Malware trojan? iworm_attck

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

oyvindfl

Thread Starter
Joined
Jul 16, 2005
Messages
1
Hi.
I recently experienced an unusal icon in my task bare. The message was that I had to install antivirus on my computer, sugesting antivirus GOLD to be a great offer. When searchin google, i dicovered that antivirus GOLD is not wat it seems.

So how do I get rid of this thing? anyone who has experienced the same problem?

Logfile of HijackThis v1.99.1
Scan saved at 17:07:14, on 16.07.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\norman\Nvc\BIN\NPFSVICE.EXE
D:\Program Files\norman\Bin\Zanda.exe
D:\WINDOWS\system32\wdfmgr.exe
D:\Program Files\norman\bin\NJEEVES.EXE
D:\Program Files\norman\Nvc\BIN\NVCSCHED.EXE
D:\Program Files\norman\Nvc\BIN\nipsvc.exe
D:\Program Files\norman\Nvc\bin\nvcoas.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\msole32.exe
D:\Program Files\Logitech\iTouch\iTouch.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
D:\Program Files\MSN Apps\Updater\01.02.3000.1001\no\msnappau.exe
D:\Program Files\D-Tools\daemon.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\norman\bin\ZLH.EXE
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
D:\Program Files\corega\Wireless LAN USB Stick-11\PCUBCfg.EXE
D:\Program Files\norman\Nvc\bin\cclaw.exe
D:\Program Files\norman\Nvc\BIN\NIP.EXE
D:\Program Files\norman\Nvc\BIN\npfmsg2.exe
D:\WINDOWS\system32\wuauclt.exe
F:\PROGRAM FILES\opera\Opera.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\Oyvind\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.chess.no/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\no\msntb.dll (file missing)
O4 - HKLM\..\Run: [zBrowser Launcher] D:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "D:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [msnappau] "D:\Program Files\MSN Apps\Updater\01.02.3000.1001\no\msnappau.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NVMixerTray] "D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ChelloDesktop] D:\Program Files\chello\ChelloDesktop.exe
O4 - HKLM\..\Run: [Norman ZANDA] D:\Program Files\norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless LAN USB Stick-11 Configuration Utility.lnk = D:\Program Files\corega\Wireless LAN USB Stick-11\PCUBCfg.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D185838-009D-47C8-824B-B65B4854430E} (Installer Class) - http://quickfix2.chello.no/quickfix2/asp/chelloInstall.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120167886147
O16 - DPF: {C58EFA10-2CC0-4C50-8C77-B326555EC1B7} (clsDefault Class) - http://quickfix2.chello.no/quickfix2/asp/LaunchApp.CAB
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - D:\Program Files\norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - D:\Program Files\norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - D:\Program Files\norman\Nvc\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - D:\Program Files\norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - D:\Program Files\norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - D:\Program Files\norman\Nvc\BIN\NVCSCHED.EXE
 
Joined
Jul 29, 1999
Messages
1,150
Look in Security Forum - there are several threads addressing Antivirus Gold. Or, do a search above for AntiVirus Gold - it will identify those threads for you.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Staff online

Members online

Top