Re: HJT Log..... Downloader.Trojan in Security

Re: HJT Log..... Downloader.Trojan in Security http://www.dslreports.com/forum/r10769610 en Tue, 08 Dec 2009 21:29:37 EDT Tue, 08 Dec 2009 21:29:37 EDT Re: HJT Log..... Downloader.Trojan http://www.dslreports.com/forum/remark,10777268 assquesme : Thanks Jane :D]]> http://www.dslreports.com/forum/remark,10777268 Wed, 14 Jul 2004 19:45:22 EDT Re: HJT Log..... Downloader.Trojan http://www.dslreports.com/forum/remark,10773209 CalamityJane : Your downloader trojan may have been Gator which is one of the entries below (or a leftover component of it since the other cleaners probably got most of it).

Scan with only HijackThis open (keep IE closed) and checkmark these items, then press *fix checked*

O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - �207.188.7.150/173dc026488c18d29402/net..

Reboot your PC and delete this entire folder (if found)

C:\Program Files\Common Files\CMEII (This is Gator)
--
It takes a disaster to make a woman out of a female
Gladiator Security Forum
Proud Member of ASAP (Alliance of Security Analysis Professionals) »www.a-sap.org/]]> http://www.dslreports.com/forum/remark,10773209 Wed, 14 Jul 2004 12:35:32 EDT Re: HJT Log..... Downloader.Trojan http://www.dslreports.com/forum/remark,10769663 Sparrow : I am just curious if you have two iexplore.exe files in your C drive in C:\Program Files\Internet Explorer\iexplore.exe. (Right click Start > Explore > Local Disk [C:] > Program Files > Internet Explorer.)

Are both files the same size? Same versions? Same install date? Nothing else appears to be amiss. I don't ever recall seeing two instances of IE in the Program Files, but it is probably nothing.

Edit: A dear friend just refreshed my tired ole mind, that you just have two windows open, thus the two IExplore.exe running. On a better day, I would have caught that! :)

You're okay - I'm not tonight. Sorry for any confusion.
--
Security Forum FAQs ..♥.. AV Complaints? ..♥.. Raj karega Khalsa! ..♥.. Starfire "5 in 4"]]> http://www.dslreports.com/forum/remark,10769663 Tue, 13 Jul 2004 23:52:35 EDT Re: HJT Log..... Downloader.Trojan http://www.dslreports.com/forum/remark,10769610 assquesme : Could this be an internal problem with my pc?]]> http://www.dslreports.com/forum/remark,10769610 Tue, 13 Jul 2004 23:43:55 EDT Re: HJT Log..... Downloader.Trojan http://www.dslreports.com/forum/remark,10769575 assquesme : It was Norton AV . Here is what the disk looks like

]]> http://www.dslreports.com/forum/remark,10769575 Tue, 13 Jul 2004 23:39:22 EDT Re: HJT Log..... Downloader.Trojan http://www.dslreports.com/forum/remark,10769524 Sparrow : Hi assquesme

,

Which scan picked up the Downloader.Trojan? Was it Spybot? Your log looks clean, but someone else may see something that I don't.

I'm not sure if it matters, but check in C:\Program Files\Internet Explorer\iexplore.exe. I'm not quite sure why you have two iexplore.exe files.
--
Security Forum FAQs ..♥.. AV Complaints? ..♥.. Raj karega Khalsa! ..♥.. Starfire "5 in 4"]]> http://www.dslreports.com/forum/remark,10769524 Tue, 13 Jul 2004 23:33:33 EDT HJT Log..... Downloader.Trojan http://www.dslreports.com/forum/remark,10769357 assquesme : Ok...My problem is I have a teen age son.Anyway I seen to have lost one of my local disk.

I ran NAV 04 updated,Trojan hunter updated,Ad-Aware updated. I also scaned with McAfee and F-Secure which this site provided links to.Then I dl and updated CWShredder & Spybot S&D. Nothing but some cookies files were infected

Logfile of HijackThis v1.98.0
Scan saved at 11:05:26 PM, on 7/13/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »msn.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [MCUpdateExe] C:\Program Files\McAfee.com\Agent\mcupdate.exe /embedding
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: Tri-Peaks by pogo - »peaks.pogo.com/applet/peaks/peak···sets.cab
O16 - DPF: Yahoo! Gin - »download.games.yahoo.com/games/c···t1_x.cab
O16 - DPF: Yahoo! NFL GameChannel StatTracker - »aud4.sports.sc5.yahoo.com/java/y···10_x.cab
O16 - DPF: Yahoo! Pool 2 - »download.games.yahoo.com/games/c···tc_x.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - »a1540.g.akamai.net/7/1540/52/200···ller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - »download.mcafee.com/molbin/share···sctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - »207.188.7.150/173dc026488c18d294···E601.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - »https://www.gamespyid.com/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - »a840.g.akamai.net/7/840/537/2004···an53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - »www.nick.com/common/groove/gx/GrooveAX25.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - »support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - »www.pandasoftware.com/activescan···inst.cab
O16 - DPF: {A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6} (AOL YGP Screensaver) - »pak02.pictures.aol.com/ygp/aol/p···.2.5.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - »autos.msn.com/components/ocx/ext···side.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - »download.mcafee.com/molbin/iss-l···scan.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - »www.gamespot.com/KDX22/download/kdx.cab

Thanks for the help in advance:D]]> http://www.dslreports.com/forum/remark,10769357 Tue, 13 Jul 2004 23:12:46 EDT