1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

virus found..

Discussion in 'Virus & Other Malware Removal' started by number, Jan 21, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. number

    number Thread Starter

    Joined:
    Oct 15, 2003
    Messages:
    1,053
    hi,

    after all my precautions (see my signature) it seems my antivirus found a virus I thought i already deleted through killbox and an online scan... i'm attaching the log of the antivirus
    any suggestion?
    thanks
     

    Attached Files:

  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,027
    Please do the following:

    Click here to download HJTsetup.exe
    • Save HJTsetup.exe to your desktop.
    • Double click on the HJTsetup.exe icon on your desktop.
    • By default it will install to C:\Program Files\Hijack This.
    • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    • Put a check by Create a desktop icon then click Next again.
    • Continue to follow the rest of the prompts from there.
    • At the final dialogue box click Finish and it will launch Hijack This.
    • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    • Click Save to save the log file and then the log will open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  3. number

    number Thread Starter

    Joined:
    Oct 15, 2003
    Messages:
    1,053
    thanks! I'm pretty familiar with HJL, here's the log:

    Logfile of HijackThis v1.99.1
    Scan saved at 14.12.29, on 22/01/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\ProcessGuard\dcsuserprot.exe
    C:\Programmi\ewido anti-malware\ewidoctrl.exe
    C:\Programmi\Eset\nod32krn.exe
    C:\PROGRA~1\NowSMS\SMSGWNT.EXE
    C:\PROGRA~1\NowSMS\SMSGWS.EXE
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Programmi\Eset\nod32kui.exe
    C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\Mixer.exe
    C:\Programmi\Microsoft IntelliPoint\point32.exe
    C:\windows\hffext\hffsrv.exe
    C:\Programmi\ProcessGuard\pgaccount.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Programmi\ProcessGuard\procguard.exe
    C:\Programmi\Mozilla Firefox\firefox.exe
    C:\Programmi\Real\RealPlayer\RealPlay.exe
    C:\Programmi\eMule\emule.exe
    C:\Programmi\Microsoft Office\OFFICE11\EXCEL.EXE
    C:\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
    O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [messenger] aim.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [hffsrv] c:\windows\hffext\hffsrv.exe
    O4 - HKLM\..\Run: [!1_pgaccount] "C:\Programmi\ProcessGuard\pgaccount.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\RunServices: [messenger] aim.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [!1_ProcessGuard_Startup] "C:\Programmi\ProcessGuard\procguard.exe" -minimize
    O4 - HKCU\..\Run: [googletalk] "C:\Programmi\Google\Google Talk\googletalk.exe" /autostart
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O12 - Plugin for .pdf: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B65E3887-2EF1-42E2-BFA9-1EE485DCED36}: NameServer = 85.37.17.17 85.38.28.72
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: DiamondCS Process Guard Service v3.000 (DCSPGSRV) - DiamondCS - C:\Programmi\ProcessGuard\dcsuserprot.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ILT - Unknown owner - C:\WINDOWS\ilt.exe (file missing)
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Programmi\Eset\nod32krn.exe
    O23 - Service: Now SMS/MMS Gateway (NowSMS) - Unknown owner - C:\PROGRA~1\NowSMS\SMSGWNT.EXE
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,027
    Go to the following link and upload each of the following files for analysis and let me know what the results are please:

    http://virusscan.jotti.org/

    C:\WINDOWS\ilt.exe
     
  5. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,027
  6. number

    number Thread Starter

    Joined:
    Oct 15, 2003
    Messages:
    1,053
    http://virusscan.jotti.org/ didnt find that file as a virus , and about ghostmail, i've removed everything.. i hope it will enough
     
  7. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,027
    Unless you know what it is, I'm still suspicious of that file. I'd like to have Derek take a closer look at it.

    Go to the forum here and upload this (these) file(s):

    C:\WINDOWS\ilt.exe

    Here are the directions for uploading the file:

    Just click "New Topic", fill in the needed details and post a link to your thread here. Click the "Browse" button. Navigate to the file on your computer. When the file is listed in the window click "Post" to upload the file.
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/435911

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice