trojans-please help

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

kevsatim

Thread Starter
Joined
Jul 10, 2003
Messages
10
can anyone please help-I seem to have the following trojans, how do i get rid of them
troj-delf.ar
troj-delf.a
troj-agent.eg
troj-alchemic.a
troj-dload.a
html-mhtredir.a
Logfile of HijackThis v1.97.7
Scan saved at 07:18:35, on 04/09/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\program files\altnet\points manager\points manager.exe
C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\freeserve\freeserveconnectionkit\atdialler1.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\kevin noble\Desktop\HijackThis.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/iesearch/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mfsnizmr] C:\WINDOWS\mfsnizmr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe -r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Freeserve Connection Kit.lnk = C:\freeserve\freeserveconnectionkit\atdialler1.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Popup Killer Options (HKLM)
O9 - Extra 'Tools' menuitem: Popup Killer (HKLM)
O9 - Extra button: TREND MICRO HouseCall (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: ChatSpace Java Client 2.1.0.90N - http://freeserve-a4.chatspace.com/Java/cs4msn090.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0E25CA6C-52AE-47E0-BF44-BC5B3A0403F4} - http://www.anywebcam.com/awc/SGT.ocx
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/downl...-a3de-373c3e5552fc/msSecAdv.cab?1073214433701
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab
O16 - DPF: {3CA95C27-2150-4E4A-93A3-D557C88EBF2D} - http://beta.anywebcam.com/awc/MGT.ocx
O16 - DPF: {51045741-8C4E-4EAC-8F03-08E43A6FBB29} - http://aft.ancestry.com/aftfiles/files/install/AncestryFamilyTree.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://housecall.trendmicro-europe.com/housecall/Xscan53.cab
O16 - DPF: {78960E0E-0B0C-11D4-8997-00104BD12D94} (AV Class) - http://www.pcpitstop.com/antivirus/PCPAV.CAB
O16 - DPF: {7C643E9A-FDE6-4854-89A6-AA014AD6A63D} (Project1.UserControl1) - http://beta.anywebcam.com/awc/BMC.ocx
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downloads/common/housecall/HouseCallButton.CAB
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com/broadcast/ActiveXWebCam.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37953.6051388889
O16 - DPF: {B5ED2DB1-5728-4355-94F0-4A1C856B88F2} (GUNID.UNID) - http://www.anywebcam.com/awc/GUNID.CAB
O16 - DPF: {BDA25AB2-5805-49CE-9C98-29FCDDF652EB} - http://beta.anywebcam.com/awc/GM.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8E72919-8219-4337-9260-7DD62C782AEF} - http://beta.anywebcam.com/awc/MGET.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C7E33AD-85DA-4FEA-8BCB-7E7706845EAC}: NameServer = 195.92.195.94 195.92.195.95
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C7E33AD-85DA-4FEA-8BCB-7E7706845EAC}: NameServer = 195.92.195.94 195.92.195.95
 
Joined
Feb 15, 2004
Messages
826
I EDITED THE POST. PLEASE REREAD

Remove these entries by placing checks by them and clicking on fix (make sure that all other windows are closed)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O4 - HKLM\..\Run: [mfsnizmr] C:\WINDOWS\mfsnizmr.exe
O4 - Global Startup: Freeserve Connection Kit.lnk = C:\freeserve\freeserveconnectionkit\atdialler1.exe
O16 - DPF: {0E25CA6C-52AE-47E0-BF44-BC5B3A0403F4} - http://www.anywebcam.com/awc/SGT.ocx
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {3CA95C27-2150-4E4A-93A3-D557C88EBF2D} - http://beta.anywebcam.com/awc/MGT.ocx
O16 - DPF: {7C643E9A-FDE6-4854-89A6-AA014AD6A63D} (Project1.UserControl1) - http://beta.anywebcam.com/awc/BMC.ocx
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com/broadcast/ActiveXWebCam.cab
O16 - DPF: {B5ED2DB1-5728-4355-94F0-4A1C856B88F2} (GUNID.UNID) - http://www.anywebcam.com/awc/GUNID.CAB
O16 - DPF: {BDA25AB2-5805-49CE-9C98-29FCDDF652EB} - http://beta.anywebcam.com/awc/GM.ocx
O16 - DPF: {E8E72919-8219-4337-9260-7DD62C782AEF} - http://beta.anywebcam.com/awc/MGET.ocx

Reboot to safe mode and enable viwing of hidden/system files (instructions below) and delete this file:

C:\WINDOWS\mfsnizmr.exe

and this folder:
C:\freeserve

Next, reboot back to normal mode.

  1. Download Ad-Aware SE 1.03 from http://majorgeeks.com/download.php?det=506/
  2. Install the program, open it check to make sure you have the latest reference file by clicking on webupdate. Make sure that your reference file reads SE1R6 30.08.2004 (or higher number/date). If it does not then make sure to run web update and download the new reference file.
  3. Make sure the that all settings under the Scanning Button are turned to ON
  4. Finally Click Proceed to save your settings.
  5. When scan completes, remove all items.


then
  1. Download Spyboy S&D from this page
  2. Open and install the program then click here and follow the instructions for updating the program. Download all available updates.
  3. Run a scan by clicking on Spybot S&D and then clicking Search & Destroy and then Check for problems
  4. When scan completes, remove all items in red by making sure that they are checked and then click Fix selected problems

In internet explorer, click Tools>Internet Options and then click Delete Files

Reboot and post another new hijackthis log [your version of hijackthis is outdated. the please download the new version from http://www.download.com/redir?pid=1...6&ontId=8022&destUrl=/3001-8022-10307556.html ]. Post a log from the new version please.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top