM PST, ID: 18613754

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02.26.2007 at 04:26PM PST, ID: 18613821

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02.26.2007 at 04:29PM PST, ID: 18613829

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02.26.2007 at 04:41PM PST, ID: 18613895

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]05.08.2007 at 08:54AM PDT, ID: 19050863

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]05.08.2007 at 03:14PM PDT, ID: 19053412

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]02.07.2008 at 02:15AM PST, ID: 20839580

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
 
Loading Advertisement...
20080716-EE-VQP-32