|
|
|
Unknown Trojan
|
|
|
dshaggy
Newbie
|
6. March 2008 @ 16:52 |
Link to this message
|
I constantly get a popup window saying the following:
Your computer was infected by unknown trojan.It's dangerous for your system (critical files can be lost)!
Click OK to download the antispyware program to clean your system! (recommended)
I ran HiJack This and here is the log file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:51:04 PM, on 3/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Documents and Settings\Dan\Desktop\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.dogpile.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.dogpile.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Windows Media Player - {D480850D-85D1-4836-9AEA-86C185CDAE29} - C:\WINDOWS\wmpdxm.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsof...b?1204839501375
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/RiteAidOneHourPhotoOnline.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 5513 bytes
|
|
Advertisement
|
 |
|
|
|
tripplite
Suspended due to non-functional email address
|
6. March 2008 @ 17:18 |
Link to this message
|
Quote:
Click OK to download the antispyware program to clean your system! (recommended)
it seems you may have a harmless app that is intended for pc n00bs, it launches a message saying the computer has a virus, runs a very large hidden process to make the user feel like he has a virus, go into your remove programs (or you can use ccleaner for easy uninstalling) panel and look around to see if you have any odd programs installed recently (some apps hide/change install date) or any that strike you as weird uninstall them
.....
this also maybe of a hand to you, but wont do you any good if the issue is as i described it in my first paragraph
http://forums.afterdawn.com/thread_view.cfm/292257
-tripplite
|
|
dshaggy
Newbie
|
8. March 2008 @ 02:15 |
Link to this message
|
I ran ccleaner and checked for any unusual programs, but didn't find any. I have Norman antivirus and ran it several times until it had quarantined or deleted every threat it found. I'm still getting the pop-up windows, several times whenever I open a new window like webpages or documents. Here is whats running when I turn my computer on (control/alt/delete)Process and Memory Usage
aolsoftware.exe 2,632 K
MDM.EXE 3,012 K
aim6.exe 7,588 K
iexplore.exe 2,320 K
ViewMgr.exe 4,492 K
wordpad.exe 1,340 K
svchost.exe 3,308 K
taskmgr.exe 4,016 K
wscntfy.exe 1,952 K
nvsvc32.exe 3,000 K
AppleMobileDeviceService 2,044 K
spoolsv.exe 4,816 K
svchost.exe 7,484 K
WgaTray.exe 216 K
Nvcoas.exe 50,468 K
svchost.exe 3,300 K
explorer.exe 21,280 K
Zanda.exe 2,520 K
elogsvc.exe 1,716 K
Nvcsched.exe 2,712 K
InCDsrv.exe 3,916 K
svchost.exe 22,056 K
svchost.exe 4,124 K
svchost.exe 4,960 K
Njeeves.exe 5,152 K
lsass.exe 1,264 K
services.exe 4,088 K
winlogon.exe 472 K
csrss.exe 3,396 K
smss.exe 372 K
ViewpointService.exe 2,480 K
alg.exe 3,464 K
svchost 4,480 K
System 220 K
System Idle Process 16 K
I took a screenshot, but can't figure out how to post on here so I typed by hand. I was hoping someone could look at these and see if they saw anything unusual that could cause thepopup window to keep showing.
|
|
tripplite
Suspended due to non-functional email address
|
8. March 2008 @ 09:18 |
Link to this message
|
Quote:
iexplore.exe 2,320 K
when you took down this list....were you running IE?
if not then end this process is most likely your cancer, end it and see if it regenerates itself, if it does then you most likely have some kind of add on/script running on IE without your permission, you should launch IE and go into the settings and DELETE ALL the add ons and such,
once you disable all add ons, manually delete all the files in the internet explorer folder in the programs folder (make sure you have firefox for internet connection without IE)
if you need instructions just ask:)
-tripplite
This message has been edited since posting. Last time this message was edited on 8. March 2008 @ 13:00
|
|
dshaggy
Newbie
|
8. March 2008 @ 15:49 |
Link to this message
|
|
Disabling add-ons did the trick, no more pop-ups!! Thanks a lot tripplite, you saved me a lot of headache.
|
|
tripplite
Suspended due to non-functional email address
|
9. March 2008 @ 10:23 |
Link to this message
|
Quote:
Disabling add-ons did the trick, no more pop-ups!! Thanks a lot tripplite, you saved me a lot of headache.
no thank you! you provided the correct information and followed through, most people will get frustrated and completely reinstall windows and ignore suggestions.....if you have an issue again give me a nice yell:P
|
|
Advertisement
|
|
|
Senior Member
|
26. March 2008 @ 05:58 |
Link to this message
|
|
good work trip
|
|
