Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help!! Need help removing Trojan Virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help!! Need help removing Trojan Virus

Unread postby caseyjonescampground » November 21st, 2007, 6:19 pm

Have a Trojan Virus & need assistance. Here is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 5:17:53 PM, on 11/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AdwareAlert\AdwareAlert.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... bd=3071025
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&cli ... bd=3071025
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... bd=3071025
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: {eece7a68-e809-4699-a954-3fe752fece19} - {91ecef25-7ef3-459a-9964-908e86a7ecee} - C:\WINDOWS\system32\pdasjqra.dll
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nspAF.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\vlstjeef.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {BCC73622-F72D-4277-803C-D65565A0947F} - C:\WINDOWS\system32\iifgebx.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: (no name) - {D1D03827-D64A-43F6-B987-CA3B5C63F017} - C:\WINDOWS\system32\jkhhg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Adssite Advanced Toolbar\toolbar.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\vlstjeef.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [MDNS] C:\WINDOWS\system32\service.exe
O4 - HKLM\..\Run: [c87249f2] rundll32.exe "C:\WINDOWS\system32\euofalvx.dll",b
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: iifgebx - C:\WINDOWS\SYSTEM32\iifgebx.dll
O20 - Winlogon Notify: vlstjeef - C:\WINDOWS\SYSTEM32\vlstjeef.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8916 bytes


Thank you,
Colin
caseyjonescampground
Active Member
 
Posts: 3
Joined: November 21st, 2007, 2:40 pm
Advertisement
Register to Remove

Re: Help!! Need help removing Trojan Virus

Unread postby Gary R » November 22nd, 2007, 12:52 pm

Looking over your log back ASAP.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21775
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Help!! Need help removing Trojan Virus

Unread postby Gary R » November 22nd, 2007, 12:56 pm

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.


Hi Colin,

I'm Gary R, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
If you can do these things, everything should go smoothly.
  • Please note you'll need to have Administrator privileges to perform the fixes. (XP accounts are Administrator by default)

You are using the BETA version of HJT, please delete it.

Download HJTInstall.exe to your Desktop.
  • Doubleclick HJTInstall.exe to install it.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Close HijackThis, we don't need a scan yet.

Please use this version whenever I ask for a scan log.

  • Download combofix.exe by sUBs to your Desktop.
  • Alternate Download
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log for you. Post that log in your next reply please, along with a new HJT log. (it can also be found at C:\Combofix.txt)
IMPORTANT
  • Do not use your computer while Combofix is running.
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21775
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Help!! Need help removing Trojan Virus

Unread postby caseyjonescampground » November 25th, 2007, 8:09 pm

Gary;

Thank you for your assistance. Here is the log from ComboFix: (Will post HJT in a seperate reply post)

ComboFix 07-11-19.3 - CJG 2007-11-25 18:49:06.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1513 [GMT -6:00]
Running from: C:\Program Files\Trend Micro\ComboFix.exe
* Created a new restore point
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\CJG\Desktop\Live Safety Center.lnk
C:\Documents and Settings\CJG\Desktop\Online Security Guide.lnk
C:\Documents and Settings\CJG\Favorites\Online Security Guide.lnk
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\agvounna.exe
C:\WINDOWS\system32\ddcbbay.dll
C:\WINDOWS\system32\ghhkj.ini
C:\WINDOWS\system32\ghhkj.ini2
C:\WINDOWS\system32\jkhhg.dll
C:\WINDOWS\system32\nspAF.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\vlstjeef.dllbox
C:\WINDOWS\system32\x64

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-10-26 to 2007-11-26 )))))))))))))))))))))))))))))))
.

2007-11-25 18:57 20,810 ---hs---- C:\WINDOWS\system32\vlstjeef.dllbox
2007-11-25 18:40 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-25 14:33 775,952 ---hs---- C:\WINDOWS\system32\ddmludxq.ini
2007-11-25 14:33 79,936 --a------ C:\WINDOWS\system32\vadcptjv.dll
2007-11-25 14:27 85,056 --a------ C:\WINDOWS\system32\qxdulmdd.dll
2007-11-25 14:24 71,232 --a------ C:\WINDOWS\system32\cwsxpjdx.exe
2007-11-21 13:26 <DIR> d-------- C:\HijackThis
2007-11-20 09:59 <DIR> d-------- C:\Program Files\AdwareAlert
2007-11-20 09:59 <DIR> d-------- C:\Documents and Settings\CJG\Application Data\AdwareAlert
2007-11-20 09:48 581 --a------ C:\Documents and Settings\CJG\x.dat
2007-11-20 09:48 0 --a------ C:\x.dat
2007-11-20 09:47 37,376 --a------ C:\WINDOWS\system32\wvurpmn.dll
2007-11-20 09:47 6,886 --a------ C:\Documents and Settings\CJG\z.dat
2007-11-20 09:42 84,544 --a------ C:\WINDOWS\system32\pdasjqra.dll
2007-11-20 09:39 793,801 --ahs---- C:\WINDOWS\system32\xvlafoue.ini
2007-11-20 09:39 85,056 --a------ C:\WINDOWS\system32\euofalvx.dll
2007-11-19 11:47 <DIR> d-------- C:\WINDOWS\Sun
2007-11-19 11:10 36,352 --a------ C:\WINDOWS\system32\cbxvttt.dll
2007-11-18 15:49 673,848 --ahs---- C:\WINDOWS\system32\uekjlpgv.ini
2007-11-18 15:49 85,056 --a------ C:\WINDOWS\system32\vgpljkeu.dll
2007-11-16 16:57 673,737 --ahs---- C:\WINDOWS\system32\plehlxwg.ini
2007-11-16 16:57 85,056 --------- C:\WINDOWS\system32\gwxlhelp.dll
2007-11-15 21:02 669,545 --ahs---- C:\WINDOWS\system32\pqshmwai.ini
2007-11-15 11:59 36,352 --a------ C:\WINDOWS\system32\urqoppp.dll
2007-11-13 13:07 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-13 11:36 669,251 --ahs---- C:\WINDOWS\system32\bmgttaml.ini
2007-11-13 11:34 145,984 --a------ C:\WINDOWS\system32\vlstjeef.dll
2007-11-13 11:33 145,984 --a------ C:\WINDOWS\system32\vwwiqwpm.dll
2007-11-12 13:57 36,352 --a------ C:\WINDOWS\system32\cbxwvvw.dll
2007-11-11 18:32 36,352 --a------ C:\WINDOWS\system32\cbxuvuu.dll
2007-11-11 17:36 430,080 --a------ C:\WINDOWS\system\STVCOL.DLL
2007-11-11 17:36 217,088 --a------ C:\WINDOWS\system\STV680U.DLL
2007-11-11 17:36 97,832 --a------ C:\WINDOWS\system32\drivers\STV680.SYS
2007-11-11 17:36 36,864 --a------ C:\WINDOWS\system\STV680TG.DLL
2007-11-11 17:36 36,864 --a------ C:\WINDOWS\system\STV680SL.DLL
2007-11-11 17:36 17,260 --a------ C:\WINDOWS\system\STV680LF.CFG
2007-11-11 17:36 9,328 --a------ C:\WINDOWS\system\STV680SG.DRV
2007-11-11 17:35 <DIR> d-------- C:\Program Files\Polaroid iZone
2007-11-11 17:35 447,244 --a------ C:\WINDOWS\system32\drivers\C-itNT.sys
2007-11-11 17:35 229,376 --a------ C:\WINDOWS\system32\camfc.dll
2007-11-11 17:35 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-11-11 17:35 49,152 --a------ C:\WINDOWS\system32\CamCapEx.dll
2007-11-11 17:31 <DIR> d-------- C:\Documents and Settings\CJG\WINDOWS
2007-11-08 08:33 35,328 --a------ C:\WINDOWS\system32\nnnmnom.dll
2007-11-07 13:27 <DIR> d-------- C:\WINDOWS\system32\Mz18r
2007-11-07 13:27 <DIR> d-------- C:\Temp\mZOr
2007-11-07 13:27 <DIR> d-------- C:\Temp
2007-11-04 14:14 786 --a------ C:\5154.bat
2007-11-04 13:41 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-04 13:38 120 --a------ C:\n.bat
2007-11-04 13:38 0 --a------ C:\z.dat
2007-11-04 13:37 35,328 --a------ C:\WINDOWS\system32\iifgebx.dll
2007-11-04 13:37 786 --a------ C:\9582.bat
2007-11-04 09:25 <DIR> d-------- C:\Program Files\Common Files\Adaptec Shared
2007-11-04 09:25 40,960 --a------ C:\WINDOWS\uneng.exe
2007-11-04 09:18 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-11-04 09:17 <DIR> d-------- C:\Program Files\Ahead
2007-11-02 09:37 <DIR> d-------- C:\Program Files\Network Stumbler
2007-11-01 13:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-11-01 13:50 <DIR> d-------- C:\Program Files\Adssite Advanced Toolbar
2007-11-01 13:50 <DIR> d-------- C:\Documents and Settings\CJG\Application Data\Adssite Advanced Toolbar
2007-11-01 13:50 79,875 --a------ C:\WINDOWS\system32\adssite-remove.exe
2007-11-01 13:50 40,733 --a------ C:\WINDOWS\system32\rightonadz-uninst.exe
2007-11-01 13:48 <DIR> d-------- C:\Program Files\PlayMP3z
2007-10-30 16:08 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-10-30 16:08 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-10-30 16:08 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-10-30 16:06 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-10-30 12:53 <DIR> d-------- C:\Documents and Settings\CJG\Shared
2007-10-30 12:53 <DIR> d-------- C:\Documents and Settings\CJG\Incomplete
2007-10-30 12:53 <DIR> d-------- C:\Documents and Settings\CJG\Application Data\LimeWire
2007-10-30 07:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2007-10-30 07:30 <DIR> d-------- C:\Program Files\Elaborate Bytes
2007-10-30 07:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2007-10-30 07:17 <DIR> d-------- C:\Program Files\SlySoft
2007-10-30 06:54 <DIR> d-------- C:\AoATemp
2007-10-30 06:52 <DIR> d-------- C:\Documents and Settings\CJG\Application Data\CyberLink
2007-10-30 06:34 <DIR> d-------- C:\Documents and Settings\CJG\Application Data\dvdcss
2007-10-30 06:30 <DIR> d-------- C:\Program Files\AoA DVD Copy
2007-10-30 06:30 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-30 06:28 181,248 --------- C:\WINDOWS\system32\dllcache\rasmans.dll
2007-10-30 06:27 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-30 06:13 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-10-30 06:13 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-10-30 06:13 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2007-10-30 06:13 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-10-29 16:20 3,380 --a------ C:\WINDOWS\system32\OEMINFO.PNF
2007-10-29 15:42 <DIR> d-------- C:\Program Files\Common Files\Colasoft Shared
2007-10-29 15:42 <DIR> d-------- C:\Program Files\Colasoft MAC Scanner 1.1
2007-10-29 15:42 4,231,168 --a------ C:\WINDOWS\system32\CSXTP1031u.dll
2007-10-29 15:42 212,992 --a------ C:\WINDOWS\system32\CSMFCUI63U.DLL
2007-10-29 15:42 204,800 --a------ C:\WINDOWS\system32\CSUPDATE11U.dll
2007-10-29 15:42 147,456 --a------ C:\WINDOWS\system32\CSXTUI22U.dll
2007-10-29 15:42 110,592 --a------ C:\WINDOWS\system32\CSCPPSTD63U.dll
2007-10-29 15:42 102,400 --a------ C:\WINDOWS\system32\CSMUI63U.dll
2007-10-29 15:42 94,208 --a------ C:\WINDOWS\system32\CSMFCSTD63U.dll
2007-10-29 15:42 49,152 --a------ C:\WINDOWS\system32\CSIPI63U.dll
2007-10-29 15:42 20,480 --a------ C:\WINDOWS\system32\CSCODER63U.dll
2007-10-29 15:20 <DIR> d--hs---- C:\Documents and Settings\CJG\UserData
2007-10-29 15:15 <DIR> d-------- C:\Documents and Settings\karrie\Application Data\Roxio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-31 20:14 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-20 15:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-11-04 19:41 278,542 ----a-w C:\WINDOWS\Fonts\Setup.exe
2007-11-04 19:36 278,541 --sh--w C:\WINDOWS\Fonts\svchost.exe
2007-10-30 12:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2007-10-29 22:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Gtek
2007-10-29 21:59 --------- d-----w C:\Program Files\Google
2007-10-24 23:52 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Roxio
2007-10-24 23:49 --------- d-----w C:\Program Files\Microsoft Works
2007-10-24 23:49 --------- d-----w C:\Program Files\Microsoft Plus! Photo Story 2 LE
2007-10-24 23:49 --------- d-----w C:\Program Files\Microsoft Plus! Digital Media Edition
2007-10-24 23:49 --------- d-----w C:\Program Files\Dell
2007-10-24 23:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-24 23:48 --------- d-----w C:\Program Files\MUSICMATCH
2007-10-24 23:48 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-24 23:44 --------- d-----w C:\Program Files\Dell DataSafe Online
2007-10-24 23:44 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-24 23:43 --------- d-----w C:\Program Files\DellSupport
2007-10-24 23:43 --------- d-----w C:\Program Files\Dell Support Center
2007-10-24 23:43 --------- d-----w C:\Program Files\Common Files\supportsoft
2007-10-24 23:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2007-10-24 23:42 --------- d-----w C:\Program Files\CyberLink
2007-10-24 23:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2007-10-24 23:41 --------- d-----w C:\Program Files\Roxio
2007-10-24 23:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Roxio
2007-10-24 23:40 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-10-24 23:37 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2007-10-24 23:37 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2007-10-24 23:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2007-10-24 23:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2007-10-24 23:36 --------- d-----w C:\Program Files\Sigmatel
2007-10-24 23:34 --------- d-----w C:\Program Files\CONEXANT
2007-10-24 23:33 --------- d-----w C:\Program Files\NetWaiting
2007-10-24 23:33 --------- d-----w C:\Program Files\Modem Diagnostic Tool
2007-10-24 23:33 --------- d-----w C:\Program Files\Digital Line Detect
2007-10-24 23:33 --------- d-----w C:\Program Files\Broadcom
2007-10-24 23:31 --------- d-----w C:\Program Files\Java
2007-10-24 23:30 --------- d-----w C:\Program Files\Common Files\Java
2007-10-24 23:29 --------- d-----w C:\Program Files\MSXML 6.0
2007-10-24 23:16 --------- d-----w C:\Program Files\Synaptics
2007-10-24 23:10 6,788 ----a-w C:\WINDOWS\system32\drivers\1028_Dell_INS_I1520.mrk
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4ddd3e90-37ca-4a10-a3fb-9048cce6a32e}]
2007-11-25 14:34 79936 --a------ C:\WINDOWS\system32\vadcptjv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-13 11:34 145984 --a------ C:\WINDOWS\system32\vlstjeef.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCC73622-F72D-4277-803C-D65565A0947F}]
2007-11-04 13:37 35328 --a------ C:\WINDOWS\system32\iifgebx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{41C29B07-6F91-4966-91BE-2E2841643C83}"= C:\Program Files\Adssite Advanced Toolbar\toolbar.dll [2007-08-30 06:24 561152]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\vlstjeef.dll [2007-11-13 11:34 145984]

[HKEY_CLASSES_ROOT\clsid\{41c29b07-6f91-4966-91be-2e2841643c83}]
[HKEY_CLASSES_ROOT\CoolToolBar.IEBarLogic.1]
[HKEY_CLASSES_ROOT\TypeLib\{6B4FA1DD-A353-49F8-A650-79C21D6B4824}]
[HKEY_CLASSES_ROOT\CoolToolBar.IEBarLogic]

[HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\vlstjeef.dll [2007-11-13 11:34 145984]

[HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-29 14:08]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
"AdwareAlert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" [2007-11-15 15:49]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-09 21:21]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-07-09 20:58]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-07-09 20:58]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-07-09 20:58]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-07-03 12:57]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-03-16 02:10]
"SigmatelSysTrayApp"="stsystra.exe" [2007-07-09 21:03 C:\WINDOWS\stsystra.exe]
"KADxMain"="C:\WINDOWS\system32\KADxMain.exe" [2006-11-02 13:05]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 10:35]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 10:37]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 10:22]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 08:00]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-04-16 15:10]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 03:40]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-24 17:44]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-24 06:03]
"MDNS"="C:\WINDOWS\system32\service.exe" []
"c87249f2"="C:\WINDOWS\system32\qxdulmdd.dll" [2007-11-25 14:33]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-10-24 17:33:26]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{BCC73622-F72D-4277-803C-D65565A0947F}"= C:\WINDOWS\system32\iifgebx.dll [2007-11-04 13:37 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifgebx]
iifgebx.dll 2007-11-04 13:37 35328 C:\WINDOWS\system32\iifgebx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vlstjeef]
vlstjeef.dll 2007-11-13 11:34 145984 C:\WINDOWS\system32\vlstjeef.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkhhg.dll

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
R3 DXEC02;DXEC02;C:\WINDOWS\system32\drivers\dxec02.sys
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\NSNDIS5.SYS

.
Contents of the 'Scheduled Tasks' folder
"2007-11-26 00:59:15 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-25 18:58:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-25 19:02:04 - machine was rebooted
.
--- E O F ---
caseyjonescampground
Active Member
 
Posts: 3
Joined: November 21st, 2007, 2:40 pm

Re: Help!! Need help removing Trojan Virus

Unread postby caseyjonescampground » November 25th, 2007, 8:11 pm

Dear Gary;

Here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:09:59 PM, on 11/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AdwareAlert\AdwareAlert.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&cli ... bd=3071025
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... bd=3071025
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Adssite Advanced Toolbar\toolbar.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\vlstjeef.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [MDNS] C:\WINDOWS\system32\service.exe
O4 - HKLM\..\Run: [c87249f2] rundll32.exe "C:\WINDOWS\system32\qxdulmdd.dll",b
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7256 bytes
caseyjonescampground
Active Member
 
Posts: 3
Joined: November 21st, 2007, 2:40 pm

Re: Help!! Need help removing Trojan Virus

Unread postby Gary R » November 26th, 2007, 5:08 am

Hi Colin,

Bad news I'm afraid.

The version of Vundo you have comes bundled with a trojan that has Backdoor/Keylogging capabilities.

This means your attacker has had access to any passwords and account numbers stored on your computer.

You are strongly advised to do the following immediately:

1. Disconnect infected computer from the internet and from any networked computers until the computer can be cleaned.

2. Call all of your banks, credit card companies, and financial institutions. Inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

3. From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer, because the attacker will get the new passwords and transaction information.

IF YOU USE THIS COMPUTER FOR ONLINE BANKING OR OTHER FINANCIAL TRANSACTIONS, OR HAVE DATA OF A CONFIDENTIAL NATURE ON IT, MY RECOMMENDATION IS THAT YOU RE-FORMAT AND RE-INSTALL YOUR OPERATING SYSTEM AND PROGRAMMES. WE CAN NEVER BE TOTALLY SURE WE HAVE GOT RID OF ALL MODIFICATIONS WHICH MAY HAVE BEEN MADE BY THE ATTACKER, AND THEREFORE CANNOT GUARANTEE THE SAFETY OF YOUR DATA.

If you choose to re-format, instructions for doing so can be found HERE (courtesy of wng_z3r0).

If you don't have the resources to reinstall your OS and/or would like me to attempt to clean your machine, I'll be happy to do so.

To help you decide, please take some time to read the following articles, then let me know how you want to proceed.

What are Remote Access Trojans and why are they dangerous
How do I respond to a possible identity theft and how do I prevent it
When should do a reformat and reinstallation of my OS
Where to backup your files
How to backup your files in Windows XP
Restoring your backups
User avatar
Gary R
Administrator
Administrator
 
Posts: 21775
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Help!! Need help removing Trojan Virus

Unread postby Gary R » December 4th, 2007, 8:03 am

Due to lack of response this topic is now closed.

If you are the originator of this topic, and you need it re-opened please send an email to 'admin at malwareremoval.com', including a link to this topic.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.

Gary R
User avatar
Gary R
Administrator
Administrator
 
Posts: 21775
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 25 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware