Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Can someone look at this log and see if they see any problems? thanks
Logfile of HijackThis v1.97.7
Scan saved at 3:13:55 PM, on 1/8/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP3 (5.00.2920.0000)Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Apache\Apache2\bin\Apache.exe
C:\Program Files\CMailServer\CMailServer.exe
C:\PROGRA~1\Navnt\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Atguard\iamserv.exe
C:\Apache\Apache2\bin\Apache.exe
C:\WINNT\System32\ofps.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\r_server.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
C:\PROGRA~1\Atguard\iamapp.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Microangelo\muamgr.exe
C:\Apache\Apache2\bin\ApacheMonitor.exe
C:\Program Files\AnalogX\Atomic TimeSync\ats.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\Program Files\Netscape\Communicator\Program\netscape.exe
C:\Documents and Settings\Elmer\Desktop\Bid_Temp\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN-BUGSFIX.exe
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://neo.kbe.org/IPIN/MainLogin.asp?pgreq=CurrentlyOutForBid.asp&status=ok"); (C:\Program Files\Netscape\Users\default\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {CD4C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\Go!Zilla\GoIEHlp.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [iamapp] C:\PROGRA~1\Atguard\iamapp.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MOD] C:\Program Files\Microangelo\muamgr.exe
O4 - HKLM\..\Run: [CMailServer] C:\Program Files\CMailServer\CMailServer.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\RunServices: [Win32DLL] C:\WINNT\Win32DLL.vbs
O4 - Startup: Atomic TimeSync.lnk = C:\Program Files\AnalogX\Atomic TimeSync\ats.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Apache\Apache2\bin\ApacheMonitor.exe
O8 - Extra context menu item: Sothink SWF Decompiler - C:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
You should read your own logs. Post here if there are bits of the log you don't understand after reading the log software instruction manual
0 
This is your parasite!
O4 - HKLM\..\RunServices: [Win32DLL] C:\WINNT\Win32DLL.vbs
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=VBS_LOVELETTER
0
The other part of your virus is this,
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skyinet.net/~chu/sdgfhjksdfjklNBmnfgkKLHjkqwtuHJBhAFSDGjkhYUgqwerasdjhPhjasfdglkNBhbqwebmznxcbvnmadshfgqw237461234iuy7thjg/WIN-BUGSFIX.exe.This may also help you with removal;
StingerAnd this is free;
AVG Anti Virus
Good luck
abnormal
0  |
 Locking the CDROM Drive
|
Access is denied
|
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
