|
HJT log My PC is a trojan mess
|
|
|
Ruffian15
Suspended due to non-functional email address
|
18. June 2010 @ 10:01 |
Link to this message
|
Hi. I followed the sticky directions except that I could not run a Kaspersky scan. It kept getting hung up and I couldn't generate a report. So, I did a Panda scan. Below is a copy of those scan results along with a HJT log. Ugh. I've been wrestling with this stupid thing for days. Hope someone can help me.
Panda Scan:
;***********************************************************************************************************************************************************************************
ANALYSIS: 2010-06-17 19:56:51
PROTECTIONS: 1
MALWARE: 6
SUSPECTS: 6
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Charter Security Suite 9.01 9.01 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00003428 adware/memorywatcher Adware No 0 Yes No hkey_classes_root\vbrad.trayicon
00007432 Univ Virus No 0 Yes No c:\program files\charter high-speed security suite\fsaua\content\aquawin32\1276725026\cran.cvd
00167726 Cookie/Tickle TrackingCookie No 0 Yes No c:\documents and settings\guest\application data\mozilla\firefox\profiles\gdzrpwmd.default\cookies.txt[.tickle.com/]
00167726 Cookie/Tickle TrackingCookie No 0 Yes No c:\documents and settings\guest\application data\mozilla\firefox\profiles\gdzrpwmd.default\cookies.txt[.tickle.com/]
01313177 Generic Malware Virus/Trojan No 0 Yes No c:\program files\wildtangent\components\wtpropertybag0200.dll
03898858 Generic Malware Virus/Trojan No 0 Yes No c:\program files\photodex presenter\pxplay.exe
06541065 Trj/Dropper.JTL Virus/Trojan No 1 Yes No c:\documents and settings\hp_owner\my documents\my downloads\sopcast\setup-sopcast-2.0.4-2007-11-26.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No c:\documents and settings\hp_owner\application data\mozilla\plugins\nppxplay.dll
No c:\documents and settings\hp_owner\application data\netscape\plugins\nppxplay.dll
No c:\documents and settings\hp_owner\desktop\downloads\install_photomoviemaker_for_hp.exe
No c:\hp\recovery\wizard\swr_wizard.exe
No c:\program files\charter high-speed security suite\hips\fshs.sys
No c:\program files\photodex presenter\pxdown.exe
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================
HJT Log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:00:44 AM, on 6/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FSHDLL32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Charter High-Speed Security Suite\NRS\iescript\baselitmus.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Charter High-Speed Security Suite\NRS\iescript\baselitmus.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.3\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.co...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} (CPlayFirstNightshiftControl Object) - http://games.bigfishgames.com/en_nightsh...Web.1.0.0.9.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resourc...lscbase5483.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1155054091156
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://72.32.179.44/filter/cameraviewer/isetup.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} (Pure Networks Security Scan) - http://nmreports.linksys.com/nmscan/down...-ship-WD.V1.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {DBA8E419-0D5F-439B-A3CC-D01C768D9B51} (DVCDownloaderControl Object) - http://aolsvc.aol.com/onlinegames/sonyda...aderControl.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E93E9DF0-3E59-4331-A269-F1E077C66F00} (GameTap Web Plugin) - http://cnn-5.vo.llnwd.net/c1/static/clie...er/gtplugin.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-lo...173/mcfscan.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\ORSP Client\fsorsp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
--
End of file - 10794 bytes
|
|
Advertisement
|
|
|
|
Senior Member
|
18. June 2010 @ 11:23 |
Link to this message
|
|
to my untrained eye you are loaded with nasties.this is something i would handle on my own machine,but am hesitant to advise another on.what i did was google the entries on my hijack this log to see exactly what they were.then i made the determination whether to delete them or not.some things on a log may or may not be malware.in this case,if in doubt most articles (google)will tell you if they are necessary or can be deleted.if in doubt seek help.download malware bytes,update,and run scan.check and delete anything it finds.then run another hijack this log and compare the two.post back with results.
|
AfterDawn Addict
3 product reviews
|
18. June 2010 @ 12:00 |
Link to this message
|
the free version of malwarebytes will do
also after malwarebytes run C Cleaner to clean up your temp files, and empty reg keys ect..
ALL INFO FOR EDUCATIONAL PURPOSE ONLY
HOOTER007
|
|
Ruffian15
Suspended due to non-functional email address
|
18. June 2010 @ 16:46 |
Link to this message
|
Originally posted by hooter007:
the free version of malwarebytes will do
also after malwarebytes run C Cleaner to clean up your temp files, and empty reg keys ect..
Oddly enough, the Malwarebytes picked up nothing, and we know there's stuff there.
|
AfterDawn Addict
3 product reviews
|
18. June 2010 @ 17:20 |
Link to this message
|
|
can you not use system restore and see if that helps any
ALL INFO FOR EDUCATIONAL PURPOSE ONLY
HOOTER007
|
|
ddp
Moderator
|
18. June 2010 @ 17:24 |
Link to this message
|
run Kaspersky in safemode\administrator. what version of spybot are you using as 1.6.2 is latest if i'm correct? what is this "Charter High-Speed Security Suite"?
|
|
Ruffian15
Suspended due to non-functional email address
|
18. June 2010 @ 17:43 |
Link to this message
|
Originally posted by ddp:
run Kaspersky in safemode\administrator. what version of spybot are you using as 1.6.2 is latest if i'm correct? what is this "Charter High-Speed Security Suite"?
The Charter High Speed Security Suite is the F-Secure antivirus and firewall program that comes from the internet provider.
|
Senior Member
|
19. June 2010 @ 10:26 |
Link to this message
|
if this was me,and its not,i would google all the hjt entries and remove the followingO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) .
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Charter High-Speed
Security Suite\NRS\iescript
just check fix on the hjt results.by the way,ive had good luck running the windows firewall,avira free antivirus,spyware blaster,and super antispyware for my security needs.all free and dont slow your computer down.not familiar with charter but looks like a hell of a lot of processes associated with it.just my humble opinion.
|
|
Ruffian15
Suspended due to non-functional email address
|
19. June 2010 @ 13:05 |
Link to this message
|
Originally posted by aldan:
if this was me,and its not,i would google all the hjt entries and remove the followingO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) .
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Charter High-Speed
Security Suite\NRS\iescript
just check fix on the hjt results.by the way,ive had good luck running the windows firewall,avira free antivirus,spyware blaster,and super antispyware for my security needs.all free and dont slow your computer down.not familiar with charter but looks like a hell of a lot of processes associated with it.just my humble opinion.
Ok. I'm making some progress. I finally got a partial scan done with Kaspersky. I just don't know what to do with the results now. Do I delete those files or do something else? I haven't done anything else yet. I'd like some direction please. Thanks.
Saturday, June 19, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, June 19, 2010 12:23:34
Records in database: 4296164
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
Scan statistics
Objects scanned 21583
Threats found 3
Infected objects found 3
Suspicious objects found 0
Scan duration 02:21:34
File name Threat Threats count
C:\Documents and Settings\HP_Owner\My Documents\My Downloads\couponprinter.exe Infected: not-a-virus:AdWare.Win32.Coupons 1
C:\Documents and Settings\HP_Owner\My Documents\My Downloads\GMVegasSetup.exe Infected: Trojan-Dropper.Win32.Delf.fqm 1
C:\Documents and Settings\HP_Owner\My Documents\My Downloads\SetupAnyDVD6088.exe Infected: Backdoor.Win32.Agent.ahyk 1
Scanning stopped by the user.
|
|
ddp
Moderator
|
19. June 2010 @ 13:18 |
Link to this message
|
delete them & empty the recycle bin. update, immunize twice then run your spybot s&d in both safemode & normal mode.
|
|
Advertisement
|
|
|
|
Ruffian15
Suspended due to non-functional email address
|
19. June 2010 @ 14:53 |
Link to this message
|
I should have put the whole instruction/description info. Here it is. Shall I do this and if so, how?
Trojan-Dropper.Win32.Delf.se
Detected Jan 27 2006 20:47 GMT
Released Jan 27 2006 20:47 GMT
Published Apr 03 2006 11:21 GMT
Technical Details
Payload
Removal instructions
Technical Details
This Trojan program is designed to install other files and programs to the victim machine without the user's knowledge or consent. The Trojan's main file is a Windows PE EXE file approximately 142KB in size, written in Delphi and packed using UPX. The unpacked file is approximately 223KB in size.
Payload
When launched, the Trojan drops the following file to the Windows root directory:
%Windir%\inst_cassovia_apps.exe
It also creates a file called svchost.exe in the following folder:
%Program Files%\Common Files\Microsoft Shared\MSInfo\svchost.exe
This files will be detected by Kaspersky Anti-Virus as not-a-virus:AdWare.Win32.BargainBuddy.ak.
These files will then be launched for execution.
The Trojan will also terminate the processes listed below:
APVXDWIN.EXE
ashDisp.exe
aswUpdSv
avast! Antivirus
avast! Mail Scanner
avast! Web Scanner
AVENGINE.EXE
AvltMain.exe
BackWeb Plug-in - 4476822
bdmcon.exe
bdnagent.exe
bdoesrv.exe
BGLiveSvc
BlackICE
blackice.exe
bullguard.exe
CAISafe
ccApp.exe
ccEvtMgr
ccProxy
ccSetMgr
FAMEH32.EXE
FCH32.EXE
F-Prot Antivirus Update Monitor
FSAV32.exe
FSAW.exe
fsbwsys
F-Sched.exe
F-Secure Gatekeeper Handler Starter
fsgk32.exe
fsguidll.exe
fshttps
FSM32.exe
FSMB32.EXE
fspc.exe
fspex.exe
fsqh.exe
FSRW.exe
fssm32.exe
fssw.exe
F-StopW.exe
InoTask
ispnews.exe
KAVPF.exe
kpf4gui.exe
LavasoftFirewall
lpfw.exe
LUCOMS~1.EXE
mantispm.exe
McAfeeFramework
McShield
McTaskManager
naPrdMgr.exe
navapsvc
NMain.exe
NOD32krn
nod32kui.exe
NPFMntor
NSCService
Outpost Firewall main module
outpost.exe
OutpostFirewall
PAVFIRES
PAVFNSVR
PavProt
PavPrSrv
pccguide.exe
PCCMAIN.EXE
PcCtlCom
PersonalFirewal
PREVSRV
ProtoPort Firewall service
PSIMSVC
realmon.exe
SHSTAT.EXE
SmcService
SNDSrvc
SPBBCSvc
Symantec Core LC
SyncEvnt.exe
TBMon.exe
Tmntsrv
tmproxy
UmxAgent
UmxTray.exe
UpdaterUI.exe
WebProxy.exe
WebrootDesktopFirewall.exe
WebrootDesktopFirewallDataService
WebrootFirewall
zlclient.exe
Removal instructions
Manual removal:
1. Reboot the computer in Safe Mode (at the start of the boot sequence, press and hold F8, then choose Safe Mode from the Windows boot menu).
2. Delete the following file:
%Windir%\inst_cassovia_apps.exe
%Program Files%\Common Files\Microsoft Shared\MSInfo\svchost.exe
3. Delete the original Trojan file (the location will depend on how it originally penetrated the computer).
4. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
|
