Ad:

Viruses, Spyware and other Nasties Discussion Thread
Unsolved
Views: 33667

Aug 13th, 2004

Trojan Horse,Download.Trojan not repaired by Norton;network doesn't function

Expand Post »

Hi, i am new in this site, i think it's very cool!
this is my problem:
Norton found Trojan.Byte.Verify...it said "Deleted", and
Trojan Horse,Download.Trojan - " Not Repaired" - "Access Denied",
is it true? or there might be others...
i found a strange file, msxmidi.exe, that i deleted immediately, and
i ran Spyboot, that found nothing.
But my network does not function anymore.
I have now installed Zone Alarm, i find it's a bit difficult to use.
Can you help me?
Thanks you very much for your help.
This is my Hijack log:

Logfile of HijackThis v1.98.2
Scan saved at 1.42.28, on 14/08/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
D:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\System32\Ati2evxx.exe
D:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
D:\WINNT\System32\svchost.exe
D:\Programmi\Norton AntiVirus\navapsvc.exe
D:\WINNT\system32\regsvc.exe
D:\Programmi\Norton AntiVirus\SAVScan.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\slserv.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\System32\Tablet.exe
D:\WINNT\system32\ZoneLabs\vsmon.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\System32\mspmspsv.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\Explorer.EXE
D:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\WINNT\SOUNDMAN.EXE
D:\Programmi\Winamp\Winampa.exe
D:\Programmi\Gigabyte\Gigabyte Windows Utility Manager\ET4\et4Tray.exe
D:\Programmi\File comuni\Symantec Shared\ccApp.exe
D:\Programmi\FaxTalk Communicator\FTCtrl32.exe
D:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
D:\WINNT\system32\internat.exe
D:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
D:\Programmi\FinePixViewer\QuickDCF.exe
D:\WINNT\system32\Wtablet\TabUserW.exe
D:\Programmi\OpenOffice.org1.1.0\program\soffice.exe
D:\Programmi\FaxTalk Communicator\FAPIEXE.EXE
D:\WINNT\system32\wuauclt.exe
D:\PROGRA~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE
D:\Programmi\Internet Explorer\iexplore.exe
D:\Documents and Settings\Administrator\Documenti\Sicurezza\HijackThis!\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1040,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] D:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] "D:\Programmi\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [EasyTuneIV] D:\Programmi\Gigabyte\Gigabyte Windows Utility Manager\ET4\et4Tray.exe
O4 - HKLM\..\Run: [ccApp] "D:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] D:\Programmi\File comuni\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CallControl 4.5] D:\Programmi\FaxTalk Communicator\FTCtrl32.exe /autoload
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = D:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 1.1.0.lnk = D:\Programmi\OpenOffice.org1.1.0\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = D:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = D:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
O4 - Global Startup: Exif Launcher.lnk = D:\Programmi\FinePixViewer\QuickDCF.exe
O4 - Global Startup: TabUserW.exe.lnk = D:\WINNT\system32\Wtablet\TabUserW.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O12 - Plugin for .spop: D:\Programmi\Internet Explorer\Plugins\NPDocBox.dll

Similar Threads

Help I have a download.trojan in Viruses, Spyware and other Nasties
help with download.trojan in Viruses, Spyware and other Nasties
ABI Network Trojan Horse in Viruses, Spyware and other Nasties

vitebsk

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

4 posts
since Aug 2004

Permalink

Aug 15th, 2004

Re: Trojan Horse,Download.Trojan not repaired by Norton;network doesn't function

Download CWShredder from here & run it. Select the fix button & it will fix everything related to CoolWebSearch that is stored in it's database. Close ALL windows, including Iinternet Explorer, before running CWShredder. Reboot.

To help prevent this from happening again, install the patches for the vulnerabilities that this hijacker exploits by going here for your critical updates.

Reboot after doing this & post another log please.

crunchie

Moderator

Featured Poster

Reputation Points: 1142

Solved Threads: 982

Most Valuable Poster

Offline

12,163 posts
since Feb 2004

Permalink

Aug 16th, 2004

Re: Trojan Horse,Download.Trojan not repaired by Norton;network doesn't function

Thank you for your help, you are very fine.
I ran CWShredder, which found & removed CWS.Yexe.
then, i downloaded all critical updates.
This is the new log:

Logfile of HijackThis v1.98.2
Scan saved at 13.19.07, on 16/08/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
D:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\System32\Ati2evxx.exe
D:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
D:\WINNT\System32\svchost.exe
D:\Programmi\Norton AntiVirus\navapsvc.exe
D:\WINNT\system32\regsvc.exe
D:\Programmi\Norton AntiVirus\SAVScan.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\slserv.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\System32\Tablet.exe
D:\WINNT\system32\ZoneLabs\vsmon.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\System32\mspmspsv.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\Explorer.EXE
D:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\WINNT\SOUNDMAN.EXE
D:\Programmi\Winamp\Winampa.exe
D:\Programmi\Gigabyte\Gigabyte Windows Utility Manager\ET4\et4Tray.exe
D:\Programmi\File comuni\Symantec Shared\ccApp.exe
D:\Programmi\FaxTalk Communicator\FTCtrl32.exe
D:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
D:\WINNT\system32\internat.exe
D:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
D:\Programmi\FinePixViewer\QuickDCF.exe
D:\Programmi\GetRight\getright.exe
D:\Programmi\GetRight\getright.exe
D:\WINNT\system32\Wtablet\TabUserW.exe
D:\Programmi\OpenOffice.org1.1.0\program\soffice.exe
D:\Programmi\FaxTalk Communicator\FAPIEXE.EXE
D:\Documents and Settings\Administrator\Documenti\Sicurezza\HijackThis!\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1040,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] D:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] "D:\Programmi\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [EasyTuneIV] D:\Programmi\Gigabyte\Gigabyte Windows Utility Manager\ET4\et4Tray.exe
O4 - HKLM\..\Run: [ccApp] "D:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] D:\Programmi\File comuni\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CallControl 4.5] D:\Programmi\FaxTalk Communicator\FTCtrl32.exe /autoload
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = D:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 1.1.0.lnk = D:\Programmi\OpenOffice.org1.1.0\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = D:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = D:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
O4 - Global Startup: Exif Launcher.lnk = D:\Programmi\FinePixViewer\QuickDCF.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = D:\Programmi\GetRight\getright.exe
O4 - Global Startup: TabUserW.exe.lnk = D:\WINNT\system32\Wtablet\TabUserW.exe
O8 - Extra context menu item: Download with GetRight - D:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - D:\Programmi\GetRight\GRbrowse.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O12 - Plugin for .spop: D:\Programmi\Internet Explorer\Plugins\NPDocBox.dll

vitebsk

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

4 posts
since Aug 2004

Permalink

Aug 16th, 2004

Re: Trojan Horse,Download.Trojan not repaired by Norton;network doesn't function

I see no other problems in your log. Are you still getting the message from Norton?
You also should get service pack 1 for Internet Explorer.

crunchie

Moderator

Featured Poster

Reputation Points: 1142

Solved Threads: 982

Most Valuable Poster

Offline

12,163 posts
since Feb 2004

Permalink

Aug 17th, 2004

Re: Trojan Horse,Download.Trojan not repaired by Norton;network doesn't function

No, Norton has displayed that message only one time.
I hope it is enoughly powerful to stop those and other Trojans effectively...
I will install SP1 for Internet Explorer, but i also want to try other browsers like Mozilla or Opera.
I hope they have not allthis security problems!
Internet seems to me to be like a jungle..
Thank you very much

vitebsk

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

4 posts
since Aug 2004

Permalink

Aug 17th, 2004

Re: Trojan Horse,Download.Trojan not repaired by Norton;network doesn't function

It's a rough jungle if you are not prepared

. I have used Opera for almost a year now. No virus', no hijacks, no trojans, no running adaware & spybot once a week, no on-line virus scans. Got to be happy with that

.
Now, if I could just sort out my hardware

crunchie

Moderator

Featured Poster

Reputation Points: 1142

Solved Threads: 982

Most Valuable Poster

Offline

12,163 posts
since Feb 2004

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.

Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: Unable to open some desktop icons, HJT Log.

Next Thread in Viruses, Spyware and other Nasties Forum Timeline: Hijack this log, please advise

DaniWeb Message

Cancel Changes

User Name
Password