944,208 Members | Top Members by Rank

Hardware and Software > Microsoft Windows > Viruses, Spyware and other Nasties > Downloader.Small.9.BV
Ad:
You are currently viewing page 1 of this multi-page discussion thread
Permalink
Jan 23rd, 2005
0

Downloader.Small.9.BV

Expand Post »
My antivirus (AVG) finds trojan horse Downloader.Small.9.BV but it can't remove it!
Here is my HJT log file:

Logfile of HijackThis v1.99.0
Scan saved at 10:08:22 πμ, on 23/1/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\GPSoftware\Directory Opus\DOpus.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\LckFldService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = ,
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.in.gr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.in.gr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
R3 - URLSearchHook: CnfSearch Class - {D7CD08F0-D691-11D8-9669-0800200C9A66} - C:\WINDOWS\System32\ConfuSearch.dll
N1 - Netscape 4: user_pref("browser.startup.homepage","http://www.777search.com"); (C:\Program Files\Netscape\Users\stemi\prefs.js)
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
O2 - BHO: DNSProxyObj Class - {06594350-D723-11D8-9669-0800200C9A66} - C:\WINDOWS\System32\DNSProxy.dll
O2 - BHO: (no name) - {1FA24D0D-E614-0AE2-8221-63550FDD2D40} - C:\WINDOWS\System32\ngvaaps.dll (file missing)
O2 - BHO: SysShield IE Popup Blocker - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - C:\Program Files\SysShield Tools\Internet Eraser\PKExt.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: Search - {49F2248D-1734-4B0F-A7B8-542E526EE07C} - C:\Program Files\Internet Explorer\autosearch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: AbsoluteShield - {EE9DD090-902D-4623-9360-FB7D8666202B} - C:\Program Files\SysShield Tools\Internet Eraser\AbsoluteBar.dll
O3 - Toolbar: &Ραδιόφωνο - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [DOpus] C:\Program Files\GPSoftware\Directory Opus\DOpus.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: &Free Pic GRAB - res://C:\Program Files\FreePicGrabber\Options.exe/132
O8 - Extra context menu item: &Quick GRAB Pics - res://C:\Program Files\FreePicGrabber\Options.exe/133
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Read By Natural Voice Reader - C:\Program Files\NaturalReaders\Natural Voice Reader Free\read.html
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Λήψη όλων με το FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Λήψη με χÏ?ήση του FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Natural Reader - {0DF757C4-9999-463C-A4EB-B6BF1D8D8D3D} - C:\Program Files\NaturalReaders\Natural Voice Reader Free\read.html
O9 - Extra button: Grab - {1FF19E58-E4C2-4BEB-913F-52CF324AC243} - C:\Program Files\FreePicGrabber\BandObjs.dll
O9 - Extra button: Quick - {1FF19E59-E4C2-4BEB-913F-52CF324AC243} - C:\Program Files\FreePicGrabber\BandObjs.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1103014214937
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - http://static.flingstone.com/cab/200...Inc/bridge.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?323
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B114D60-EEC6-4573-B400-D46114F2BB30}: NameServer = 213.249.17.10 213.249.17.11
O19 - User stylesheet: C:\Program Files\Internet Explorer\readme.txt (file missing)
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: LckFldService - Unknown - C:\WINDOWS\System32\LckFldService.exe
O23 - Service: MySql - Unknown - C:/mysql/bin/mysqld-nt.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

Any suggestions?
Thank you!!
Similar Threads
Reputation Points: 10
Solved Threads: 0
Newbie Poster
stemi is offline Offline
10 posts
since Jan 2005
Permalink
Jan 23rd, 2005
0

Re: Downloader.Small.9.BV

Go to add\remove programs and uninstall Mysearch.

Scan with hijackthis and tick the boxes next to all the following entries, then close all browser and explorer windows, and hit the "Fix checked" button.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = ,
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: CnfSearch Class - {D7CD08F0-D691-11D8-9669-0800200C9A66} - C:\WINDOWS\System32\ConfuSearch.dll

N1 - Netscape 4: user_pref("browser.startup.homepage","http://www.777search.com"); (C:\Program Files\Netscape\Users\stemi\prefs.js)

O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
O2 - BHO: DNSProxyObj Class - {06594350-D723-11D8-9669-0800200C9A66} - C:\WINDOWS\System32\DNSProxy.dll
O2 - BHO: (no name) - {1FA24D0D-E614-0AE2-8221-63550FDD2D40} - C:\WINDOWS\System32\ngvaaps.dll (file missing)

O3 - Toolbar: Search - {49F2248D-1734-4B0F-A7B8-542E526EE07C} - C:\Program Files\Internet Explorer\autosearch.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)

O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - http://static.flingstone.com/cab/20...TInc/bridge.cab
IEPlugin
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
MediaTickets Installer

O19 - User stylesheet: C:\Program Files\Internet Explorer\readme.txt (file missing)

Clear out your Temporary internet files and other temp files.
Go to Start > Settings > Control Panel >Internet Options.
Under the General tab click the Delete temporary internet files,
delete all Offline content as well. Clear out Cookies.

Also, go to Start > Find/search > Files or folders > in the named box, type: *.tmp and choose Edit > select all -> File > delete.

Empty/delete the entire contents of the C:\Windows\temp folder and C:\temp folder, if you have one. (Contents but not the folder itself.)

This one too if Win2K or XP.
C:\Documents and Settings\username\Local Settings\Temp\

In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here.

Empty the Recycle Bin.

Reboot and post another log please.
Moderator
Featured Poster
Reputation Points: 1142
Solved Threads: 982
Most Valuable Poster
crunchie is offline Offline
12,165 posts
since Feb 2004
Permalink
Jan 23rd, 2005
0

Re: Downloader.Small.9.BV

MySearch wasn't listed in Add/Remove Programs.
I delete the files from C:\Programm Files\MyWay\ except from Mysrchas.dll

All the others were done!
THe virus is still there!

Here is the new log file:

Logfile of HijackThis v1.99.0
Scan saved at 11:25:22 πμ, on 23/1/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\GPSoftware\Directory Opus\DOpus.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\LckFldService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.in.gr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.in.gr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Program Files\Netscape\Users\stemi\prefs.js)
O2 - BHO: SysShield IE Popup Blocker - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - C:\Program Files\SysShield Tools\Internet Eraser\PKExt.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: AbsoluteShield - {EE9DD090-902D-4623-9360-FB7D8666202B} - C:\Program Files\SysShield Tools\Internet Eraser\AbsoluteBar.dll
O3 - Toolbar: &Ραδιόφωνο - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\RunOnce: [NavHelper Uninstaller] "C:\DOCUME~1\------\LOCALS~1\Temp\NE1\NHUninstaller.exe" silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [DOpus] C:\Program Files\GPSoftware\Directory Opus\DOpus.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: &Free Pic GRAB - res://C:\Program Files\FreePicGrabber\Options.exe/132
O8 - Extra context menu item: &Quick GRAB Pics - res://C:\Program Files\FreePicGrabber\Options.exe/133
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Read By Natural Voice Reader - C:\Program Files\NaturalReaders\Natural Voice Reader Free\read.html
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Λήψη όλων με το FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Λήψη με χÏ?ήση του FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Natural Reader - {0DF757C4-9999-463C-A4EB-B6BF1D8D8D3D} - C:\Program Files\NaturalReaders\Natural Voice Reader Free\read.html
O9 - Extra button: Grab - {1FF19E58-E4C2-4BEB-913F-52CF324AC243} - C:\Program Files\FreePicGrabber\BandObjs.dll
O9 - Extra button: Quick - {1FF19E59-E4C2-4BEB-913F-52CF324AC243} - C:\Program Files\FreePicGrabber\BandObjs.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1103014214937
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?323
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: LckFldService - Unknown - C:\WINDOWS\System32\LckFldService.exe
O23 - Service: MySql - Unknown - C:/mysql/bin/mysqld-nt.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe



Thank you for the help!
Reputation Points: 10
Solved Threads: 0
Newbie Poster
stemi is offline Offline
10 posts
since Jan 2005
Permalink
Jan 23rd, 2005
0

Re: Downloader.Small.9.BV

Where does AVG say Downloader.Small.9.BV is located?
Team Colleague
Reputation Points: 63
Solved Threads: 213
Posting Maven
dlh6213 is offline Offline
2,962 posts
since Jul 2004
Permalink
Jan 23rd, 2005
0

Re: Downloader.Small.9.BV

explorer.exe C\explorer_cab.vir:\explorer.exe
explorer_cab.vir C:\explorer_cab.vir
Reputation Points: 10
Solved Threads: 0
Newbie Poster
stemi is offline Offline
10 posts
since Jan 2005
Permalink
Jan 27th, 2005
0

Re: Downloader.Small.9.BV

Can somebody help me? :rolleyes:
Reputation Points: 10
Solved Threads: 0
Newbie Poster
stemi is offline Offline
10 posts
since Jan 2005
Permalink
Jan 28th, 2005
0

Re: Downloader.Small.9.BV

Download Stinger from here:
http://vil.nai.com/vil/stinger/

Save it to your desktop

Double-click on the stinger.exe file

Under 'Directories to scan' enter all hard drives/partitions in your system

Clink on Scan Now

Stinger will fix anything that it finds

When it's finished, click the File menu and select Save report to file

Post the log file results here in this thread
Team Colleague
Reputation Points: 63
Solved Threads: 213
Posting Maven
dlh6213 is offline Offline
2,962 posts
since Jul 2004
Permalink
Jan 28th, 2005
0

Re: Downloader.Small.9.BV

McAfee AVERT Stinger Version 2.4.7 built on Jan 3 2005

Copyright (C) 2004 Networks Associates Technology, Inc. All Rights Reserved.

Virus data file v1000 created on Dec 14 2004.

Ready to scan for 47 viruses, trojans and variants.



Scan initiated on Sat Jan 29 01:32:08 2005

Number of clean files: 228382
Reputation Points: 10
Solved Threads: 0
Newbie Poster
stemi is offline Offline
10 posts
since Jan 2005
Permalink
Jan 28th, 2005
0

Re: Downloader.Small.9.BV

I didn't expect Stinger to find it, but I was hoping.

Downloader.Small is a fairly common trojan (with different numbers and letters at the end), but they are usually in a different folder than the one you described. I've never seen C\explorer_cab (it should be C\explorer.cab), and can't find any info on it.

I'm thinking this whole folder, explorer_cab.vir:, should be deleted; but let's have someone else confirm this before you do it.
Team Colleague
Reputation Points: 63
Solved Threads: 213
Posting Maven
dlh6213 is offline Offline
2,962 posts
since Jul 2004
Permalink
Jan 29th, 2005
0

Re: Downloader.Small.9.BV

Crunchie had a good idea (as usual); set a System Restore point, and then delete the bad entries, explorer_cab (make sure you delete only the ones with the underscore " _ ").
Team Colleague
Reputation Points: 63
Solved Threads: 213
Posting Maven
dlh6213 is offline Offline
2,962 posts
since Jul 2004

This thread is solved

Either the thread starter or a moderator has marked this thread as solved. You can most likely trust the responses and answers given. There is most likely no reason for any further responses to be posted here. If you have a related question, please start a new thread in this forum instead.

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: "Cannot find server or DNS Error"
Next Thread in Viruses, Spyware and other Nasties Forum Timeline: Open Image Files :: Autoclose :: HijackThis Log Included





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC