Computing.Net > Forums > Security and Virus > three viruses/trojan problem

Specialty Forums
Security and Virus
General Hardware
CPUs/Overclocking
Networking
Digital Photo/Video
Office Software
PC Gaming
Console Gaming
Programming
Database
Web Development
Digital Home

General Forums
Windows XP
Windows Vista
Windows 95/98
Windows Me
Windows NT
Windows 2000
Win Server 2008
Win Server 2003
Windows 3.1
Linux
PDAs
BeOS
Novell Netware
OpenVMS
Solaris
Disk Op. System
Unix
Mac
OS/2

The Lounge

Drivers
Driver Scan
Driver Forum

Software
Automatic Updates

BIOS Updates

My Computing.Net

Howtos

Site Search

Message Find

Data Recovery

About

three viruses/trojan problem

Reply to Message Icon
Original Message
Name: ryan
Date: December 14, 2003 at 10:48:37 Pacific
Subject: three viruses/trojan problem
OS: WINDOWS XP (SP1)
CPU/Ram: P3 1 ghz, 256 ram
Comment:

hi,
i read this problem in the windows ME section. i have two virus problems on my computer. the 3 virus names are this: 1) Download.Dyfica.H 2)Java/ByteVerify or Trojan.ByteVerify 3)Downloader.Dia.A . now, i think these 3 are apparently 3 new viruses because neither NORTON nor AVG antivirus can repair and/or find it. Norton can't even find a virus. i really need some help. i have tried TAUSCAN and currently trying SPYBOT. TAUSCAN has been unsuccessful in finding it. i have the latest virus definitions and i also have AD-AWARE FREE EDITION to help. but apparently none of these are helping. anyway, could you guys please help.

here is also my hijack this log:
NOTE: i don't think the virus is active when i did the check.

Logfile of HijackThis v1.97.7
Scan saved at 12:17:39 AM, on 12/15/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Executive Software\Diskeeper Home Edition\DKService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\SLEE401.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Stardock\TrayServer.exe
C:\WINDOWS\tppaldr.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Common files\updater\wupdater.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Agnitum\TAUSCA~1.6\taumon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Common Files\eAcceleration\systimer.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Documents and Settings\Ryan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Ryan Berkeley (AKA JeSuSfReAk)
R3 - URLSearchHook: PerfectNavBHO Class - {A045DC85-FC44-45be-8A50-E4F9C62C9A84} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NavErrRedir Class - {A045DC85-FC44-45be-8A50-E4F9C62C9A84} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\Stardock\TrayServer.exe"
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [sbv3c] C:\unzipped\sbv3c\sbv3c.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [Webcelerator] C:\Program Files\Acceleration Software\Webcelerator\webcel.exe runstart
O4 - HKLM\..\Run: [ddeproc] C:\Program Files\Acceleration Software\Webcelerator\ddeproc.exe
O4 - HKLM\..\Run: [Eac_Download] C:\Program Files\Common Files\eAcceleration\download.exe -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [Tau Monitor] C:\PROGRA~1\Agnitum\TAUSCA~1.6\taumon.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKLM\..\RunOnce: [SpyBotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\PROGRA~1\INTERN~2\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O9 - Extra button: Encarta Encyclopedia (HKLM)
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
O9 - Extra button: Define (HKLM)
O9 - Extra 'Tools' menuitem: Define (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37957.0822800926
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{D51D18B9-4915-4CCE-BF94-C354F61E55D7}: NameServer = 172.16.1.1

THANK YOU GUYS FOR HELPING ME!!

ryan


Report Offensive Message For Removal


Response Number 1
Name: Wombat
Date: December 14, 2003 at 13:47:46 Pacific
Reply: (edit)

You can get the fixes for those viruses here...

http://securityresponse.symantec.com/avcenter/vinfodb.html?prodid=nav2004


Report Offensive Follow Up For Removal

Response Number 2
Name: ryan
Date: December 14, 2003 at 21:51:38 Pacific
Reply: (edit)

hi,

hey wombat, norton antirirus doesn't have two of the viruses on their list. please tell me another way how i can combat these trojans. i have run SPYBOT and CWS and deleted all that was required but the trojans remain. someone help please.


Report Offensive Follow Up For Removal

Response Number 3
Name: Johnw
Date: December 15, 2003 at 01:34:45 Pacific
Reply: (edit)

Download.Dyfica.H 2

http://boards.cexx.org/viewtopic.php?t=3095

==============================

Java/ByteVerify or Trojan.ByteVerify 3)

Online Virus check ( free )

http://housecall.antivirus.com/

======================================

Downloader.Dia.A

As Bazooka did'nt help , try this one .

http://swatit.org/

Swat It is a Completely FREE program that scans your files for Trojans, Worms, Bots and other Hacker programs. Swat It can detect and remove over 4000 different Trojan programs plus variants. Swat It was recently independently tested against popular commercial scanning software and we were absolutely delighted by the results.

We try our utmost to keep our software more up to date and current than other similar software. The comparison results strongly indicated Swat It's ability to detect and remove the latest Trojans that are in circulation.

After the Download - It is important to remember that once the installation of Swat It is completed, that you should update the File Signatures by clicking on the Update tab and checking for an update. All Product and File Signature Updates are Totally FREE, this means that you will never have to pay a single penny to get the very latest version of Swat It or to update the File Signatures.



Report Offensive Follow Up For Removal

Response Number 4
Name: ryan
Date: December 15, 2003 at 03:43:38 Pacific
Reply: (edit)

hi john w.

in regard to removing "Downloader.Dyfica.H" i encountered this error message from Hijact This when i removed a registry key or whatever. this is the information:

;INF file for test.ocx
;DestDir can be 10 for Windows directory, 11 for Windows\System(32) directory, or left blank for the Occache directory.

[version]
signature="$CHICAGO$"
AdvancedINF=2.0

[Add.Code]
TEST.OCX=TEST.OCX

[TEST.OCX]
file-win32-x86=thiscab
RegisterServer=yes
clsid={F5192746-22D6-41BD-9D2D-1E75D14FBD3C}
DestDir=
FileVersion=1,0,0,0

[Setup Hooks]
AddToRegHook=AddToRegHook

[AddToRegHook]
InfSection=DefaultInstall

[DefaultInstall]
AddReg=AddToRegistry

[AddToRegistry]
HKLM,"SOFTWARE\Classes\CLSID\{F5192746-22D6-41BD-9D2D-1E75D14FBD3C}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}"
HKLM,"SOFTWARE\Classes\CLSID\{F5192746-22D6-41BD-9D2D-1E75D14FBD3C}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}"

what do you think?


Report Offensive Follow Up For Removal

Response Number 5
Name: ryan
Date: December 15, 2003 at 04:05:47 Pacific
Reply: (edit)

hi,

just to clarify what i said in my last message, the log i gave you was a "backup-20031215-155505-589" file created from HIJAC THIS when i fixed a registry entry i got from that article site you gave me. hope this helps.


Report Offensive Follow Up For Removal


Response Number 6
Name: Johnw
Date: December 17, 2003 at 01:33:57 Pacific
Reply: (edit)

Been trying to get my head around your problem ryan , don't have anything specific , other than trying these .

===========================================

Here is the logfile check list .
http://hjt.wizardsofwebsites.com/
http://www.spywareinfo.com/bhos/
http://home01.wxs.nl/~kleyn080/BHO_list.html
http://www.spywareinfo.com/~merijn/htlogtutorial.html#r
http://www.computercops.biz/postt6393.html
http://www.google.com/search?q=spyware+list

=========================================

CounterExploitation - Adware, Spyware & Other Unwanted "Malware" - & How To Remove Them .

http://www.cexx.org/adware.htm

http://boards.cexx.org/viewforum.php?f=1

============================================

Clean out all your temp , tmp , temp internet , prefetch & index dat files .

Xen .
Compatible with 95/98/98SE/ME/NT/2000/XP

http://www.sover.net/~wysiwygx/Security2.html
http://www.x9000.net/downloads/xen.zip
http://www.x9000.net/
http://homepage.ntlworld.com/mrx9000/
http://216.239.35.100/search?q=cache:YWd9fw8mgIEC:www.x9000.net/+Xen+and+Xen+tweak&hl=en
Xen Protects privacy and frees up disk space - runs on win 95,98,98SE,ME,NT,2000 and XP - cleans up more temporary files than any other cleanup program - cleans up browser cache completely ! (even index.dat) - cleans out cookie files completely ! (even index.dat - cleans up web history files completely ! (even history.dat) - cleans up recent history - removes application debugging information - removes temporary pc health files - removes temporary setup files - removes temp files left behind by windows - cleans up literally 100's and 100's of different temporary files - cleans up your history trails in windows and also in 100's of different programs - cleans out registry entries and optimises registry - cleans out some major spyware that is out there and stops it from starting up - cleans recycle bin - scandisk and defrag options for startup - backs up and restores your registry and keyfiles - backs up and restores your root files - backs up and restores your user profiles - backs up your my documents - backs up your outlook address book and data - backs up your pgp keys if exist - backs up drive completely to another drive - backs up and restores your CMOS - backs up and restores your master boot record - security check for trojans - security for VBS scripts and other scripts - automatically detects user profiles and utilises them, even in windows 9x - frees up memory on exit - self sufficient and creates its own files. And why not try XenTweak...the new tweaker on the block?

http://www.x9000.net/downloads/xentweak.zip

============================================

http://www.tweakxp.com/TweakXP/display.asp?id=525
This is an unique technique for WinXP. We know that it is necessary to wash registry and TEMP files for Win9X/ME/2000/XP periodly. Prefetch is a new and very useful technique in Windows XP. However, after using XP some time, the prefetch folder can get full of rarely used or obsolete links which can slow down your computer noticeably. My suggestion is: open C(system drive):/windows/prefetch, delete all files (or at least those more than 3 weeks old), reboot. I recommended that you do this every month.

Editor Note: Deleting prefetch files too often (Every reboot) can decrease system performance!

========================================

http://www.sover.net/~wysiwygx/Security2.html
ftp://ftp.iif.hu/.ftp1/ftp.winsite.com/pub/pc/win95/sysutil/3SSetup.zip
http://www.alwaysfreeware.co.uk/privacy.html
http://www.igorshpak.net/
Requirements: Windows 95/98/ME/2000/XP, Internet Explorer 4.0 or higher
System Security Suite (3S for short) is the program which helps you to support your computer safe, clean and tidy. It completely eliminates selected kinds of user activity and can help you to get rid of harmful programs (such as keyloggers and Internet spies). 3S has got a very simple user interface. Tune it once and it will work "by one click" then. Program can: delete Cookies, clear Internet Explorer Cache, delete index.dat Files, clear Typed URLs, Internet Explorer History, AutoCompleted passwords, Windows Temp Folder, Document History, Run History, Search history, Recycle Bin, Windows Media Player MRUs, folders defined by user (completely or according to mask), save you from annoying programms which run every time on Windows start.

=========================================

Run this program .
http://www.wilderssecurity.net/specialinfo/rapidblaster.html#removal
We do not recommend that you try removing RapidBlaster manually - instead, try RapidBlaster Killer.
http://www.wilderssecurity.net/downloads/rbkiller.exe



Report Offensive Follow Up For Removal






Use following form to reply to current message: 

   Name: From My Computing.Net Settings
 E-Mail: From My Computing.Net Settings

Subject: three viruses/trojan problem

Comments:
            
         

 


  Homepage URL (*): 
Homepage Title (*): 
         Image URL:
 
Data Recovery Software



Have you ever used OpenOffice?

Yes, as my main suite.
Yes, occationally.
Yes, but only once.
No, never.


View Results

Poll Finishes In 5 Days.
Discuss in The Lounge


Bootable cd and start SIW

western digital 80GB HD problem.

windows remote access vpn auth

can't get logged in on myspace, hel

Adware, Virus

All Posts Awaiting Replies