Solved

trojans removed but still having problems

Posted on 2004-04-23
9
1,888 Views
Last Modified: 2013-12-04
I had SDBot, Optix and some other trojans and virus on this computer. removed them but still when I open regedit, TDS-3, Norton AV the programs will be ended immediately. I cannot find what is causing this.

can you review my log please?

Hijack.........
Logfile of HijackThis v1.97.7
Scan saved at 5:30:04 PM, on 4/23/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\msmsgsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE
C:\Program Files\TrojanHunter 3.8\TrojanHunter.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Janet Lazo\Desktop\HijackThis.exe
C:\Program Files\Norton SystemWorks\OBC.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Microsoft Messenger Service] msmsgsvc.exe
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.8\THGuard.exe"
O4 - HKLM\..\RunServices: [Microsoft Messenger Service] msmsgsvc.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O9 - Extra button: AIM (HKLM)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab

Thanks.....
paul...
0
Comment
Question by:paulfry6393
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 2

Accepted Solution

by:
LeftofCool earned 168 total points
ID: 10905821
You definitely have a nasty virus or piece of spyware, but nothing jumps out at me in your log. You might want to try rebooting in safe mode and running NAV there. Also, download and install Spybot Search & Destroy and Ad-Aware, which can be found at these links, respectively: http://download.com.com/3000-8022-10194058.html?tag=lst-0-3 and http://www.lavasoftusa.com/ . If you are having trouble running these two programs in regular mode, run them in safe mode and delete everything found.
0
 
LVL 49

Assisted Solution

by:sunray_2003
sunray_2003 earned 166 total points
ID: 10906106
I donot see anything wrong in the hijackthis log.

Maybe the virus or trojan screwed your system ..

Why dont you repair windows 2000

How do I recover Windows 2000?
http://www.jsiinc.com/SUBG/TIP3200/rh3200.htm

Post back
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10906559
Cleaning your computer  - and protecting it in the future -  can't be answered with one issue.

As you can see in my url below there are at least 7 different issues, where you should decide 1 of each, or else you does'nt protect your computer at all.

The reason is, that the many different programs not always protects against each other, and each of them does'nt protect equally.

It's very important, that you study all of these issues in my knowledgebase (some of them are freeware):
http://www.tryware.dk/English/Knowledgebase/HowToProtectYourComputer.html

BTW: I'm using the Trend Micro virus-suite, and SoftScan , and haven't got any of my servers or computers infected since 1999.

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open

0
Ready to trade in that old firewall?

Whether you need to trade-up to a shiny new Firebox or just ready to upgrade from whatever appliance you're using now, WatchGuard has the right appliance for you! Find your perfect Firebox today with appliance sizing tool!

 
LVL 12

Expert Comment

by:trywaredk
ID: 10906564
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 166 total points
ID: 10909838
Try McAfee's Stinger
http://vil.nai.com/vil/stinger/

Also remember to turn off SYSTEM RESTORE (anyone catching on to this yet:)
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm

The virus is probably gaobot http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.adx.html

Remember turn off system restore, or next boot, you'll have your viri back, TY M$!
-rich
0
 
LVL 8

Expert Comment

by:nader alkahtani
ID: 10911831
"removed them but still when I open regedit, TDS-3, Norton AV the programs will be ended immediately" :

This may caused by corrupted some of system files

Solution :

chkdsk c: /r

ENTER

reboot the machine then let it check and repair curropted system files .

after you logon the windows use the command :

sfc /scannow

ENTER

to restore the corrupted system files .




0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10913462
If Sfc.exe does'nt work, then try to copy all the files from C:\WINNT\system32\dllcache to C:\WINNT\system32
Files Manually Copied to the DLLCache Folder Are Not Used Until the Next Reboot
http://support.microsoft.com/default.aspx?scid=kb;en-us;236995
 
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
Suggested Courses

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question