Trojan Horse Virus

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

SamIam

Thread Starter
Joined
Nov 17, 2003
Messages
33
Okay, i used the avg program, and it detected the virus
i had. I chose to put them in a vault. So now my question is
should i just leave them in the vault, or should i completely
delete them?

Thanks,
Sammie
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
81,549
Download and unzip HIJACKTHIS 1.99.0 to a folder of its own(not a temp folder), run a scan with it, save the log, then post the entire contents of the log here.
 

SamIam

Thread Starter
Joined
Nov 17, 2003
Messages
33
Im feeling a little stupid here, but i cannot figure out how to save HJT into a permenant
file, it keeps saying i have saved it in a temp file.
Here is my log from a temp file, hope it will work.

Thanks,
Sammie




Logfile of HijackThis v1.99.0
Scan saved at 11:28:16 AM, on 2/5/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINRAR\WINRAR.EXE
C:\WINDOWS\TEMP\RAR$EX05.593\HIJACKTHIS.EXE

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PIOLET] C:\PROGRAM FILES\PIOLET\PIOLET.exe SILENT
O4 - HKCU\..\Run: [Registry Cleaner] "C:\PROGRAM FILES\REGISTRY CLEANER\REGCLEAN.EXE"
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...579ae9d9555d:520254c6ae31119456192437fc021adc
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.8.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssiPictureUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
81,549
Open the C:\PROGRAM FILES folder and click File - New - Folder. Name it HijackThis. Move the "HijackThis.exe" file and all the other files from the C:\WINDOWS\TEMP\RAR$EX05.593 folder into the new folder.

Once you've done that, open the C:\WINDOWS\TEMP folder. Highlight and delete everything in the TEMP folder.

---------------------------------------------------------------

Click Start - Run, type in MSCONFIG, then click OK - Startup(tab). Uncheck the following:

PIOLET.EXE

REGCLEAN.EXE

MSNMSGR.EXE

WINRAR.EXE

POWERREG SCHEDULER


Once you've done that, click Apply - OK, then reboot when prompted to.

Other than SCANREGISTRY and SYSTEMTRAY, very little else needs to run in the background.

----------------------------------------------------------------

You're using PIOLET, which is a peer-to-peer file sharing client. You also have no antivirus program installed and running in the background. Between the two, you're asking for trouble.

----------------------------------------------------------------

Open the C:\WINDOWS\DOWNLOADED PROGRAM FILES folder. If any of them are marked as "Damaged" or "Unknown", delete them.

----------------------------------------------------------------

Once you've done the above, post a new log here.

----------------------------------------------------------------
 

SamIam

Thread Starter
Joined
Nov 17, 2003
Messages
33
Okay, i think i did it right...........here it is.

Thanks a bunch for the help!

Logfile of HijackThis v1.99.0
Scan saved at 6:54:54 PM, on 2/5/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACKTHIS\RAR$EX00.527\HIJACKTHIS.EXE

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...579ae9d9555d:520254c6ae31119456192437fc021adc
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.8.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssiPictureUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
 

telecom69

Gone but never forgotten
Joined
Oct 12, 2001
Messages
9,807
Now you can have hijack FIX the following by ticking each one and then fixing them

O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...92 437fc021adc
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab

Your log is not showing a Firewall or an anti-virus ....please confirm whether you have either of these ?
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
81,549
Your list of running processes has been trimmed down and looks much better. (y)

There is one more that you can uncheck and disable in the MSCONFIG "Startup" tab:

MSTASK.EXE

I would also recommend that you go into the Power Options icon in the Control Panel and set the power scheme to "Always On" and set everything else to "Never". This will prevent your computer from using the standby, suspend, hibernate, etc. options, but your computer will run better with these features turned off. Once you do that, go can also uncheck and disable both LoadPowerProfile entries in the MSCONFIG "Startup" tab. (y)

----------------------------------------------------------------

You do really need to have a full-time antivirus program installed and running in the background. Stay away from McAfee and Norton. :mad: Grisoft AVG 7.0 is a good one, and it's free. ;)

----------------------------------------------------------------
 

SamIam

Thread Starter
Joined
Nov 17, 2003
Messages
33
I dont have an anti virus or firewall. Can you recommend some good ones?


Thanks for the help everyone, i did everything that was mentioned.
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
81,549
Grisoft AVG Free Edition 7.0

Sygate Personal Firewall 5.6

Both are free.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top