0

:cry:
Hi I am a new member and hoping desperately someone can help me,
as I have tried all I know.
I had to reformat my hard drive and when I went into windows update
to try and download sp2 again. AVG started popping up saying that
msdirectx.sys had a trojan horse collected.5.L. I deleted it but it
replicating itself. Causing programs to not open and booting me off
the internet and I could not disconnect without turning the tower
off at the main.I have tried online scanning to no avail as pc
keeps being shut down. The latest scan showed the trojan horse
collected.5.L was back and also in Windows\systems32\bot.exe was a trojan horse
IRC/BackDoor.SdBot.172 & trojan horse Downloader.Istbar.6BU. I am not sure whether all deletes were successful though.
On boot up I had two of the same login panels as administrator.
I finally managed to get into msconfig and and noticed to csrssa.exe
I have never noticed them there before so unchecked them to start on
bootup, I have a feeling they are connected to that csrssa.exe.
I am scared now to go back to windows update even when I can clean my pc but I do so want to get sp2 for XP Home Edition. back up and running as at the moment I feel I have very little protection.
I have run this Hijackthis file and attached it here, but do not want to touch it any further until I know exactly what is needed to be done with it.
Sorry I cannot do an online scan at the moment as something is preventing it from scanning my pc
Sorry for babbling on but wanted to explain as clearly as I could as to what was happening.

Logfile of HijackThis v1.99.0
Scan saved at 1:28:22 AM, on 9/2/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\ntfsprotect.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sm56hlpr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Documents and Settings\Sharren\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://groups.msn.com/SpiritOfVtown/_whatsnew.msnw
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\RunServices: [ Microsoft Client/Server Runtime Server Subsystem] csrssa.exe
O4 - HKCU\..\RunServices: [ Microsoft Client/Server Runtime Server Subsystem] csrssa.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125624665250
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NTFSprotect - Unknown - C:\WINDOWS\ntfsprotect.exe

Thank You So Much
SpiritAu

3
Contributors
2
Replies
3
Views
12 Years
Discussion Span
Last Post by StandardsDT
0

these can go: O4 - HKLM\..\RunServices: [ Microsoft Client/Server Runtime Server Subsystem] csrssa.exe
O4 - HKCU\..\RunServices: [ Microsoft Client/Server Runtime Server Subsystem] csrssa.exe
run those programs (virus/adware)in safe mode first, then in normal mode !!!

0

these can go: O4 - HKLM\..\RunServices: [ Microsoft Client/Server Runtime Server Subsystem] csrssa.exe
O4 - HKCU\..\RunServices: [ Microsoft Client/Server Runtime Server Subsystem] csrssa.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
run those programs (virus/adware)in safe mode first, then in normal mode !!!

msdxm.ocx is needed for IE please read the following info at the following link thanks http://www.iamnotageek.com/a/msdxm.ocx.php

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.