kathyros problem

Computing.Net > Forums > Security and Virus > kathyros problem

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

kathyros problem

Name: huntermrb2
Date: December 25, 2007 at 15:47:17 Pacific
OS: WindowsXP
CPU/Ram: 512
Product: asus

Comment:

this virus is bugging me for while.how do remove this? when i did a scan there still in c:\kathyros.vbs and win\system32\kathyros.vbs iam unable to detect even in safe mode?
huntermrb

Sponsored Link

Ads by Google

Response Number 1

Name: jabuck
Date: December 25, 2007 at 17:11:23 Pacific

Reply:

This could take several different scans to find the problem files.
Please download and install the latest version of HijackThis v2.0.2:

Download the "HijackThis" Installer from this link:
Hijack This

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Response Number 2

Name: huntermrb2
Date: December 25, 2007 at 19:26:54 Pacific

Reply:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:56 AM, on 12/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
F2 - REG:system.ini: UserInit=userinit.exe,kathyros.bat
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NodLogin] "C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe" /p
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/res...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/active...
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
--
End of file - 4623 bytes

huntermrb

Response Number 3

Name: jabuck
Date: December 25, 2007 at 19:56:06 Pacific

Reply:

Run Hijack This again, close all windows and browsers, place a check to the left of the following items and press "fix checked":
F2 - REG:system.ini: UserInit=userinit.exe,kathyros.bat
Exit Hijack This.
Do the following to show hidden files:
Click Start> My Computer
On the Tools menu, click Folder Options.
Click the View tab.
Uncheck Hide file extensions for known file types.
Uncheck Hide protected operating system files.
Under the Hidden files folder, locate and check Show hidden files and folders.
If you see a warning message, click Yes.
Click Apply > OK.
Next, reboot your computer in Safe Mode by doing the following :
Restart your computer.
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Navigate to and delete this file if found:
C:\WINDOWS\system32\kathyros.bat
Restart the computer into normal mode.
Please download ComboFix to the desktop from this link: ComboFix

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces and a new Hijack This log please.

Response Number 4

Name: huntermrb2
Date: December 25, 2007 at 20:36:54 Pacific

Reply:

ComboFix 07-12-26.3 - huntermrb 2007-12-26 12:32:24.10 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.263 [GMT -8:00]
Running from: C:\Downloads\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-11-26 to 2007-12-26 )))))))))))))))))))))))))))))))
.
2007-12-26 10:25 . 2007-12-26 10:25 <DIR> d--hs---- C:\FOUND.001
2007-12-26 07:38 . 2007-12-26 07:38 <DIR> d-------- C:\Program Files\WinASO
2007-12-26 06:23 . 2007-12-26 11:16 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-26 06:23 . 2007-12-26 11:16 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-26 06:22 . 2007-12-26 06:22 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-26 06:22 . 2007-12-26 11:16 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-26 06:14 . 2007-12-26 06:14 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-26 05:40 . 2007-12-26 05:40 <DIR> d-------- C:\Downloads
2007-12-26 05:32 . 2007-12-26 05:32 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-12-26 05:30 . 2007-12-26 05:30 <DIR> d---s---- C:\Documents and Settings\huntermrb\UserData
2007-12-25 22:49 . 2007-12-25 22:49 <DIR> d-------- C:\Program Files\RegCleaner
2007-12-25 22:30 . 2007-12-25 22:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-25 21:57 . 2007-12-25 21:57 <DIR> d-------- C:\Program Files\backups
2007-12-25 19:40 . 2007-12-25 19:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Eset
2007-12-25 18:04 . 2007-12-25 18:04 <DIR> d--hs---- C:\FOUND.000
2007-12-25 17:42 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2007-12-25 17:23 . 2004-08-03 23:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-25 16:34 . 2007-12-25 16:34 <DIR> d-------- C:\WINDOWS\Sun
2007-12-25 16:34 . 2004-07-20 16:24 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-12-25 16:34 . 2004-07-20 16:24 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-12-25 16:34 . 2004-07-20 16:24 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-12-25 16:34 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2007-12-25 16:34 . 2004-07-20 16:24 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-12-25 16:34 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-12-25 16:33 . 2001-06-26 07:15 38,912 --------- C:\WINDOWS\system32\picn20.dll
2007-12-25 16:31 . 2007-12-25 16:31 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-12-25 16:31 . 2007-12-25 16:31 <DIR> d-------- C:\Program Files\Ahead
2007-12-25 16:31 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-12-25 16:29 . 2007-12-25 16:29 <DIR> d-------- C:\Program Files\honestech
2007-12-25 16:28 . 2002-09-30 04:38 119,798 -ra------ C:\WINDOWS\system32\drivers\SPCA561.SYS
2007-12-25 16:13 . 2007-12-25 16:13 <DIR> d-------- C:\Program Files\Chikka V4
2007-12-25 16:13 . 2007-12-25 16:13 <DIR> d-------- C:\logs
2007-12-25 16:13 . 2007-12-25 16:13 <DIR> d-------- C:\Documents and Settings\huntermrb\ChikkaDefault
2007-12-25 16:12 . 2007-12-25 16:12 <DIR> d-------- C:\Documents and Settings\huntermrb\Application Data\ACD Systems
2007-12-25 16:12 . 2007-12-25 16:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2007-12-25 16:11 . 2007-12-25 16:11 <DIR> d-------- C:\Program Files\TheSage
2007-12-25 16:11 . 2007-12-25 16:11 <DIR> d-------- C:\Program Files\ACD Systems
2007-12-25 15:58 . 2007-12-25 15:58 <DIR> d-------- C:\Program Files\mIRC
2007-12-25 15:50 . 2007-12-25 15:50 <DIR> d-------- C:\Program Files\uTorrent
2007-12-25 14:53 . 2007-12-25 14:53 1,167 --a------ C:\WINDOWS\mozver.dat
2007-12-25 14:30 . 2007-12-25 14:30 10 --a------ C:\WINDOWS\WININIT.INI
2007-12-25 14:20 . 2007-12-25 14:20 <DIR> d-------- C:\Documents and Settings\huntermrb\Application Data\vlc
2007-12-25 14:19 . 2007-12-25 14:19 <DIR> d-------- C:\Documents and Settings\huntermrb\Application Data\DivX
2007-12-25 14:15 . 2007-12-25 14:15 <DIR> d--h----- C:\VisualBoyAdvance-1.7
2007-12-25 14:15 . 2007-12-25 14:15 <DIR> d--h----- C:\Flash Games
2007-12-25 14:07 . 2003-02-25 14:30 45,056 --a------ C:\WINDOWS\system32\vusetup.dll
2007-12-25 14:07 . 2003-05-23 23:06 11,392 --a------ C:\WINDOWS\system32\drivers\vulfntr.sys
2007-12-25 14:07 . 2002-10-24 00:07 6,912 --a------ C:\WINDOWS\system32\drivers\vulfnth.sys
2007-12-25 13:41 . 2007-12-25 13:41 376 --a------ C:\WINDOWS\ODBC.INI
2007-12-25 13:40 . 2007-12-25 13:40 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-12-25 13:39 . 2007-12-25 13:39 <DIR> d-------- C:\WINDOWS\ShellNew
2007-12-25 13:36 . 2007-12-25 13:36 <DIR> d-------- C:\Program Files\FlashGet
2007-12-25 13:36 . 2004-08-04 06:14 359,040 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.flg
2007-12-25 13:35 . 2007-12-25 13:35 <DIR> d-------- C:\Program Files\Yahoo!
2007-12-25 13:35 . 2007-12-25 13:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-12-25 13:30 . 2007-12-25 13:30 <DIR> d-------- C:\Documents and Settings\huntermrb\Application Data\mIRC
2007-12-25 13:29 . 2007-12-25 13:29 <DIR> d-------- C:\Program Files\Winamp
2007-12-25 13:29 . 2007-12-25 13:29 <DIR> d-------- C:\Documents and Settings\huntermrb\Application Data\Winamp
2007-12-25 13:27 . 2007-12-25 13:27 <DIR> d-------- C:\Program Files\Realtek Sound Manager
2007-12-25 13:27 . 2007-12-25 13:27 <DIR> d-------- C:\Program Files\AvRack
2007-12-25 13:27 . 2002-11-20 23:07 765,952 --a------ C:\WINDOWS\system\crlds3d.dll
2007-12-25 13:26 . 2003-07-24 01:07 8,936,448 --a------ C:\WINDOWS\system32\ALSNDMGR.CPL
2007-12-25 13:25 . 2007-12-25 13:25 <DIR> d-------- C:\Program Files\VideoLAN
2007-12-25 13:24 . 2007-12-25 13:24 <DIR> d-------- C:\Program Files\FLV Player
2007-12-25 13:24 . 2007-12-25 13:24 <DIR> d-------- C:\Program Files\DivX
2007-12-25 13:21 . 2007-12-25 13:21 <DIR> d-------- C:\Program Files\Clock Tray Skins
2007-12-25 13:21 . 2007-12-25 13:21 <DIR> d-------- C:\Program Files\AusLogics Disk Defrag
2007-12-25 13:20 . 2007-12-25 13:20 <DIR> d-------- C:\Program Files\CCleaner
2007-12-25 13:19 . 2007-12-25 13:19 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-25 13:19 . 2007-12-25 13:19 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-25 13:19 . 2007-12-25 13:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-25 13:16 . 2007-12-25 13:16 <DIR> d-------- C:\Program Files\IObit
2007-12-25 13:13 . 2007-12-25 13:13 <DIR> d-------- C:\Documents and Settings\huntermrb\dwhelper
2007-12-25 13:12 . 2007-12-25 13:12 <DIR> d-------- C:\Documents and Settings\huntermrb\Application Data\uTorrent
2007-12-25 13:11 . 2007-12-25 13:11 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-25 13:10 . 2007-12-25 13:10 <DIR> d-------- C:\Program Files\Java
2007-12-25 13:10 . 2007-12-25 13:10 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-25 13:10 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-25 13:07 . 2007-12-25 13:07 22 --a------ C:\WINDOWS\system32\ati64hlp.stb
2007-12-25 13:04 . 2007-12-25 13:04 <DIR> d-------- C:\Program Files\Common Files\EPSON
2007-12-25 13:04 . 1996-01-09 10:38 283,648 --a------ C:\WINDOWS\uninst.exe
2007-12-25 13:04 . 2000-06-07 01:01 169,472 --a------ C:\WINDOWS\system32\EBAPI2.dll
2007-12-25 13:03 . 2005-08-30 21:05 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-12-25 13:02 . 2007-12-25 13:02 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-12-25 13:02 . 2005-08-30 06:12 524,850 -ra------ C:\WINDOWS\system32\drivers\ativcaxx.cpa
2007-12-25 13:02 . 2005-08-30 21:08 307,200 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2007-12-25 13:02 . 2005-08-26 06:54 104,373 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2007-12-25 13:02 . 2005-06-08 11:45 58,560 -ra------ C:\WINDOWS\system32\drivers\ativckxx.vp
2007-12-25 13:02 . 2005-08-30 22:01 23,936 -ra------ C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-12-25 13:02 . 2005-07-01 17:54 5,496 -ra------ C:\WINDOWS\system32\atifglpf.xml
2007-12-25 13:02 . 2005-08-30 06:12 929 -ra------ C:\WINDOWS\system32\drivers\ativcaxx.vp
2007-12-25 13:01 . 2007-12-25 13:01 <DIR> d-------- C:\Program Files\EPSON
2007-12-25 13:00 . 2007-12-25 13:00 <DIR> d-------- C:\Documents and Settings\huntermrb\Application Data\ATI
2007-12-21 08:21 . 2007-12-21 08:21 33,800 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-12-21 08:20 . 2007-12-21 08:20 30,216 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2007-12-21 08:19 . 2007-12-21 08:19 39,944 --a------ C:\WINDOWS\system32\drivers\eamon.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-26 14:12 4,782 ----a-w C:\Program Files\hijackthis.log
2007-12-25 20:58 --------- d-----w C:\Program Files\ATI Technologies
2007-12-25 20:57 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-25 20:35 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-25 18:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-20 00:56 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-10-20 00:56 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-10-20 00:54 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-10-20 00:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-10-20 00:54 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-10-20 00:54 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-10-18 09:06 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-10-18 09:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-10-18 09:03 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-10-18 09:03 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-10-18 09:03 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-10-18 09:02 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkinClock"="C:\Program Files\Clock Tray Skins\ClockTraySkins.exe" [2005-07-27 23:13]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-07-16 06:50 C:\WINDOWS\SOUNDMAN.EXE]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21]
"NodLogin"="C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe" [2007-12-26 08:15]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.exe [2007-12-25 13:04:20]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.exe [2001-02-13 01:01:04]
ATI CATALYST System Tray.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2005-08-31 00:40:36]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-12-21 08:20]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-12-21 08:19]
R2 ekrn;Eset Service;"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2007-12-21 08:21]
S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" [2007-12-21 08:22]
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-26 12:33:27
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-26 12:33:55

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:34:17 PM, on 12/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe
C:\WINDOWS\system32\NOTEPAD.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NodLogin] "C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe" /p
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/res...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/active...
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
--
End of file - 4497 bytes

didn't found any kathyros file

Response Number 5

Name: huntermrb2
Date: December 25, 2007 at 22:10:52 Pacific

Reply:

thank you very much
huntermrb

SPCA561.sys Realtek Sound Manager spca561.sys	yahoo problems diablo 1 graphic problem a problem with the cooling system has been detected
See More

Response Number 6

Name: jabuck
Date: December 26, 2007 at 05:06:15 Pacific

Reply:

The baddie appears to be gone, is the computer operating better?

Response Number 7

Name: huntermrb2
Date: December 26, 2007 at 12:32:38 Pacific

Reply:

the computer is working perfectly no more annoying kathyros
huntermrb

Response Number 8

Name: jabuck
Date: December 26, 2007 at 17:56:51 Pacific

Reply:

Glad we could help.

Response Number 9

Name: sir2k
Date: January 5, 2008 at 18:29:02 Pacific

Reply:

Hi! I also have this problem with my external HD. I cant open it. I tried downloading Hijack this but everytime i open it there's a message that says win32 cannot open the said file. What will i do? I'm not an expert when it comes to fixing computers so i really need a step by step instructions. Need help.

Sponsored Link

Ads by Google

Computer hijacked? Someon...

Strange Folder Options Pr...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: kathyros problem

Access ThinkPad Problems+McAfee

Summary

www.computing.net/answers/security/access-thinkpad-problemsmcafee/6177.html

rundll32.exe problem

Summary

www.computing.net/answers/security/rundll32exe-problem/13961.html

ZoneAlarm LAN Problem

Summary

www.computing.net/answers/security/zonealarm-lan-problem/10417.html

From the Geek Dictionary
Turion - An Athlon 64 on wheels. AMD's low-voltage K8 CPU designed for portable PCs....

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 4 Days.
Discuss in The Lounge
Poll History

Recent Posts
SBS 2008 Standard Question

sharing and security option not present

Back to the Future Crysis Mod

Copying Dynamic Folder

All in one printer

All Awaiting Reply

Tom's News
Microsoft Fires Back at Xbox Live Lawsuit

Xbox 360 is Now Four Years Old

Star Trek Online Goes Open Beta in January

AOL Getting New Logos Made From Random Stuff

AT&T Sets the Coverage Map Record Straight

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE