Variant of Win32/Genetik Trojan Horse - Help

October 14, 2009 at 10:57:33
Specs: Windows XP
First of all, I'm Brazilian and my english is not
thaaat good.
Well, my ESET NOD32 keeps saying this
message:
Object:
http://automaxinews.com.br/moxa1/im...
Threat: probably a variant of Win32/Genetik
Trojan Horse

I restored the file and sent it to Jotti and
VirusTotal to perform a scan in other softwares
and, in my opinion, it doesn't seems to be a
false positive, since a lot of softs. found it.
This is the link:
https://www.virustotal.com/pt/analis...989-
1255534167

And here is my HiJackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:55:22, on 14/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00
(8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\winsys2.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Arquivos de programas\ESET\ESET
NOD32 Antivirus\egui.exe
C:\Arquivos de programas\ESET\ESET
NOD32 Antivirus\ekrn.exe
C:\Arquivos de programas\HP\HP Software
Update\HPWuSchd2.exe
C:\WINDOWS\Domino.exe
C:\Arquivos de programas\Microsoft
IntelliPoint\ipoint.exe
C:\Arquivos de programas\Nokia\Nokia PC
Suite 6\LaunchApplication.exe
C:\Arquivos de programas\Microsoft
LifeChat\LifeChat.exe
C:\WINDOWS\WinLogT.exe
C:\WINDOWS\VMSnap5.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\All Users\Dados
de aplicativos\Windwnx32.exe
C:\Documents and Settings\All Users\Dados
de aplicativos\MsnSys.exe
C:\Arquivos de
programas\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de
programas\PostgreSQL\8.3\bin\pg_ctl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de
programas\PostgreSQL\8.3\bin\postgres.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Arquivos de
programas\PostgreSQL\8.3\bin\postgres.exe
C:\Arquivos de programas\Sony\Sony Picture
Utility\VolumeWatcher\SPUVolumeWatcher.e
xe
C:\Arquivos de
programas\PostgreSQL\8.3\bin\postgres.exe
C:\Arquivos de
programas\PostgreSQL\8.3\bin\postgres.exe
C:\Arquivos de
programas\PostgreSQL\8.3\bin\postgres.exe
C:\Arquivos de
programas\PostgreSQL\8.3\bin\postgres.exe
C:\Arquivos de programas\PC Connectivity
Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and
Settings\Deusemar\Configurações
locais\Dados de
aplicativos\Google\Chrome\Application\chrome
.exe
C:\Documents and
Settings\Deusemar\Configurações
locais\Dados de
aplicativos\Google\Chrome\Application\chrome
.exe
C:\Documents and
Settings\Deusemar\Configurações
locais\Dados de
aplicativos\Google\Chrome\Application\chrome
.exe
C:\Documents and
Settings\Deusemar\Configurações
locais\Dados de
aplicativos\Google\Chrome\Application\chrome
.exe
C:\Documents and
Settings\Deusemar\Configurações
locais\Dados de
aplicativos\Google\Chrome\Application\chrome
.exe
C:\Arquivos de programas\Windows
Live\Messenger\msnmsgr.exe
C:\Arquivos de
programas\MessengerDiscovery
2\MessengerDiscovery 2.exe
C:\Arquivos de programas\Windows
Live\Contacts\wlcomm.exe
C:\Documents and
Settings\Deusemar\Configurações
locais\Dados de
aplicativos\Google\Chrome\Application\chrome
.exe
C:\Arquivos de
programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Documents and
Settings\Deusemar\Configurações
locais\Dados de
aplicativos\Google\Chrome\Application\chrome
.exe
C:\Documents and
Settings\Deusemar\Configurações
locais\Dados de
aplicativos\Google\Chrome\Application\chrome
.exe
C:\Documents and
Settings\Deusemar\Configurações
locais\Dados de
aplicativos\Google\Chrome\Application\chrome
.exe
C:\Documents and
Settings\Deusemar\Configurações
locais\Dados de
aplicativos\Google\Chrome\Application\chrome
.exe
C:\Documents and
Settings\Deusemar\Configurações
locais\Dados de
aplicativos\Google\Chrome\Application\chrome
.exe
C:\Documents and
Settings\Deusemar\Desktop\HiJackThis\HiJac
kThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page = http://fr.msn.com/
O2 - BHO: HP Print Enhancer - {0347C33E-
8762-4905-BF09-768834316C61} - C:\Arquivos
de programas\HP\Smart Web
Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-
4294-A72C-58F732D338C0} - C:\Arquivos de
programas\HP\Smart Web
Printing\hpswp_framework.dll
O2 - BHO: Facilitador de Leitor de Link Adobe
PDF - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Arquivos de
programas\Arquivos
comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.
dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-
4DD9-A979-901EC3E930AF} - C:\Arquivos de
programas\Scpad\scpsssh2.dll
O2 - BHO: (no name) - {5C255C8A-E604-
49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ADSTechnology module -
{831CBAC0-8283-4653-9D81-FEB9F3F6E47C}
- (no file)
O2 - BHO: ActivationManager module -
{86A44EF7-78FC-4e18-A564-B18F806F7F56}
- (no file)
O2 - BHO: Auxiliar de Conexão do Windows
Live - {9030D464-4C02-4ABF-8ECC-
5164760863C6} - C:\Arquivos de
programas\Arquivos comuns\Microsoft
Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7}
- c:\arquivos de
programas\google\googletoolbar1.dll
O2 - BHO: G-Buster Browser Defense -
{C41A1C0E-EA6C-11D4-B1B8-444553540000}
- C:\ARQUIV~1\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF -
{C41A1C0E-EA6C-11D4-B1B8-444553540003}
- C:\Arquivos de
programas\GbPlugin\gbiehcef.dll
O2 - BHO: BuscaPe - {CF897CCA-7C89-
4B6F-8E49-E51AD405289F} - C:\Arquivos de
programas\BuscaPe\BuscaPe.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-
154A-4066-A1AD-4243D8127440} -
C:\Arquivos de
programas\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -
{DBC80044-A445-435b-BC74-9C25C1C588A9}
- C:\Arquivos de
programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl -
{E7E6F031-17CE-4C07-BC86-
EABFE594F69C} - C:\Arquivos de
programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugi
n.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-
4B15-11D1-ABED-709549C10000} -
D:\ARQUIV~1\DAP\DAPIEL~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-
11d4-9B18-009027A5CD4F} - c:\arquivos de
programas\google\googletoolbar1.dll
O3 - Toolbar: BuscaPe - {CF897CCA-7C89-
4B6F-8E49-E51AD405289F} - C:\Arquivos de
programas\BuscaPe\BuscaPe.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-
4066-A1AD-4243D8127440} - C:\Arquivos de
programas\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon]
RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20]
C:\WINDOWS\System32\sw20.exe
O4 - HKLM\..\Run: [SW24]
C:\WINDOWS\System32\sw24.exe
O4 - HKLM\..\Run: [WinSys2]
C:\WINDOWS\System32\winsys2.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32
P17.dll,P17Helper
O4 - HKLM\..\Run: [egui] "C:\Arquivos de
programas\ESET\ESET NOD32
Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [nodfix] regedit /s
c:\regepica.reg
O4 - HKLM\..\Run: [HP Software Update]
C:\Arquivos de programas\HP\HP Software
Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed
Launcher] "C:\Arquivos de
programas\Adobe\Reader
8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BigDogPath323Domino]
C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [NvMediaCenter]
RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTask
barInit
O4 - HKLM\..\Run: [IntelliPoint] "C:\Arquivos
de programas\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task]
"C:\Arquivos de
programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication]
C:\Arquivos de programas\Nokia\Nokia PC
Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [LifeChat] "C:\Arquivos de
programas\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [WinLogT]
C:\WINDOWS\WinLogT.exe
O4 - HKLM\..\Run: [VMSnap5]
C:\WINDOWS\VMSnap5.EXE
O4 - HKLM\..\Run: [Domino]
C:\WINDOWS\Domino.EXE
O4 - HKLM\..\Run: [Downsys] C:\Documents
and Settings\All Users\Dados de
aplicativos\Windwnx32.exe
O4 - HKLM\..\Run: [MsnSys.exe]
C:\Documents and Settings\All Users\Dados
de aplicativos\MsnSys.exe
O4 - HKLM\..\Run: [MSConfig]
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MS
Config.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched]
"C:\Arquivos de
programas\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Google Update]
"C:\Documents and
Settings\Deusemar\Configurações
locais\Dados de
aplicativos\Google\Update\GoogleUpdate.exe"
/c
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE]
C:\WINDOWS\System32\CTFMON.EXE (User
'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE]
C:\WINDOWS\System32\CTFMON.EXE (User
'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-583907252-725345543-
533347861-1005\..\Run: [CTFMON.EXE]
C:\WINDOWS\System32\CTFMON.EXE (User
'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE]
C:\WINDOWS\System32\CTFMON.EXE (User
'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE]
C:\WINDOWS\System32\CTFMON.EXE (User
'Default user')
O4 - Startup: brandcalendar MSD BR.lnk = ?
O4 - Startup: Ferramenta de Verificação de
Mídia do Picture Motion Browser.lnk =
C:\Arquivos de programas\Sony\Sony Picture
Utility\VolumeWatcher\SPUVolumeWatcher.e
xe
O4 - Global Startup: Dataviz Messenger.lnk =
C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Hotsync Manager.lnk =
C:\Arquivos de programas\Palm\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk =
C:\Arquivos de programas\Microsoft
Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces
- D:\Arquivos de programas\DAP\Privacy
Package\dapcleanerie.htm
O8 - Extra context menu item: &Download
with &DAP - D:\Arquivos de
programas\DAP\dapextie.htm
O8 - Extra context menu item: Add to Google
Photos Screensa&ver -
res://C:\WINDOWS\system32\GPhotos.scr/20
0
O8 - Extra context menu item: Download &all
with DAP - D:\Arquivos de
programas\DAP\dapextie2.htm
O8 - Extra context menu item: E&xportar para
o Microsoft Excel -
res://C:\ARQUIV~1\MICROS~2\Office10\EXCE
L.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-
ED16-4e43-B6D8-661B03F6A1EF} -
C:\Arquivos de
programas\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-
258D-4f9f-BE11-137C18D3E543} - D:\Titan
Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker -
{49783ED4-258D-4f9f-BE11-137C18D3E543} -
D:\Titan Poker\casino.exe
O9 - Extra button: Livro de recortes HP -
{58ECB495-38F0-49cb-A538-10282ABF65E7}
- C:\Arquivos de programas\HP\Smart Web
Printing\hpswp_extensions.dll
O9 - Extra button: Seleção HP Smart -
{700259D7-1666-479a-93B1-3250410481E8} -
C:\Arquivos de programas\HP\Smart Web
Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {809132AF-
89D2-4d52-AA03-AB4E35BBDC5B} -
C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-
F110-11d2-BB9E-00C04F795683} -
C:\Arquivos de
programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows
Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Arquivos de
programas\Messenger\msmsgs.exe
O9 - Extra button: PokerTime - {00000000-
0000-0000-0000-000000000000} -
C:\MicroGaming\Poker\PokerTime\MPPoker.e
xe (file missing) (HKCU)
O14 - IERESET.INF:
SEARCH_PAGE_URL=&http://home.microsoft
.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-
83BD84642501} (Checkers Class) -
http://messenger.zone.msn.com/binar...
56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-
FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/win...
1204506532187
O16 - DPF: {73ECB3AA-4717-450C-A2AB-
D00DAD9EE203} (GMNRev Class) -
http://h20270.www2.hp.com/ediags/gm...
ection2.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-
FBD64BAD370D} (DDRevision Class) -
http://h20264.www2.hp.com/ediags/dd...
sxp2k.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-
3EE46475B072} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binar...
56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-
9E5E92CD61A2} (FlashXControl Object) -
https://signin3.valueactive.com/Regi...CX/flash
ax.cab
O20 - Winlogon Notify: GbPluginBb -
C:\ARQUIV~1\GBPLUGIN\gbieh.dll
O20 - Winlogon Notify: GbPluginCef -
C:\Arquivos de
programas\GbPlugin\gbiehcef.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-
416F-9384-ED1736729F1C} - C:\Arquivos de
programas\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: scpLIB -
{A3717295-941D-416F-9384-ED1736729F1C} -
C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: Eset HTTP Server (EhttpSrv) -
ESET - C:\Arquivos de
programas\ESET\ESET NOD32
Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET -
C:\Arquivos de programas\ESET\ESET
NOD32 Antivirus\ekrn.exe
O23 - Service: Gbp Service (GbpSv) - -
C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Google Updater Service (gusvc)
- Google - C:\Arquivos de
programas\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager
(IDriverT) - Macrovision Corporation -
C:\Arquivos de programas\Arquivos
comuns\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: Java Quick Starter
(JavaQuickStarterService) - Sun
Microsystems, Inc. - C:\Arquivos de
programas\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown
owner - C:\Arquivos de
programas\CDBurnerXP\NMSAccessU.exe
O23 - Service: nProtect GameGuard Service
(npggsvc) - Unknown owner -
C:\WINDOWS\system32\GameMon.des.exe
(file missing)
O23 - Service: NVIDIA Display Driver Service
(NVSvc) - NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PostgreSQL Database Server
8.3 (pgsql-8.3) - PostgreSQL Global
Development Group - C:\Arquivos de
programas\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: PnkBstrA - Unknown owner -
C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. -
C:\Arquivos de programas\PC Connectivity
Solution\ServiceLayer.exe

--
End of file - 14168 bytes


Thank you for your support and sorry again for
the bad english,
Renan.


See More: Variant of Win32/Genetik Trojan Horse - Help

Report •


#1
October 14, 2009 at 10:58:17
Sorry, here comes the correct link for the VirusTotal scans:
https://www.virustotal.com/pt/analisis/824bfb852c122385e3ce3f2
b97da85a51f25e0ba36e7844b002fac37b3a31989-1255534167

Report •
Related Solutions


Ask Question