Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

trojans removed but still having problems

Posted on 2004-04-23
9
Medium Priority
?
1,891 Views
Last Modified: 2013-12-04
I had SDBot, Optix and some other trojans and virus on this computer. removed them but still when I open regedit, TDS-3, Norton AV the programs will be ended immediately. I cannot find what is causing this.

can you review my log please?

Hijack.........
Logfile of HijackThis v1.97.7
Scan saved at 5:30:04 PM, on 4/23/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\msmsgsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE
C:\Program Files\TrojanHunter 3.8\TrojanHunter.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Janet Lazo\Desktop\HijackThis.exe
C:\Program Files\Norton SystemWorks\OBC.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Microsoft Messenger Service] msmsgsvc.exe
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.8\THGuard.exe"
O4 - HKLM\..\RunServices: [Microsoft Messenger Service] msmsgsvc.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O9 - Extra button: AIM (HKLM)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab

Thanks.....
paul...
0
Comment
Question by:paulfry6393
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 2

Accepted Solution

by:
LeftofCool earned 672 total points
ID: 10905821
You definitely have a nasty virus or piece of spyware, but nothing jumps out at me in your log. You might want to try rebooting in safe mode and running NAV there. Also, download and install Spybot Search & Destroy and Ad-Aware, which can be found at these links, respectively: http://download.com.com/3000-8022-10194058.html?tag=lst-0-3 and http://www.lavasoftusa.com/ . If you are having trouble running these two programs in regular mode, run them in safe mode and delete everything found.
0
 
LVL 49

Assisted Solution

by:sunray_2003
sunray_2003 earned 664 total points
ID: 10906106
I donot see anything wrong in the hijackthis log.

Maybe the virus or trojan screwed your system ..

Why dont you repair windows 2000

How do I recover Windows 2000?
http://www.jsiinc.com/SUBG/TIP3200/rh3200.htm

Post back
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10906559
Cleaning your computer  - and protecting it in the future -  can't be answered with one issue.

As you can see in my url below there are at least 7 different issues, where you should decide 1 of each, or else you does'nt protect your computer at all.

The reason is, that the many different programs not always protects against each other, and each of them does'nt protect equally.

It's very important, that you study all of these issues in my knowledgebase (some of them are freeware):
http://www.tryware.dk/English/Knowledgebase/HowToProtectYourComputer.html

BTW: I'm using the Trend Micro virus-suite, and SoftScan , and haven't got any of my servers or computers infected since 1999.

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open

0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 
LVL 12

Expert Comment

by:trywaredk
ID: 10906564
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 664 total points
ID: 10909838
Try McAfee's Stinger
http://vil.nai.com/vil/stinger/

Also remember to turn off SYSTEM RESTORE (anyone catching on to this yet:)
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm

The virus is probably gaobot http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.adx.html

Remember turn off system restore, or next boot, you'll have your viri back, TY M$!
-rich
0
 
LVL 8

Expert Comment

by:nader alkahtani
ID: 10911831
"removed them but still when I open regedit, TDS-3, Norton AV the programs will be ended immediately" :

This may caused by corrupted some of system files

Solution :

chkdsk c: /r

ENTER

reboot the machine then let it check and repair curropted system files .

after you logon the windows use the command :

sfc /scannow

ENTER

to restore the corrupted system files .




0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10913462
If Sfc.exe does'nt work, then try to copy all the files from C:\WINNT\system32\dllcache to C:\WINNT\system32
Files Manually Copied to the DLLCache Folder Are Not Used Until the Next Reboot
http://support.microsoft.com/default.aspx?scid=kb;en-us;236995
 
0

Featured Post

Protect Your Retail Business and Reputation

Wi-Fi access doesn't just impact your business & customer experience, it can also affect your security.  Join us for an informative webinar to learn more about the top threats and trends impacting retail today, and the key solutions to protecting retail networks and reputations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question