Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Security and Virus > Trojan concern? new folder found i

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Trojan concern? new folder found i

Reply to Message Icon

Name: pennie
Date: February 8, 2004 at 09:19:11 Pacific
OS: windows 2000
CPU/Ram: pentium II/256+
Comment:

I found a new folder in my internet explorer favorites. The folder is labeled "cool staf" and it contains 6 internet files to www.searchforge.com. This has been found on my server for our home computer network. We access the internet via satellite and I run orbitnet and nortons to assist with security and viruses. Neither are identifying any problems. However, one of my computers within the network is running exceptionally slow.

We have been attacked in the past and I've become skittish. We just recently survived a bout with mscache trojan. Should I be concerned about this new folder? The following is what Hijackthis has found:
Logfile of HijackThis v1.97.7
Scan saved at 11:41:10 AM, on 2/8/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\DIRECWAY\bin\dpcproxy.exe
C:\WINNT\system32\LEXPPS.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\npssvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\DIRECWAY\BIN\dpcstart.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus NT\navapw32.exe
C:\Program Files\WinZip\WZQKPICK.exe
C:\PROGRA~1\NORTON~1\NORTON~1\alertsvc.exe
C:\Program Files\OrbitNet 4.0\OrbitNet.exe
C:\PROGRA~1\DIRECWAY\bin\dpcnav.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:83
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NPS Event Checker] C:\PROGRA~1\NORTON~1\NORTON~1\npscheck.exe
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\NORTON~1\defalert.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - Global Startup: Dpcstart.lnk = C:\Program Files\DIRECWAY\BIN\dpcstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Program Files\Norton SystemWorks\Norton Antivirus NT\navapw32.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37842.6676157407
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7687BBA4-4B6A-453A-9D89-71E0EC281098}: Domain = direcway.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{7687BBA4-4B6A-453A-9D89-71E0EC281098}: NameServer = 66.82.4.8

Thank you,
Pennie



Sponsored Link
Ads by Google

Response Number 1
Name: Imp
Date: February 8, 2004 at 10:16:23 Pacific
Reply:

Hello Pennie,
A new folder doesn't mean you have something wrong in your computer.
Generally, a virus or a trojan horse don't create a folder where there will be hidden !! it will be too easy to delete them.
If you have already a good AV program well updated in your computer such a folder will be detected right away.
Now about the fact your computer runs slow mean you are maybe corrupted by a number of cookies in your temporary folder, some are needed for a good broadband in internet, others are cookies spywares which corrupt and pollute your system.
So to rid off it, do the following procedure:
1) To check for windows system:
Go to "START", then "RUN" and type letters SFC, follow instructions from the program, be ready to use your windows CDrom on request from the program to copy files and restore your system...
2) To check for your program internet explorer:
Go to the control panel when not connected to the net, open "add & remove programs", find line "internet explorer and his tools", open it, 3 options avalaibles, one is "repair", send the procedure, IE will scan and check for corrupted or damaged files, reboot at the end of procedure.
3) To check for cookies spywares, download the two following freewares:
A) AdAware 6.0/181
B) SpywareBlaster 2.61
Don't forget to update theses programs as soon as you installed it
SpywareBlaster is particulary intesristing because of the 1100 signatures which are automatically refused by your computer when their signatures appears during internet connexion....
Good luck....


0

Response Number 2
Name: iceblue
Date: February 9, 2004 at 04:39:47 Pacific
Reply:

Pennie,
your log looks clean.

Two things to add more layers to your internet security are:
1. An up to date Hosts file to keep your network away from places like searchforge.com
mvps HOSTS

2. A reliable Restricted Zones list to keep you in control should someone roam into dodgy territory.
IESPYAD

The complementary program to SpywareBlaster is SpywareGuard. It is recommended to use both. They do far more than repel cookies.
You can research here:SpywareGuard

Post a log from the slow puter if you like;
it could be hardware etc..

hth
Ice


0

Sponsored Link
Ads by Google
Reply to Message Icon

Related Posts

See More



Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Security and Virus Forum Home


Sponsored links
Ads by Google


Results for: Trojan concern? new folder found i
automatically new folder www.computing.net/answers/security/automatically-new-folder/20514.html

New folders www.computing.net/answers/security/new-folders/3935.html

hyphens fill URL search new folders www.computing.net/answers/security/hyphens-fill-url-search-new-folders/24129.html