0

Hi, i am new in this site, i think it's very cool!
this is my problem:
Norton found Trojan.Byte.Verify...it said "Deleted", and
Trojan Horse,Download.Trojan - " Not Repaired" - "Access Denied",
is it true? or there might be others...
i found a strange file, msxmidi.exe, that i deleted immediately, and
i ran Spyboot, that found nothing.
But my network does not function anymore.
I have now installed Zone Alarm, i find it's a bit difficult to use.
Can you help me?
Thanks you very much for your help.
This is my Hijack log:

Logfile of HijackThis v1.98.2
Scan saved at 1.42.28, on 14/08/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
D:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\System32\Ati2evxx.exe
D:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
D:\WINNT\System32\svchost.exe
D:\Programmi\Norton AntiVirus\navapsvc.exe
D:\WINNT\system32\regsvc.exe
D:\Programmi\Norton AntiVirus\SAVScan.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\slserv.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\System32\Tablet.exe
D:\WINNT\system32\ZoneLabs\vsmon.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\System32\mspmspsv.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\Explorer.EXE
D:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\WINNT\SOUNDMAN.EXE
D:\Programmi\Winamp\Winampa.exe
D:\Programmi\Gigabyte\Gigabyte Windows Utility Manager\ET4\et4Tray.exe
D:\Programmi\File comuni\Symantec Shared\ccApp.exe
D:\Programmi\FaxTalk Communicator\FTCtrl32.exe
D:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
D:\WINNT\system32\internat.exe
D:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
D:\Programmi\FinePixViewer\QuickDCF.exe
D:\WINNT\system32\Wtablet\TabUserW.exe
D:\Programmi\OpenOffice.org1.1.0\program\soffice.exe
D:\Programmi\FaxTalk Communicator\FAPIEXE.EXE
D:\WINNT\system32\wuauclt.exe
D:\PROGRA~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE
D:\Programmi\Internet Explorer\iexplore.exe
D:\Documents and Settings\Administrator\Documenti\Sicurezza\HijackThis!\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1040,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] D:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] "D:\Programmi\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [EasyTuneIV] D:\Programmi\Gigabyte\Gigabyte Windows Utility Manager\ET4\et4Tray.exe
O4 - HKLM\..\Run: [ccApp] "D:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] D:\Programmi\File comuni\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CallControl 4.5] D:\Programmi\FaxTalk Communicator\FTCtrl32.exe /autoload
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = D:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 1.1.0.lnk = D:\Programmi\OpenOffice.org1.1.0\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = D:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = D:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
O4 - Global Startup: Exif Launcher.lnk = D:\Programmi\FinePixViewer\QuickDCF.exe
O4 - Global Startup: TabUserW.exe.lnk = D:\WINNT\system32\Wtablet\TabUserW.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O12 - Plugin for .spop: D:\Programmi\Internet Explorer\Plugins\NPDocBox.dll

2
Contributors
5
Replies
6
Views
13 Years
Discussion Span
Last Post by crunchie
0

Download CWShredder from here & run it. Select the fix button & it will fix everything related to CoolWebSearch that is stored in it's database. Close ALL windows, including Iinternet Explorer, before running CWShredder. Reboot.

To help prevent this from happening again, install the patches for the vulnerabilities that this hijacker exploits by going here for your critical updates.

Reboot after doing this & post another log please.

0

Thank you for your help, you are very fine.
I ran CWShredder, which found & removed CWS.Yexe.
then, i downloaded all critical updates.
This is the new log:

Logfile of HijackThis v1.98.2
Scan saved at 13.19.07, on 16/08/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
D:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\System32\Ati2evxx.exe
D:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
D:\WINNT\System32\svchost.exe
D:\Programmi\Norton AntiVirus\navapsvc.exe
D:\WINNT\system32\regsvc.exe
D:\Programmi\Norton AntiVirus\SAVScan.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\slserv.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\System32\Tablet.exe
D:\WINNT\system32\ZoneLabs\vsmon.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\System32\mspmspsv.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\Explorer.EXE
D:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\WINNT\SOUNDMAN.EXE
D:\Programmi\Winamp\Winampa.exe
D:\Programmi\Gigabyte\Gigabyte Windows Utility Manager\ET4\et4Tray.exe
D:\Programmi\File comuni\Symantec Shared\ccApp.exe
D:\Programmi\FaxTalk Communicator\FTCtrl32.exe
D:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
D:\WINNT\system32\internat.exe
D:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
D:\Programmi\FinePixViewer\QuickDCF.exe
D:\Programmi\GetRight\getright.exe
D:\Programmi\GetRight\getright.exe
D:\WINNT\system32\Wtablet\TabUserW.exe
D:\Programmi\OpenOffice.org1.1.0\program\soffice.exe
D:\Programmi\FaxTalk Communicator\FAPIEXE.EXE
D:\Documents and Settings\Administrator\Documenti\Sicurezza\HijackThis!\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1040,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] D:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] "D:\Programmi\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [EasyTuneIV] D:\Programmi\Gigabyte\Gigabyte Windows Utility Manager\ET4\et4Tray.exe
O4 - HKLM\..\Run: [ccApp] "D:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] D:\Programmi\File comuni\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CallControl 4.5] D:\Programmi\FaxTalk Communicator\FTCtrl32.exe /autoload
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = D:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 1.1.0.lnk = D:\Programmi\OpenOffice.org1.1.0\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = D:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = D:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
O4 - Global Startup: Exif Launcher.lnk = D:\Programmi\FinePixViewer\QuickDCF.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = D:\Programmi\GetRight\getright.exe
O4 - Global Startup: TabUserW.exe.lnk = D:\WINNT\system32\Wtablet\TabUserW.exe
O8 - Extra context menu item: Download with GetRight - D:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - D:\Programmi\GetRight\GRbrowse.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O12 - Plugin for .spop: D:\Programmi\Internet Explorer\Plugins\NPDocBox.dll

0

I see no other problems in your log. Are you still getting the message from Norton?
You also should get service pack 1 for Internet Explorer.

0

No, Norton has displayed that message only one time.
I hope it is enoughly powerful to stop those and other Trojans effectively...
I will install SP1 for Internet Explorer, but i also want to try other browsers like Mozilla or Opera.
I hope they have not allthis security problems!
Internet seems to me to be like a jungle..
Thank you very much

0

It's a rough jungle if you are not prepared :). I have used Opera for almost a year now. No virus', no hijacks, no trojans, no running adaware & spybot once a week, no on-line virus scans. Got to be happy with that :).
Now, if I could just sort out my hardware :).

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.