Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I believe I have win32.backdoor.small and need it gone.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I believe I have win32.backdoor.small and need it gone.

Unread postby computerdummy » July 3rd, 2008, 11:34 am

I am running windows 2000. My wife opened up an unknown email accidentally and this is what happened. We new have a red circle in the menu bar on the lower right portion of the screen and if you put the mouse over it a bubble comes up and says
your computer is infected! windows has detected spyware infection
. I downloaded adaware and it identified it as what is in the subject line.

Here is my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:37 AM, on 7/3/2008
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINNT\System32\aspimgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\sistray.EXE
C:\WINNT\System32\RunDll32.exe
C:\Program Files\Common Files\AOL\1167380293\ee\AOLSoftware.exe
C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.2.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINNT\System32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\Hijack.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

about:
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS Tray] C:\WINNT\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\System32\khooker.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.dll,CMICtrlWnd
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common

Files\AOL\1167380293\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [XP SecurityCenter] "C:\Program

Files\XPSecurityCenter\XPSecurityCenter.exe" /hide
O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program

Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User

'Default user')
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft

Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft

Office\Office\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program

Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.2.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program

Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -

C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -

{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet

Explorer\Plugins\NPDocBox.dll
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter

AX control) - http://www.photodex.com/pxplay.cab
O20 - AppInit_DLLs: C:\WINNT\System32\cru629.dat
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft -

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) -

VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 3492 bytes


Thank you for the help.
computerdummy
Active Member
 
Posts: 2
Joined: July 3rd, 2008, 10:58 am
Advertisement
Register to Remove

Re: I believe I have win32.backdoor.small and need it gone.

Unread postby Shaba » July 5th, 2008, 4:42 am

Hi computerdummy

The formatting of your post is messed up. This is caused by having Word Wrap checked.
1. Click Start > All Programs > Accessories > Notepad
2. On the menu bar in Notepad select Format and click on WordWrap so it appears unchecked.

After that, please post back a fresh HijackThis log :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: I believe I have win32.backdoor.small and need it gone.

Unread postby Shaba » July 10th, 2008, 6:34 am

Due to lack of response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware