Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Security and Virus > sddrop.a and istbar

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

sddrop.a and istbar

Reply to Message Icon

Name: asia
Date: January 8, 2004 at 11:23:37 Pacific
OS: win2000
CPU/Ram: i'm a girl how can i know
Comment:

please help me i have worm sdbot.f and also something like : troj istbar.c and i cannot remove them:(



Sponsored Link
Ads by Google

Response Number 1
Name: iceblue
Date: January 8, 2004 at 21:47:36 Pacific
Reply:

asia,
follow these;
Computing.Net Guidelines

and do these;
First – please download and run Spybot Search & Destroy OR Ad-aware;
Spybot
http://www.safer-networking.org
Short tutorial and download from here:
http://tomcoyote.org/SPYBOT/

AdAware

*check for updates*; and then scan,
and fix all RED items that Spybot finds.
Reboot when done.

Download and run a new update of CWShredder.exe
CWShredder.exe

and click ‘Open’ and 'Fix' ; or 'Scan' and ‘Next’;
(obtain a new version for each run; there is a recent update)
Make sure that you click 'Next' and don't just scan only.
For the full story on CWS:
New address: http://www.merijn.org/cwschronicles.html

Reboot,

Then download/update HijackThis 1.97.0.7 new version http://www.spywareinfo.com/~merijn/files/hijackthis.zip
Unzip/extract all…and double click on hijackthis.exe.

* Make sure that you actually extract HijackThis to its own folder,and not to a \temp folder. DO NOT run it from a temp folder or from within a zip manager (Winzip), as no backups will be saved.
* If you have anything disabled by MSConfig or any other startup manager, please re-enable it before scanning to post.
*If you have run and fixed anything with Spybot Search and Destroy or AdAware, please reboot before scanning.

Close All browser windows and
Run HijackThis,
Press Scan, and wait,
Save the log, (the ‘scan’ button changes to ‘save log’)
Edit>select All > copy and paste its contents here.
Most of what it lists will be harmless or even essential, so don't fix anything yet.
Post the full log including header info in reply.
It will be reviewed by someone here.


0

Response Number 2
Name: SethsIdleMind
Date: January 23, 2004 at 16:54:26 Pacific
Reply:

Logfile of HijackThis v1.97.7
Scan saved at 1:53:12 AM, on 1/24/2004
Platform: Windows 2000 SP1 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\MyCompany\RAS Session Manager\IpReleaseNT.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINNT\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Common files\updater\wupdater.exe
C:\Documents and Settings\Administrator\My Documents\Seth's Stuff\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.telegraaf.nl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.sureseeker.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.linkfind.com/iebar/%s
R3 - URLSearchHook: PerfectNavBHO Class - {A045DC85-FC44-45be-8A50-E4F9C62C9A84} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {A045DC85-FC44-45be-8A50-E4F9C62C9A84} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadBlackD] C:\Program Files\Network ICE\BlackICE\BLACKD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [RDLL] RunDll16.exe
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\RunServices: [LoadBlackD] C:\Program Files\Network ICE\BlackICE\blackd.exe
O4 - HKLM\..\RunServices: [RDLL] RunDll16.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [loader] c:\WINNT\loader.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab


0

Sponsored Link
Ads by Google
Reply to Message Icon

Related Posts

See More



Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Security and Virus Forum Home


Sponsored links
Ads by Google


Results for: sddrop.a and istbar
Revop.A and System Restore www.computing.net/answers/security/revopa-and-system-restore/10777.html

ADW Tenget .A and BKDR Coreflood .A www.computing.net/answers/security/adw-tenget-a-and-bkdr-coreflood-a/6488.html

Nimda.A and Nimda.E virus www.computing.net/answers/security/nimdaa-and-nimdae-virus/373.html