Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

HTML & ASP files getting malicius code automatically

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

HTML & ASP files getting malicius code automatically

Unread postby kscorpio » October 22nd, 2009, 1:52 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:55 AM, on 10/22/2009
Platform: Windows 2003 SP2, v.4566 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP2 (6.00.3790.2825)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Advanced Communications\Hosting Controller\exes\HCDiskQuota.exe
C:\Program Files\Advanced Communications\Hosting Controller 7C\Web\Bin\HCRemotingService.exe
C:\Program Files\Advanced Communications\Hosting Controller\exes\HCSchedulerService.exe
C:\Program Files\Advanced Communications\Hosting Controller\exes\HCSMTPService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Microsoft SQL Server\MSSQL$HC7\Binn\sqlservr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers\avp.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Advanced Communications\Hosting Controller 7C\Web\Bin\HCBillingService.exe
C:\Program Files\Advanced Communications\Hosting Controller 7C\Web\Bin\HCMailService.exe
C:\Program Files\Advanced Communications\Hosting Controller 7C\Web\Bin\HCQuotaService.exe
C:\Program Files\Advanced Communications\Hosting Controller 7C\Web\Bin\HCServer.exe
C:\Program Files\Advanced Communications\Hosting Controller 7C\Web\Bin\HCSyncService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers\avp.exe
C:\WINDOWS\system32\dumprep.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Advanced Communications\Hosting Controller\exes\hostingcontroller.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\windows\system32\inetsrv\w3wp.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers\avp.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-4259553010-3067046617-1597072791-1004\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\S-1-5-21-4259553010-3067046617-1597072791-1047\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O15 - ESC Trusted Zone: http://www.enigmasoftware.a013.com
O15 - ESC Trusted Zone: http://forums.asp.net
O15 - ESC Trusted Zone: http://view.atdmt.com
O15 - ESC Trusted Zone: http://free.avg.com
O15 - ESC Trusted Zone: http://ads.bridgetrack.com
O15 - ESC Trusted Zone: http://www.brothersoft.com
O15 - ESC Trusted Zone: http://*.coreftp.com
O15 - ESC Trusted Zone: http://www.devilsworkshop.org
O15 - ESC Trusted Zone: http://ad.doubleclick.net
O15 - ESC Trusted Zone: http://googleads.g.doubleclick.net
O15 - ESC Trusted Zone: http://www.emsisoft.com
O15 - ESC Trusted Zone: http://www.google.co.in
O15 - ESC Trusted Zone: http://*.hostingcontroller.com
O15 - ESC Trusted Zone: http://www.iis.net
O15 - ESC Trusted Zone: http://www.kaspersky.co.uk
O15 - ESC Trusted Zone: http://www.kaspersky.com
O15 - ESC Trusted Zone: http://analytics.live.com
O15 - ESC Trusted Zone: http://by140w.bay140.mail.live.com
O15 - ESC Trusted Zone: http://login.live.com
O15 - ESC Trusted Zone: http://mail.live.com
O15 - ESC Trusted Zone: http://*.malwareremoval.com
O15 - ESC Trusted Zone: http://www.motherspridekids.com
O15 - ESC Trusted Zone: http://*.motherspridekids.com
O15 - ESC Trusted Zone: http://www.mothersprideonline.com
O15 - ESC Trusted Zone: http://www.mozilla.com
O15 - ESC Trusted Zone: http://analytics.msn.com
O15 - ESC Trusted Zone: http://in.msn.com
O15 - ESC Trusted Zone: http://www.msn.com
O15 - ESC Trusted Zone: http://www.presidiumonline.com
O15 - ESC Trusted Zone: http://www.quickheal.co.in
O15 - ESC Trusted Zone: http://www.scanwith.com
O15 - ESC Trusted Zone: http://hjt-data.trendmicro.com
O15 - ESC Trusted Zone: http://*.windowsupdate.com
O15 - ESC Trusted Zone: http://ad.yieldmanager.com
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O15 - ESC Trusted IP range: http://66.165.106.6
O15 - ESC Trusted IP range: http://66.165.106.14
O15 - ESC Trusted IP range: http://66.165.106.16
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7511102232
O17 - HKLM\System\CCS\Services\Tcpip\..\{6CE59D3B-FD8C-44B7-AABB-3B81554BDD0C}: NameServer = 216.15.129.202,216.15.129.201
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers\avp.exe
O23 - Service: Hosting Controller Billing Service (HCBilling) - Hosting Controller - C:\Program Files\Advanced Communications\Hosting Controller 7C\Web\Bin\HCBillingService.exe
O23 - Service: Hosting Controller Client (HCClient) - Hosting Controller - C:\Program Files\Advanced Communications\Hosting Controller 7C\Web\Bin\HCClient.exe
O23 - Service: Hosting Controller DiskQuota Service (HCDiskQuotaService) - Advanced Communications - C:\Program Files\Advanced Communications\Hosting Controller\exes\HCDiskQuota.exe
O23 - Service: Hosting Controller Mail Service (HCMail) - Hosting Controller - C:\Program Files\Advanced Communications\Hosting Controller 7C\Web\Bin\HCMailService.exe
O23 - Service: Hosting Controller Payment Service (HCPaymentService) - PJ Naughter - C:\Program Files\Advanced Communications\Hosting Controller\exes\HCPaymentService.exe
O23 - Service: Hosting Controller Quota Service (HCQuota) - Hosting Controller - C:\Program Files\Advanced Communications\Hosting Controller 7C\Web\Bin\HCQuotaService.exe
O23 - Service: Hosting Controller Remoting Service (HCRemoting) - Hosting Controller - C:\Program Files\Advanced Communications\Hosting Controller 7C\Web\Bin\HCRemotingService.exe
O23 - Service: Hosting Controller Scheduler Service (HCSchedulerService) - Advanced Communications - C:\Program Files\Advanced Communications\Hosting Controller\exes\HCSchedulerService.exe
O23 - Service: Hosting Controller Server (HCServer) - Hosting Controller - C:\Program Files\Advanced Communications\Hosting Controller 7C\Web\Bin\HCServer.exe
O23 - Service: Hosting Controller Delivery Service (HCSMTP Service) - Advanced Communications - C:\Program Files\Advanced Communications\Hosting Controller\exes\HCSMTPService.exe
O23 - Service: Hosting Controller Sync Service (HCSync) - Hosting Controller - C:\Program Files\Advanced Communications\Hosting Controller 7C\Web\Bin\HCSyncService.exe
O23 - Service: HostingController - Unknown owner - C:\Program Files\Advanced Communications\Hosting Controller\exes\hostingcontroller.exe

--
End of file - 8047 bytes
kscorpio
Active Member
 
Posts: 1
Joined: October 22nd, 2009, 1:39 am
Top
Advertisement
Register to Remove

Re: HTML & ASP files getting malicius code automatically

Unread postby NonSuch » October 24th, 2009, 6:24 pm

We are sorry but this forum only supports non-server Windows operating systems; therefore, we are unable to assist you with the removal of malware from a computer running Windows Server 2003.

As this issue involves Windows Server 2003 and, therefore, falls outside the scope of this forum, this topic is now closed.

You can help support this site from this link :
Donations For Malware Removal
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Top
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 534 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index