Home > Trojan Horse > Trojan Horse Drppr Virus Help HJT Log

Trojan Horse Drppr Virus Help HJT Log

The server may have just been busy. We invite you to ask questions, share experiences, and learn. Post the following logs/Reports: ComboFix.txt Fresh HijackThis log run after all the other tools have performed their cleanup. The other thing is, when I started turning the AVG components back on, when I re-enabled the Email Scanner for Incoming Messages, AVG detected a threat at C:\COMBOFIX\CATCHME.TMP. http://intracom2008.com/trojan-horse/trojan-horse-virus.html

Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the "Follow Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html O8 - Extra context menu I have subsequently used HijackThis and would hope some one can help me. http://www.bleepingcomputer.com/forums/t/172407/trojan-horse-dropper/

Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

Jump Back to top #10 Trevuren Trevuren Teacher Emeritus Authentic Member 8,632 posts Interests:Woodworking Posted 17 January 2008 - 04:11 PM Since this issue appears to be resolved ... scanning hidden files ... . Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_3_12_0.DLL O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 -

Try What the Tech -- It's free! scan completed successfully hidden files: 0 ************************************************************************** . Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Register now!

uInternet Settings,ProxyOverride = *.local IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe Trusted Zone: com\*.Wondershare TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\gd9vrt1f.default\ FF - prefs.js: browser.search.selectedEngine - Google FF I have AVG anti-virus instlled & after a scan I found 10 viruses - Trojan Droppers & Downloaders Thread Tools Search this Thread 09-15-2004, 02:31 PM #1 relle If you need help post in the forum. http://www.techsupportforum.com/forums/f284/trojan-horse-drppr-virus-help-hjt-log-15884.html Post fresh HJT, AVG Antispyware and Combofix logs as Attachments into this thread, only after doing the above.

Please print out or copy this page to Notepad. That may cause it to stall Microsoft MVP Consumer Security 2008 - 2009 Proud graduate of TC/WTT Classroom The help you receive here is free. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix. 5. I wasn't certain, so I've been disabling them to do each of these processes.

Joe.


Joe London's WebSite Man is the only animal that blushes -- or needs to. \n\n>-- Mark Twain Joe_London View Public Profile Send a private message Partition starts at LBA: 63 Numsec = 2930255937 Partition file system is NTFS Partition is bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Main Sections Technology News Reviews Features Product Finder Downloads Drivers Community TechSpot Forums Today's Posts Ask a Question News & Comments Useful Resources Best of the Best Must Reads Trending Now The main points of it were: INVALID_KERNAL_HANDLE and the Stop: 0x00000093 (0x00000144,0x00000000, 0x00000000, 0x00000000) I had to manually restart the computer when that screen appeared.

Glad we could be of assistance. check over here Please re-enable javascript to access full functionality. [Resolved]Trojan Horse Dropper.Agent.GIT - HJT Log included Started by MungBean , Jan 16 2008 01:26 AM This topic is locked 9 replies to this It took me to pages on these websites (changed the actual . Back to top Advertisements Register to Remove #2 Trevuren Trevuren Teacher Emeritus Authentic Member 8,632 posts Interests:Woodworking Posted 16 January 2008 - 12:21 PM Hello MungBean and welcome to the

Logfile of HijackThis v1.97.7 Scan saved at 11:23:49, on 20/10/2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe WD external hard Drive interfering... The link worked after a few minutes. his comment is here I got a prompt this morning telling me that i have a trojan horse virus.

Live 2007-12-25 19:34 --------- d-----w C:\Program Files\Pokie Magic Games 2007-12-24 01:19 --------- d-----w C:\Program Files\Azureus 2007-12-18 03:23 --------- d-----w C:\Program Files\Scions of Fate 2007-12-15 22:23 --------- d-----w C:\Documents and Settings\All Users\Application I mean, the icons on the desktop went away and nothing but my wallpaper and the Combofix window remained, but it didn't restart (with Windows XP screen coming up and everything). TechSpot is a registered trademark.

Win32/TrojanDropper.Agent.DGO virus (unable to clean - deleted) C:\QooBox\Quarantine\C\Windows\system32\vtutt.exe.vir After all that I did a full system scan with AVG and it detected nothing.

This infection tends to attempt to rename executable files that run at startup and replace them with infected copies. I want you to save it to the desktop and run it from there.Link 1Link 2Link 31. Logfile of HijackThis v1.98.2 Scan saved at 20:47:11, on 20/10/2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe Only the original thread starter can do this.

c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\All Users\Application Data\TEMP\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe c:\documents and settings\All Users\Application Data\TEMP\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe c:\documents and settings\All Users\Application Data\TEMP\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe c:\documents and settings\All Users\Application Data\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe c:\documents Join the ClassRoom and learn how. Consider a custom hosts file such as MVPS HOSTS. weblink I was still able to do a scan and it now showed that MSN messenger was infected.

Without these you are leaving the back door open. 4. Literati - http://download.games.yahoo.com/game...ts/y/tt2_x.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/apop/def...ploader_v5.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab « Please Note: Do not mouse-click combofix's window while it is running. That may cause it to stallNote 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer"information and logs"In

Drazek View Public Profile Send a private message to Drazek Find all posts by Drazek #5 20-10-04, 15:02 Drazek Familiar face Join Date: Oct 2004 Posts: 35 Re: Private Messages for personal support will be ignored. That's pretty much all that has happened until now, so here's the Hijack This! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_ 12_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 -

If you wish to show your appreciation, then you may donate to help keep us online. I ignored that message as I have no idea what vtutt is and I'm not experienced enough to play around with the resistry. Install Spybot - Search and Destroy - Download and install Spybot - Search and Destroy with its TeaTimer option. TechSpot Account Sign up for free, it takes 30 seconds.

Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... It is. Once again, the computer never fully restarted, but after making sure I had a copy of the new combofix log saved to my desktop, I restarted my computer just to be That may cause it to stall.

VundoFix backups, if present The C:\Deckard folder, if present The C:_OtMoveIt folder, if present Reset the clock settings. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. I clicked OK then another message appeared saying that vtutt should be removed from the registry if it is no longer installed. That may cause it to stallNote 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer"information and logs"In

Hide System/Hidden files, if required. Anyway, here the ComboFix log: ComboFix 08-01-09.2 - David 2008-01-17 10:09:04.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.617 [GMT 10:00] Running from: C:\Documents and Settings\David\Desktop\ComboFix.exe * Created a new restore Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:07:53 PM, on 16/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe Jump to content Sign In Create Account Search Advanced Search section: This topic Forums Members Help Files Calendar View New Content Forum Rules BleepingComputer.com Forums Members Tutorials Startup List