943,906 Members | Top Members by Rank

Hardware and Software > Microsoft Windows > Viruses, Spyware and other Nasties > trojan horsre and about blank homepage
Ad:
Permalink
Jul 13th, 2004
0

trojan horsre and about blank homepage

Expand Post »
I have run avg antivirus and there is a trojan horse downloader purity.E in C/:doc. and settings/paul application data/ttdu.exe that avg can't remove

I could really use some advice on how to get rid of this

I have run cw shredder/adaware/spybot search and destroyand a few other prorams that said they would get rid of it but nothing


Hre is my hijack log PLEASE HELP

Logfile of HijackThis v1.98.0
Scan saved at 9:11:47 AM, on 13/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Executive Software\DiskeeperServer\DKService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\essspk.exe
C:\Documents and Settings\paul\Application Data\ttdu.exe
C:\WINDOWS\System32\fvqg.exe
C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\paul\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://my.msn.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6DDD6520-BC6D-289A-D756-62557FA32739} - C:\WINDOWS\System32\keqxrja.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKCU\..\Run: [Smob] C:\Documents and Settings\paul\Application Data\ttdu.exe
O4 - HKCU\..\Run: [Fzhvywxp] C:\WINDOWS\System32\fvqg.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {2CFB52FD-7CF2-479C-BF65-B27F8A834F31} (SecureSession Class) - http://www.samsungtechwin.com/includ...ecuiTechIE.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://mirror.worldwinner.com/games/v45/pool/pool.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://mirror.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab28578.cab
O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} (TestingCtl Control) - http://esb.alcena.com/ESBAdultInstaller.ocx
Similar Threads
Reputation Points: 10
Solved Threads: 0
Newbie Poster
paublo is offline Offline
3 posts
since Jul 2004
Permalink
Jul 13th, 2004
0

Re: trojan horsre and about blank homepage

Logfile of HijackThis v1.98.0
Scan saved at 9:46:05 AM, on 13/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Executive Software\DiskeeperServer\DKService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\essspk.exe
C:\Documents and Settings\paul\Application Data\ttdu.exe
C:\WINDOWS\System32\fvqg.exe
C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\paul\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://my.msn.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6DDD6520-BC6D-289A-D756-62557FA32739} - C:\WINDOWS\System32\keqxrja.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKCU\..\Run: [Smob] C:\Documents and Settings\paul\Application Data\ttdu.exe
O4 - HKCU\..\Run: [Fzhvywxp] C:\WINDOWS\System32\fvqg.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {2CFB52FD-7CF2-479C-BF65-B27F8A834F31} (SecureSession Class) - http://www.samsungtechwin.com/inclu...SecuiTechIE.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://mirror.worldwinner.com/games/v45/pool/pool.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://mirror.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...nt.cab28578.cab
O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} (TestingCtl Control) - http://esb.alcena.com/ESBAdultInstaller.ocx


i have a purity.e trojan

Should i fix these and will it solve my problem

C:\Documents and Settings\paul\Application Data\ttdu.exe
C:\WINDOWS\System32\fvqg.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://my.msn.com/
O4 - HKCU\..\Run: [Smob] C:\Documents and Settings\paul\Application Data\ttdu.exe
O4 - HKCU\..\Run: [Fzhvywxp] C:\WINDOWS\System32\fvqg.exe

O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} (TestingCtl Control) - http://esb.alcena.com/ESBAdultInstaller.ocx
Reputation Points: 10
Solved Threads: 0
Newbie Poster
paublo is offline Offline
3 posts
since Jul 2004
Permalink
Jul 14th, 2004
0

Re: trojan horsre and about blank homepage

Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. (Not a temporary folder or directly on the desktop (in a folder on the desktop is fine) & not directly on your hard drive). Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' :

O2 - BHO: (no name) - {6DDD6520-BC6D-289A-D756-62557FA32739} - C:\WINDOWS\System32\keqxrja.dll

O4 - HKCU\..\Run: [Smob] C:\Documents and Settings\paul\Application Data\ttdu.exe
O4 - HKCU\..\Run: [Fzhvywxp] C:\WINDOWS\System32\fvqg.exe

O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} (TestingCtl Control) - http://esb.alcena.com/ESBAdultInstaller.ocx

Reboot into safe mode following the instructions here & navigate to & delete the following if found:

C:\Documents and Settings\paul\Application Data\ttdu.exe
C:\WINDOWS\System32\fvqg.exe

Reboot normally.

Try the PurityScan uninstaller.

Go here for an on-line scan & set it to autoclean for you.
Try this scan as well.
Moderator
Featured Poster
Reputation Points: 1142
Solved Threads: 982
Most Valuable Poster
crunchie is online now Online
12,163 posts
since Feb 2004
Permalink
Jul 14th, 2004
0

Re: trojan horsre and about blank homepage

Thanks Crunchie appreciate your response and have done all and things are great


Thanks Again
Reputation Points: 10
Solved Threads: 0
Newbie Poster
paublo is offline Offline
3 posts
since Jul 2004
Permalink
Jul 15th, 2004
0

Re: trojan horsre and about blank homepage

You're welcome . Marking this as solved. Anyone else with the same problem, please start your own thread. Thank you.
Moderator
Featured Poster
Reputation Points: 1142
Solved Threads: 982
Most Valuable Poster
crunchie is online now Online
12,163 posts
since Feb 2004

This thread is solved

Either the thread starter or a moderator has marked this thread as solved. You can most likely trust the responses and answers given. There is most likely no reason for any further responses to be posted here. If you have a related question, please start a new thread in this forum instead.

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: IE Hijacked problem over, but SIDE EFFECTS remain
Next Thread in Viruses, Spyware and other Nasties Forum Timeline: Fbkp.exe is trying to access the internet..





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC