Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1894
  • Last Modified:

trojans removed but still having problems

I had SDBot, Optix and some other trojans and virus on this computer. removed them but still when I open regedit, TDS-3, Norton AV the programs will be ended immediately. I cannot find what is causing this.

can you review my log please?

Hijack.........
Logfile of HijackThis v1.97.7
Scan saved at 5:30:04 PM, on 4/23/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\msmsgsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE
C:\Program Files\TrojanHunter 3.8\TrojanHunter.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Janet Lazo\Desktop\HijackThis.exe
C:\Program Files\Norton SystemWorks\OBC.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Microsoft Messenger Service] msmsgsvc.exe
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.8\THGuard.exe"
O4 - HKLM\..\RunServices: [Microsoft Messenger Service] msmsgsvc.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O9 - Extra button: AIM (HKLM)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab

Thanks.....
paul...
0
paulfry6393
Asked:
paulfry6393
3 Solutions
 
LeftofCoolCommented:
You definitely have a nasty virus or piece of spyware, but nothing jumps out at me in your log. You might want to try rebooting in safe mode and running NAV there. Also, download and install Spybot Search & Destroy and Ad-Aware, which can be found at these links, respectively: http://download.com.com/3000-8022-10194058.html?tag=lst-0-3 and http://www.lavasoftusa.com/ . If you are having trouble running these two programs in regular mode, run them in safe mode and delete everything found.
0
 
sunray_2003Commented:
I donot see anything wrong in the hijackthis log.

Maybe the virus or trojan screwed your system ..

Why dont you repair windows 2000

How do I recover Windows 2000?
http://www.jsiinc.com/SUBG/TIP3200/rh3200.htm

Post back
0
 
trywaredkCommented:
Cleaning your computer  - and protecting it in the future -  can't be answered with one issue.

As you can see in my url below there are at least 7 different issues, where you should decide 1 of each, or else you does'nt protect your computer at all.

The reason is, that the many different programs not always protects against each other, and each of them does'nt protect equally.

It's very important, that you study all of these issues in my knowledgebase (some of them are freeware):
http://www.tryware.dk/English/Knowledgebase/HowToProtectYourComputer.html

BTW: I'm using the Trend Micro virus-suite, and SoftScan , and haven't got any of my servers or computers infected since 1999.

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open

0
Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

 
trywaredkCommented:
0
 
Rich RumbleSecurity SamuraiCommented:
Try McAfee's Stinger
http://vil.nai.com/vil/stinger/

Also remember to turn off SYSTEM RESTORE (anyone catching on to this yet:)
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm

The virus is probably gaobot http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.adx.html

Remember turn off system restore, or next boot, you'll have your viri back, TY M$!
-rich
0
 
nader alkahtaniNetwork EngineerCommented:
"removed them but still when I open regedit, TDS-3, Norton AV the programs will be ended immediately" :

This may caused by corrupted some of system files

Solution :

chkdsk c: /r

ENTER

reboot the machine then let it check and repair curropted system files .

after you logon the windows use the command :

sfc /scannow

ENTER

to restore the corrupted system files .




0
 
trywaredkCommented:
If Sfc.exe does'nt work, then try to copy all the files from C:\WINNT\system32\dllcache to C:\WINNT\system32
Files Manually Copied to the DLLCache Folder Are Not Used Until the Next Reboot
http://support.microsoft.com/default.aspx?scid=kb;en-us;236995
 
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now