Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Bx260.exe (infected With Trojan)

(New)
(!)

rachelm's Avatar
rachelm rachelm is offline
Member with 39 posts.
THREAD STARTER
 
Join Date: Feb 2005
Experience: Intermediate
01-Jun-2005, 04:31 AM #1
Bx260.exe (infected With Trojan)
Hi
I have just run an online virus scan from bitdefender. I haven't used it before I usually use trend micro or occasionally panda. I am told windows\system\bx260.exe is infected with a trojan & can not be disinfected. Can anyone tell me what the file is for I'm having no luck on google & would like to know before I delete.

Thanks in advance
khazars's Avatar
Member with 12,290 posts.
 
Join Date: Feb 2004
Location: Glasgow, Scotland
01-Jun-2005, 05:22 AM #2
hi, welcome to TSG.

Download hijack this from the link below.

Make a new folder in C:\ and call it Hijack this, and Save hijack this to
this folder so that it runs properly and can make back ups. Click scan,
then save the log and post it here so we can take a look at it for you.
Don't click fix on anything in hijack this as most of the files are
legitimate.


http://www.majorgeeks.com/downloads31.html
rachelm's Avatar
rachelm rachelm is offline
Member with 39 posts.
THREAD STARTER
 
Join Date: Feb 2005
Experience: Intermediate
01-Jun-2005, 05:41 AM #3
Logfile of HijackThis v1.99.1
Scan saved at 11:36:43, on 01/06/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\PROGRAM FILES\ITOUCH\ITOUCH.EXE
C:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.EXE
C:\PROGRAM FILES\PESTPATROL\COOKIEPATROL.EXE
C:\PROGRAM FILES\PESTPATROL\PPCONTROL.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAM FILES\FIREFOXPRELOADER\FIREFOXPRELOADER.EXE
C:\WINDOWS\RSRCMTR.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OUTLOOK.EXE
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MAPI\1033\95\MAPISP32.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\TRILLIAN\TRILLIAN.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACK THIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\PROGRAM FILES\TECHSMITH\SNAGIT 7\SNAGITIEADDIN.DLL
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\winpatrol.exe
O4 - HKLM\..\Run: [TClockEx loader] C:\Program Files\Tclock\Tclockex.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\iTouch\iTouch.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - Startup: Firefox Preloader.lnk = C:\Program Files\FirefoxPreloader\FirefoxPreloader.exe
O4 - User Startup: Firefox Preloader.lnk = C:\Program Files\FirefoxPreloader\FirefoxPreloader.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

Hi

Thanks for your help here's my log

Rachelm
khazars's Avatar
Member with 12,290 posts.
 
Join Date: Feb 2004
Location: Glasgow, Scotland
01-Jun-2005, 06:17 AM #4
go to this site and download these tools and once you get both
adaware and spybot, update both of them.

Set adaware to do a full system scan and deselect, "search for neglible risk entries".
Click next to start the scan.Delete everything adaware finds.

reboot and now run spybot

Spybot: Search and destroy.

Delete what spybot finds marked in red. After updating spybot hit the
immunize button.



With CWshredder close all browsers and programmes and select the FIX button.


All tools can be downloaded at the link below!


. cwshredder
. AdAware SE


http://www.majorgeeks.com/downloads31.html

have hijack this fix these entries. close all browsers and programmes before
clicking FIX.


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing



Now reboot to safe mode find and delete these files and folders if there?



How to boot to safe mode

http://service1.symantec.com/SUPPORT...rc=sec_doc_nam


How to show hidden files in Windows

http://service1.symantec.com/SUPPORT...&osv=&osv_lvl=


delete this file---> bx260.exe

C:\windows\system\bx260.exe

download and run ccleaner.

http://www.ccleaner.com/


Run an online antivirus check from at least one and preferably 2 of the following sites....
http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/
http://www.ravantivirus.com/scan/
http://support.f-secure.com/enu/home/ols.shtml

make sure autoclean is enabled on the scans

If it says any files can't be cleaned, delete them

post another log
rachelm's Avatar
rachelm rachelm is offline
Member with 39 posts.
THREAD STARTER
 
Join Date: Feb 2005
Experience: Intermediate
01-Jun-2005, 06:51 AM #5
Adaware & spybot are clean. Do you know what prog bx260.exe is associated with? I am aware of many false positives generated by online scans. Thanks again


Logfile of HijackThis v1.99.1
Scan saved at 12:46:30, on 01/06/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.EXE
C:\PROGRAM FILES\PESTPATROL\COOKIEPATROL.EXE
C:\PROGRAM FILES\PESTPATROL\PPCONTROL.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAM FILES\FIREFOXPRELOADER\FIREFOXPRELOADER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OUTLOOK.EXE
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MAPI\1033\95\MAPISP32.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\HIJACK THIS\HIJACKTHIS.EXE

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\PROGRAM FILES\TECHSMITH\SNAGIT 7\SNAGITIEADDIN.DLL
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\winpatrol.exe
O4 - HKLM\..\Run: [TClockEx loader] C:\Program Files\Tclock\Tclockex.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\iTouch\iTouch.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - Startup: Firefox Preloader.lnk = C:\Program Files\FirefoxPreloader\FirefoxPreloader.exe
O4 - User Startup: Firefox Preloader.lnk = C:\Program Files\FirefoxPreloader\FirefoxPreloader.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
khazars's Avatar
Member with 12,290 posts.
 
Join Date: Feb 2004
Location: Glasgow, Scotland
01-Jun-2005, 06:58 AM #6
I googled it, it's a baddie, there's nothing on it! Adaware and spybot don't find viruses and worms anyway!

Last edited by khazars; 01-Jun-2005 at 07:00 AM.. Reason: more info
rachelm's Avatar
rachelm rachelm is offline
Member with 39 posts.
THREAD STARTER
 
Join Date: Feb 2005
Experience: Intermediate
01-Jun-2005, 06:59 AM #7
Adaware & spybot are clean. Do you know what prog bx260.exe is associated with? I am aware of many false positives generated by online scans. Thanks again


Logfile of HijackThis v1.99.1
Scan saved at 12:46:30, on 01/06/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.EXE
C:\PROGRAM FILES\PESTPATROL\COOKIEPATROL.EXE
C:\PROGRAM FILES\PESTPATROL\PPCONTROL.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAM FILES\FIREFOXPRELOADER\FIREFOXPRELOADER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OUTLOOK.EXE
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MAPI\1033\95\MAPISP32.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\HIJACK THIS\HIJACKTHIS.EXE

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\PROGRAM FILES\TECHSMITH\SNAGIT 7\SNAGITIEADDIN.DLL
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\winpatrol.exe
O4 - HKLM\..\Run: [TClockEx loader] C:\Program Files\Tclock\Tclockex.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\iTouch\iTouch.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - Startup: Firefox Preloader.lnk = C:\Program Files\FirefoxPreloader\FirefoxPreloader.exe
O4 - User Startup: Firefox Preloader.lnk = C:\Program Files\FirefoxPreloader\FirefoxPreloader.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
khazars's Avatar
Member with 12,290 posts.
 
Join Date: Feb 2004
Location: Glasgow, Scotland
01-Jun-2005, 07:00 AM #8
see above
rachelm's Avatar
rachelm rachelm is offline
Member with 39 posts.
THREAD STARTER
 
Join Date: Feb 2005
Experience: Intermediate
01-Jun-2005, 07:13 AM #9
It's strange because neither panda, trend or f-secure are picking it up. can u send me the google link re info about it. Thanks

Rachelm
rachelm's Avatar
rachelm rachelm is offline
Member with 39 posts.
THREAD STARTER
 
Join Date: Feb 2005
Experience: Intermediate
01-Jun-2005, 07:15 AM #10
sorry u said there's no info on it. Why does that make you think it's a baddie?

Rachelm
khazars's Avatar
Member with 12,290 posts.
 
Join Date: Feb 2004
Location: Glasgow, Scotland
01-Jun-2005, 07:17 AM #11
Perhaps you can clear this up yourself by doing a search for this file on your computer, seeing as you have it's name and path and see if it's there, if it is, delete it, if it's not, then you know bitdefender got it wrong!


http://www.google.co.uk/search?q=bx2...en-US:official
khazars's Avatar
Member with 12,290 posts.
 
Join Date: Feb 2004
Location: Glasgow, Scotland
01-Jun-2005, 07:19 AM #12
well, if it was a legitimate file like svchost.exe then you would have dozens of pages of info on it from a google search!
rachelm's Avatar
rachelm rachelm is offline
Member with 39 posts.
THREAD STARTER
 
Join Date: Feb 2005
Experience: Intermediate
01-Jun-2005, 07:25 AM #13
yes but if it was a recognised virus would not the same apply?
john1's Avatar
Member with 8,974 posts.
 
Join Date: Nov 2000
Location: England
01-Jun-2005, 09:04 AM #14
Hi,

They crop up very quickly nowadays,
if you are unfortunate enough to among the early people affected,
there may be little or no info for a while.

What folder is it in ?
Could you add ".OLD" onto its ext, for the time being.

I will have a bit of a search for myself, and see if anything comes up,

Regards, John
rachelm's Avatar
rachelm rachelm is offline
Member with 39 posts.
THREAD STARTER
 
Join Date: Feb 2005
Experience: Intermediate
01-Jun-2005, 09:10 AM #15
I have renamed it & removed it from windows system folder. I have searched on all major engines & can not find any info pertaining to it
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑

Content Relevant URLs by vBSEO 3.3.2