0

hi,

about a month ago my computer was infected with a spyaxe virus (with the little virus alert icon in the notification area). i thought it was fixed but recently i tried to open some of my microsoft word documents and none of them will open!! same goes for my excel documents. a window will pop up saying that the document is not available. :sad:when i close microsoft word it tries to make changes to the template "normal", which i always cancel or say no to. using yet another virus scan program (AVG Anti-virus) i fount a trojan virus named tracert.exe in my documents folder within a folder named microsoft but it cant delete it.
i think this infection happened when i was infected with the other virus because i dont think i've downloaded anything suspicious since then but i'm not sure since i have not used microsoft word or excel since then. can someone please help me!

Logfile of HijackThis v1.99.1
Scan saved at 8:48:33 PM, on 6/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\WService.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ZVolume Pro\ZVolume.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Erin B. Howey\Desktop\HijackThis.exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ZVolume] C:\Program Files\ZVolume Pro\ZVolume.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,77/mcinsctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,18/mcgdmgr.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: STOPzilla Local Service - Unknown owner - C:\Program Files\STOPzilla!\szntsvc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

2
Contributors
2
Replies
3
Views
11 Years
Discussion Span
Last Post by lioness726
0

Not seeing much in your log, though that doesn't mean its not here. Lets see if ewido picks it up.


Please download ewido anti-malware it is a free version of the program.

  1. Install ewido anti-malware
  2. When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  3. Launch ewido, there should be an icon on your desktop, double-click it.
  4. The program will now open to the main screen.
  5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  6. You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  7. The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful" )

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:

  • Open up Ewido
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
  • Close ewido anti-malware.

Reboot.

Post back with the ewido log, and a new HJT log

0

I was running ewido while writing the first post. Here's what it found. These same cookies (all 48 of them!) were there when i ran the scan a few days ago....does that indicate anything??

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:06:35 PM, 6/13/2006
+ Report-Checksum: A67773BB

+ Scan result:

:mozilla.6:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Erin B. Howey\Application Data\Mozilla\Firefox\Profiles\urmubep3.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP288\A0045467.exe -> Downloader.Zlob.im : Cleaned with backup
C:\WINDOWS\Sуmantec\аttrib.exe -> Adware.PurityScan : Cleaned with backup


::Report End

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.