Solved

trojans removed but still having problems

Posted on 2004-04-23
9
1,882 Views
Last Modified: 2013-12-04
I had SDBot, Optix and some other trojans and virus on this computer. removed them but still when I open regedit, TDS-3, Norton AV the programs will be ended immediately. I cannot find what is causing this.

can you review my log please?

Hijack.........
Logfile of HijackThis v1.97.7
Scan saved at 5:30:04 PM, on 4/23/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\msmsgsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE
C:\Program Files\TrojanHunter 3.8\TrojanHunter.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Janet Lazo\Desktop\HijackThis.exe
C:\Program Files\Norton SystemWorks\OBC.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Microsoft Messenger Service] msmsgsvc.exe
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.8\THGuard.exe"
O4 - HKLM\..\RunServices: [Microsoft Messenger Service] msmsgsvc.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O9 - Extra button: AIM (HKLM)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab

Thanks.....
paul...
0
Comment
Question by:paulfry6393
9 Comments
 
LVL 2

Accepted Solution

by:
LeftofCool earned 168 total points
Comment Utility
You definitely have a nasty virus or piece of spyware, but nothing jumps out at me in your log. You might want to try rebooting in safe mode and running NAV there. Also, download and install Spybot Search & Destroy and Ad-Aware, which can be found at these links, respectively: http://download.com.com/3000-8022-10194058.html?tag=lst-0-3 and http://www.lavasoftusa.com/ . If you are having trouble running these two programs in regular mode, run them in safe mode and delete everything found.
0
 
LVL 49

Assisted Solution

by:sunray_2003
sunray_2003 earned 166 total points
Comment Utility
I donot see anything wrong in the hijackthis log.

Maybe the virus or trojan screwed your system ..

Why dont you repair windows 2000

How do I recover Windows 2000?
http://www.jsiinc.com/SUBG/TIP3200/rh3200.htm

Post back
0
 
LVL 12

Expert Comment

by:trywaredk
Comment Utility
Cleaning your computer  - and protecting it in the future -  can't be answered with one issue.

As you can see in my url below there are at least 7 different issues, where you should decide 1 of each, or else you does'nt protect your computer at all.

The reason is, that the many different programs not always protects against each other, and each of them does'nt protect equally.

It's very important, that you study all of these issues in my knowledgebase (some of them are freeware):
http://www.tryware.dk/English/Knowledgebase/HowToProtectYourComputer.html

BTW: I'm using the Trend Micro virus-suite, and SoftScan , and haven't got any of my servers or computers infected since 1999.

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open

0
Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

 
LVL 12

Expert Comment

by:trywaredk
Comment Utility
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 166 total points
Comment Utility
Try McAfee's Stinger
http://vil.nai.com/vil/stinger/

Also remember to turn off SYSTEM RESTORE (anyone catching on to this yet:)
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm

The virus is probably gaobot http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.adx.html

Remember turn off system restore, or next boot, you'll have your viri back, TY M$!
-rich
0
 
LVL 8

Expert Comment

by:nader alkahtani
Comment Utility
"removed them but still when I open regedit, TDS-3, Norton AV the programs will be ended immediately" :

This may caused by corrupted some of system files

Solution :

chkdsk c: /r

ENTER

reboot the machine then let it check and repair curropted system files .

after you logon the windows use the command :

sfc /scannow

ENTER

to restore the corrupted system files .




0
 
LVL 12

Expert Comment

by:trywaredk
Comment Utility
If Sfc.exe does'nt work, then try to copy all the files from C:\WINNT\system32\dllcache to C:\WINNT\system32
Files Manually Copied to the DLLCache Folder Are Not Used Until the Next Reboot
http://support.microsoft.com/default.aspx?scid=kb;en-us;236995
 
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

5 Experts available now in Live!

Get 1:1 Help Now