1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: trojans

Discussion in 'Windows XP' started by cuteypie37, Jan 25, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. cuteypie37

    cuteypie37 Thread Starter

    Joined:
    Jan 25, 2007
    Messages:
    12
    Hi i dont know if anyone can help but i have these messages coming up on my computer .I am a complete novice so please bear with me .

    i have windows xp thats all i know and zone alarms .I Also have ad aware and spybot and spyware blaster



    in my summery it says

    file java byte exploit! verify c/docume~1 karen\local~1TEMP\AAWTMP\C5630453\35AC80COUNTER.CLASS

    Java/byteverify!exploit c:\docume~1\karen/LOCAL~1\TEMP\AAWTMP\C5630453\35AC80VERIFIERBUG.CLASS

    Java/Shinwow.AB C:docume~1/karen/Locals~1\TEMP\AAWTMP\C5630453\35AC80BEYOND.CLASS

    Thank you in advance

    cuteypie37
     
  2. Old Rich

    Old Rich

    Joined:
    Jan 17, 2003
    Messages:
    10,254
    Look in Add/Remove Programs for the version of Java you are using . . if it is anything other than version 6, uninstall and download version 6 here

    Then download and run HiJack This and post a log so we can see what else is going on there:

    This from Derek:

    Click here to download HJTsetup.exe
    Save HJTsetup.exe to your desktop.
    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\Hijack This.
    Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialogue box click Finish and it will launch Hijack This.
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    Paste the log in your next reply.
    If you haven't already posted then start a new thread in the security forum
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
    __________________
    Derek
     
  3. cuteypie37

    cuteypie37 Thread Starter

    Joined:
    Jan 25, 2007
    Messages:
    12
    Hi Derek

    This is a hi jack this log . I have already upgraded my java thing to java 6 but it is still coming back with these things on


    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Apps\ActivBoard\nhksrv.exe
    C:\WINDOWS\System32\ZoneLabs\isafe.exe
    C:\WINDOWS\system32\GS30s.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Prevx1\PXAgent.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\khooker.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
    C:\WINDOWS\vsnpstd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Prevx1\PXConsole.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/news
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {1AA36FE9-AAFE-5172-9BCB-757210CA5B89} - http://85.255.113.214/1/gdnFR2218.exe
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1147555589187
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154627800031
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssiPictureUploader.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by114fd.bay114.hotmail.msn.com/activex/HMAtchmt.ocx
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
    O23 - Service: GS30s - Unknown owner - C:\WINDOWS\SYSTEM32\GS30s.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
    O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



    I hope this can shed some light

    many thanx

    karen
     
  4. Old Rich

    Old Rich

    Joined:
    Jan 17, 2003
    Messages:
    10,254
    The security gurus are pretty overloaded. . please have patience . . someone will take a look
     
  5. cuteypie37

    cuteypie37 Thread Starter

    Joined:
    Jan 25, 2007
    Messages:
    12
    Hi Derek -no problems i appreciate you are all very busy :):)

    hope to hear from you soon

    karen x
     
  6. Old Rich

    Old Rich

    Joined:
    Jan 17, 2003
    Messages:
    10,254
    I'm Rich . . Derek is DVK01 . . he is one of the security gurus

    Do you have an antivirus . . don't see it running
     
  7. cuteypie37

    cuteypie37 Thread Starter

    Joined:
    Jan 25, 2007
    Messages:
    12
    hi rich sorry about that :) i thought his name was Derek rich -oh my god im soooooooo embarrased now :)
    no probs i await his reply :)
    karen
     
  8. Old Rich

    Old Rich

    Joined:
    Jan 17, 2003
    Messages:
    10,254
    Don't worry about it . . I confused you with the quote of his . . sorry

    Do you have an anti-virus? . . don't see it running
     
  9. cuteypie37

    cuteypie37 Thread Starter

    Joined:
    Jan 25, 2007
    Messages:
    12
    hi there we have zone alarms how do i know if it is running ???it says it updates it everytime i run it ??? can you tell me how to check we have -or should have , zone alarms security 2005 on there -we only bought it last year can you tell me if it is checking it thanx rich

    karen
     
  10. Old Rich

    Old Rich

    Joined:
    Jan 17, 2003
    Messages:
    10,254
    Look in Add/Remove Programs to see what version you have . . If it is Zone Alarm Internet Security Suite, then you are ok . . it includes an Anti-Virus . . If it is just Zone Alarm or Zone Alarm Pro, it is only a firewall
     
  11. Freeware

    Freeware

    Joined:
    Jan 25, 2007
    Messages:
    18
    sorry if you don't appreciate this suggestion, but try saving all ur very important files that are very unlikely to be infected, then format ur hard disk and install linux, or at least don't use internet explorer (try firefox or opera instead).

    once you're infected with a sticky trojan there's really not much you can do to get rid of it short of formatting ur hard disk and discarding most of your currently installed and not backed up software.
     
  12. Old Rich

    Old Rich

    Joined:
    Jan 17, 2003
    Messages:
    10,254
    Absolute nonsense! !
     
  13. Freeware

    Freeware

    Joined:
    Jan 25, 2007
    Messages:
    18
    You think?
     
  14. grandma77

    grandma77

    Joined:
    Apr 1, 2006
    Messages:
    5,153
    Freeware you obviously have not read much in the security threads. The security moderators are doing a fantastic job cleaning a lot of peoples computers from trojans, virus's, dialers, spyware...go to the security threads and read through some...Very interesting and a lot to learn. I would rather have someone here help me if possible and not have to reformat.
     
  15. cuteypie37

    cuteypie37 Thread Starter

    Joined:
    Jan 25, 2007
    Messages:
    12
    hi rich it says zone alarms internet security suite
    it says 33993 blocked intrusions since install but it doesnt seem to be going up any more

    5120have been high rated but that stays the same as well


    karenx

    Thanks for a good job :)
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/538242

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice