Jump to content

longtimefan

Members
  • Content Count

    5
  • Joined

  • Last visited

About longtimefan

  • Rank
    New Member

Previous Fields

  • System Specifications:
    windows xp media compaq presario, sp2, amd 64 proc, 3500+ 1.79 GHz 448 mb ram wireless cable connc
  1. Yes it was, exactly !! It was in a bundle of software for HP Games that was on the computer from day one I went and did a destructive recovery per the HP tech..and it still found that trojan..This was the scan from that ===== PC Pitstop Exterminate 1.0.3.9 ====== Started: Thu Feb 22 09:38:18 2007 Windows 5.1.2600 Service Pack 2; 447MB RAM Engine : 5.6.9.2 DATs : : Could not open ppinfo.dat. Finished: Thu Feb 22 09:39:25 2007 ====== EXIT ====== ====== PC Pitstop Exterminate 1.0.3.9 ====== Started: Thu Feb 22 09:40:06 2007 Windows 5.1.2600 Service Pack 2; 447MB RAM Engine : 5.6.9.2 DATs : : Could not open ppinfo.dat. -- Begin Update Phase -- > Initializing > Checking for updates > There are 6 updates available. > Update is beginning. 6 files and 7434367 bytes need updating. > Download of file ppctl.dll is beginning. Filesize: 800272 bytes. > Download of file ppctl.dll finished. > Download of file ppclean.exe is beginning. Filesize: 501556 bytes. > Download of file ppclean.exe finished. > Download of file ppsrindex.dat is beginning. Filesize: 30729 bytes. > Download of file ppsrindex.dat finished. > Download of file ppfile.dat is beginning. Filesize: 4438550 bytes. > Download of file ppfile.dat finished. > Download of file ppinfo.dat is beginning. Filesize: 1022830 bytes. > Download of file ppinfo.dat finished. > Download of file pploc.dat is beginning. Filesize: 640430 bytes. > Download of file pploc.dat finished. > Download complete, 6 files, total 7434367 bytes > Applying Updates > 6 updates applied. Engine : 5.6.9.3 DATs : 2007.2.21.16 -- Begin Scan Phase at 09:44:50 -- -- Begin Memory Scan -- -- Begin Common-locations Scan -- -- Begin Registry Scan -- > Detected Trojan.Win32.FTP Attack -- Begin Cookie Scan -- > Detected 2o7.net > Detected Advertising.com > Detected DoubleClick > Detected Edge.ru4 Scanned 36,414 items, and detected 5 items associated with 5 threats -- Begin Removal at 09:45:09 -- >> Removing Trojan.Win32.FTP Attack > Simple: Key "hkey_local_machine \software\microsoft\windows\currentversion\run" value "reminder" >> Removing 2o7.net > Simple: Cookie "compaq_administrator@2o7[1].txt" File "C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@2o7[1].txt" >> Removing Advertising.com > Simple: Cookie "compaq_administrator@advertising[1].txt" File "C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@advertising[1].txt" >> Removing DoubleClick > Simple: Cookie "compaq_administrator@doubleclick[1].txt" File "C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@doubleclick[1].txt" >> Removing Edge.ru4 > Simple: Cookie "compaq_administrator@edge.ru4[2].txt" File "C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@edge.ru4[2].txt" -- Reboot is not required -- -- Removal is complete at 09:45:09 -- -- Final Report -- Active Threats ==> None found! Inactive Threats Trojan.Win32.FTP Attack 1 related item(s) detected, 1 removed Tracking Cookies 2o7.net 1 related item(s) detected, 1 removed Advertising.com 1 related item(s) detected, 1 removed DoubleClick 1 related item(s) detected, 1 removed Edge.ru4 1 related item(s) detected, 1 removed Finished: Thu Feb 22 09:45:15 2007 ====== EXIT ====== ====== PC Pitstop Exterminate 1.0.3.9 ====== Started: Thu Feb 22 11:05:44 2007 Windows 5.1.2600 Service Pack 2; 447MB RAM Engine : 5.6.9.3 DATs : 2007.2.21.16 -- Begin Update Phase -- > Initializing > Checking for updates > There are no updates available - Exterminate is up to date. -- Begin Scan Phase at 11:05:59 -- -- Begin Memory Scan -- -- Begin Common-locations Scan -- -- Begin Registry Scan -- -- Begin Cookie Scan -- Scanned 36,314 items, and detected 0 items associated with 0 threats -- Final Report -- Active Threats ==> None found! Inactive Threats ==> None found! Tracking Cookies ==> None found! Finished: Thu Feb 22 11:06:28 2007 ====== EXIT ====== ====== PC Pitstop Exterminate 1.0.3.9 ====== Started: Thu Feb 22 23:56:13 2007 Windows 5.1.2600 Service Pack 2; 447MB RAM Engine : 5.6.9.3 DATs : 2007.2.21.16
  2. I went ahead and did a reformat on this computer to wipe out everything because of the blue screens errors.. I installed pc pit stop right away and it still is telling me there is a trojan32.ftp attack?? This is a hp compaq presario computer, could there be something bundled in the software?
  3. Okay I will try safe mode, didnt think of that..Thanks for the help!! I also posted same thing under the hi-0jack logs with a hich jack log file posted.. Sorry if I did it wrong!
  4. I just bought pc exterminate, and did a scan..it found trojan win32 ftp .attack I turned off system restore, and had ran the scan again and then had exterminate "fix it" I rebooted, scanned again and it was still there.. windows xp sp2 spybot search and destroy found nothing, ad ware found nothing..both had updates before scanning.. pc exterminate was updated and still found it even tho it should have been "fixed" Here is my hi-jack log Thank you for your time!!!!!!!! and your assistance!! Logfile of HijackThis v1.99.1 Scan saved at 1:43:17 PM, on 2/21/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\SMINST\RECGUARD.EXE C:\Program Files\DISC\DiscUpdMgr.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\LXSUPMON.EXE C:\WINDOWS\arservice.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\NETGEAR\WG111v2\WG111v2.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Compaq_Administrator\Desktop\hi jack this\HijackThis.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdMgr.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.trymedia.com (HKLM) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1171848772500 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  5. I disabled system restore, ran the scan, had exterminate "fix" the trojan it found, but it keeps coming back
×
×
  • Create New...