Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
I ran into a strange virus the other day. I use PCcillin antivirus, and it detected nothing, even with the newest code? Well, I went to the company's website, and did a online scan. This is, it identified a virus called "Backdoor.sdbot". The virus hide itself in the C:/Windows/system & C:/_Restore, and in my memory it was in the from of Kernel32.exe <-- (Tricky fellow). Anyway, using the standord procedures, I deleted them all, scanned again, and am a little bit sure there are no viruses left in my computer.
But..... my problem continues. Why did I think I had a virus/trojan horse in the first place? Well, because, everytime I open my notebook, the "My Documents" folder would randomly open! And lots of them, sometimes 10 in a minute! It was so serious that even if I SHUT OFF my computer completely (lights off, disk stopped, looks completely normal), it will reopen in a few minutes, enter windowsME, and open a "My documents" folder. Well, even now, when I've already used a online scan and deleted the virus (or so I think), this sympton is as strong as ever! What should I do?????
Formatting is not an option, since I'm applying to college this year, and everything important is in my computer. I have no other computers to type my essays. I read the BACKDOOR.SDBOT is, namely, a trojan horse that opens a backdoor. SO maybe the "My documents" relentlessly opening problem has something to do with a program that has been altered while my computer was vunerable to other users, and so, the problems continue even if I have already removed the virus? I don't know, all I know is, I have to get rid of this problem fast. Please help me, I'd appreciate a lot. Thank you for reading this.
Let's have a look, Download 'Hijack This!'. Unzip, doubleclick HijackThis.exe, and hit "Scan".
When the scan is finished, click "Save Log", and copy and paste it in a reply.
HijackThis!
0 
Logfile of HijackThis v1.97.7
Scan saved at AM 03:05:04, on 2003/11/28
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\MSTASK.exe
C:\WINDOWS\SYSTEM\SSDPSRV.exe
C:\PROGRAM FILES\TREND PC-CILLIN 2000\PCCIOMON.exe
C:\PROGRAM FILES\SYGATE\SPF\SMC.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.exe
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\SYSTEM\INTERNAT.exe
C:\WINDOWS\TASKMON.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\HCONTROL.exe
C:\WINDOWS\SYSTEM\KHOOKER.exe
C:\WINDOWS\SYSTEM\PRPCUI.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.exe
C:\PROGRAM FILES\TREND PC-CILLIN 2000\POP3TRAP.exe
C:\PROGRAM FILES\TREND PC-CILLIN 2000\WEBTRAP.exe
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.exe
C:\WINDOWS\SYSTEM\WMIEXE.exe
C:\WINDOWS\ATKOSD.exe
C:\PROGRAM FILES\NTS\T_ENTERNET 300\APP\ENTERNET.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\WINDOWS\DESKTOP\REGCLEAN\REGCLEAN.exe
C:\WINDOWS\NOTEPAD.exe
C:\WINDOWS\RUNDLL32.exe
C:\WINDOWS\DESKTOP\HIJACKTHIS\HIJACKTHIS.exeO2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: ????? - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAM FILES\FLASHGET\FGIEBAR.DLL
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\Hcontrol.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCCIOMON.EXE] "C:\Program Files\Trend PC-cillin 2000\PCCIOMON.exe"
O4 - HKLM\..\Run: [pop3trap.exe] "C:\Program Files\Trend PC-cillin 2000\pop3trap.exe"
O4 - HKLM\..\Run: [WebTrap.exe] "C:\Program Files\Trend PC-cillin 2000\WebTrap.exe"
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.exe -startgui
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.exe" -atboottime
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [PCCIOMON.EXE] "C:\Program Files\Trend PC-cillin 2000\PCCIOMON.exe"
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.exe" /background
O4 - Startup: Outlook Express.lnk
O4 - Startup: Windows Media Player.lnk
O4 - Startup: Internet Explorer.lnk
O4 - Startup: Microsoft Access.lnk
O4 - Startup: Microsoft Excel.lnk
O4 - Startup: Microsoft FrontPage.lnk
O4 - Startup: Microsoft Outlook.lnk
O4 - Startup: Microsoft PowerPoint.lnk
O4 - Startup: Microsoft Word.lnk
O4 - Startup: Acrobat Reader 5.1.lnk
O4 - Startup: Project64.lnk
O4 - Startup: MSN Messenger 6.0.lnk
O4 - Startup: Acrobat Reader 5.0.lnk
O8 - Extra context menu item: 使用 FlashGet 下載 - C:\PROGRAM FILES\FLASHGET\jc_link.htm
O8 - Extra context menu item: 全部使用 FlashGet 下載 - C:\PROGRAM FILES\FLASHGET\jc_all.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potb_x.cab
O16 - DPF: Yahoo! Bridge - http://download.games.yahoo.com/games/clients/y/bt1_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt0_x.cab
O16 - DPF: Yahoo! Go - http://download.games.yahoo.com/games/clients/y/gt1_x.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downloads/common/housecall/HouseCallButton.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (Thank you very much!
0  |
 Computer slow
|
Adaware update
|
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
