Computers| Computers |
|
12-14-2007, 09:32 AM
| #1 (permalink) |
| Newb Techie Join Date: Dec 2007
Posts: 10
|  HELP: Infected System Hi, I have XP professional with Service Pack 2 Installed. And from 5-6 months since i have installed my windows....the Windows Firewall that comes with SP2 is always on and I am using NOD32 anti-virus system which is always upto-date. I have been made sure on BleepingComputer's forum(official forums of the software HijackThis) that the log file of my system saved by HijackThis scan that was posted on there forum shows nothing suspicious and its clean. As written in there steps , I scanned my pc with NOD32 latest anti-virus system, AVG Anti-spyware latest, BitDefender Online scanner, Spyware Doctor, HijackThis, Registry Mechanic and Nothing was found. Still my gutt feeling say that some data is logged and is been sent to a remote computer, (may be undetectable trojan). And also I am NOT experiencing any type of problem with my system. How shld i confirm this that my system is free of any spyware/virus/worm/trojan?? Thanx Last edited by script.kiddie; 12-14-2007 at 09:39 AM. |
|  |
|
12-14-2007, 11:44 AM
| #3 (permalink) |
| Newb Techie Join Date: Dec 2007
Posts: 10
| Re: HELP: Infected System This log file is about 10 days old by never mind I hav'nt installed anything or downloaded anything after that date till now. Log file of processes by HijackThis: Process list saved on 10:13:43 AM, on 12/4/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) [pid] [full path to filename] [file version] [company name] 572 C:\WINDOWS\System32\smss.exe 5.1.2600.2180 Microsoft Corporation 672 C:\WINDOWS\system32\winlogon.exe 5.1.2600.2180 Microsoft Corporation 716 C:\WINDOWS\system32\services.exe 5.1.2600.2180 Microsoft Corporation 728 C:\WINDOWS\system32\lsass.exe 5.1.2600.2180 Microsoft Corporation 884 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation 1052 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation 1088 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation 1440 C:\WINDOWS\system32\spoolsv.exe 5.1.2600.2696 Microsoft Corporation 1820 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe 7.5.1.36 GRISOFT s.r.o. 1872 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation 1900 C:\Program Files\Eset\nod32krn.exe 2.70.32.0 Eset 1988 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation 172 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation 1120 C:\WINDOWS\Explorer.EXE 6.0.2900.3156 Microsoft Corporation 1612 C:\Program Files\Eset\nod32kui.exe 2.70.32.0 Eset 4076 C:\Program Files\Yahoo!\Messenger\YPager.exe 7.0.2.120 3260 C:\Program Files\Google\Google Talk\googletalk.exe 1.0.0.104 Google 3796 C:\PROGRA~1\MOZILL~1\FIREFOX.EXE 1.8.20071.12718 Mozilla Corporation 240 C:\WINDOWS\system32\taskmgr.exe 5.1.2600.2180 Microsoft Corporation 3432 C:\PROGRA~1\WINZIP\winzip32.exe 18.0.6224.0 WinZip Computing, Inc. 3640 C:\Documents and Settings\Akshay\Local Settings\Temp\HijackThis.exe 2.0.0.2 Trend Micro Inc. 2684 C:\WINDOWS\system32\NOTEPAD.EXE 5.1.2600.2180 Microsoft Corporation DLLs loaded by process C:\WINDOWS\system32\svchost.exe: [full path to filename] [file version] [company name] C:\WINDOWS\system32\ntdll.dll 5.1.2600.2180 Microsoft Corporation C:\WINDOWS\system32\kernel32.dll 5.1.2600.2180 Microsoft Corporation C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.2180 Microsoft Corporation C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.2180 Microsoft Corporation C:\WINDOWS\system32\ShimEng.dll 5.1.2600.2180 Microsoft Corporation C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.2180 Microsoft Corporation C:\WINDOWS\system32\USER32.dll 5.1.2600.2180 Microsoft Corporation C:\WINDOWS\system32\GDI32.dll 5.1.2600.3159 Microsoft Corporation C:\WINDOWS\system32\WINMM.dll 5.1.2600.2180 Microsoft Corporation C:\WINDOWS\system32\ole32.dll 5.1.2600.2180 Microsoft Corporation C:\WINDOWS\system32\msvcrt.dll 7.0.2600.2180 Microsoft Corporation C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.3139 Microsoft Corporation C:\WINDOWS\system32\MSACM32.dll 5.1.2600.2180 Microsoft Corporation C:\WINDOWS\system32\VERSION.dll 5.1.2600.2180 Microsoft Corporation C:\WINDOWS\system32\SHELL32.dll 6.0.2900.2180 Microsoft Corporation C:\WINDOWS\system32\SHLWAPI.dll 6.0.2900.3157 Microsoft Corporation C:\WINDOWS\system32\USERENV.dll 5.1.2600.2180 Microsoft Corporation C:\WINDOWS\system32\UxTheme.dll 6.0.2900.2180 Microsoft Corporation C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 6.0.2900.2180 Microsoft Corporation C:\WINDOWS\system32\comctl32.dll 5.82.2900.2180 Microsoft Corporation C:\WINDOWS\system32\NTMARTA.DLL 5.1.2600.2180 Microsoft Corporation C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.2180 Microsoft Corporation C:\WINDOWS\system32\SAMLIB.dll 5.1.2600.2180 Microsoft Corporation c:\windows\system32\rpcss.dll 5.1.2600.2180 Microsoft Corporation c:\windows\system32\WS2_32.dll 5.1.2600.2180 Microsoft Corporation c:\windows\system32\WS2HELP.dll 5.1.2600.2180 Microsoft Corporation c:\windows\system32\Secur32.dll 5.1.2600.2180 Microsoft Corporation C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.2180 Microsoft Corporation C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.258 Microsoft Corporation C:\WINDOWS\system32\COMRes.dll 2001.12.4414.258 Microsoft Corporation c:\windows\system32\termsrv.dll 5.1.2600.2180 Microsoft Corporation c:\windows\system32\ICAAPI.dll 5.1.2600.2180 Microsoft Corporation c:\windows\system32\SETUPAPI.dll 5.1.2600.2180 Microsoft Corporation C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.2180 Microsoft Corporation C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.2180 Microsoft Corporation C:\WINDOWS\system32\MSASN1.dll 5.1.2600.2180 Microsoft Corporation C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.2180 Microsoft Corporation c:\windows\system32\AUTHZ.dll 5.1.2600.2180 Microsoft Corporation c:\windows\system32\mstlsapi.dll 5.1.2600.2180 Microsoft Corporation c:\windows\system32\ACTIVEDS.dll 5.1.2600.2180 Microsoft Corporation c:\windows\system32\adsldpc.dll 5.1.2600.2180 Microsoft Corporation C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.2180 Microsoft Corporation c:\windows\system32\ATL.DLL 3.5.2284.0 Microsoft Corporation C:\WINDOWS\system32\REGAPI.dll 5.1.2600.2180 Microsoft Corporation C:\WINDOWS\system32\rsaenh.dll 5.1.2600.2161 Microsoft Corporation C:\WINDOWS\system32\Apphelp.dll 5.1.2600.2180 Microsoft Corporation and here is the log file of general scan done using HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:11:08 AM, on 12/4/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Eset\nod32kui.exe C:\Program Files\Yahoo!\Messenger\YPager.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\taskmgr.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\Akshay\Local Settings\Temp\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKCU\..\RunOnce: [CleanUp!] C:\Program Files\CleanUp!\Cleanup.exe /WindowsRestart O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{6D453ED8-EEDF-4FE8-80AA-6B8EBF8980D3}: NameServer = 61.1.96.71,61.1.64.65 O17 - HKLM\System\CCS\Services\Tcpip\..\{A82F9EC1-05B6-43AD-979D-19079AC12C8C}: NameServer = 218.248.240.208 218.248.255.193 O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe |
|
| |
|
12-14-2007, 12:32 PM
| #4 (permalink) |
| Security/Hacking Mod  Join Date: Jan 2005 Location: USA
Posts: 24,723
|  Re: HELP: Infected System The only thing I see that might be an issue is this: O17 - HKLM\System\CCS\Services\Tcpip\..\{6D453ED8-EEDF-4FE8-80AA-6B8EBF8980D3}: NameServer = 61.1.96.71,61.1.64.65 O17 - HKLM\System\CCS\Services\Tcpip\..\{A82F9EC1-05B6-43AD-979D-19079AC12C8C}: NameServer = 218.248.240.208 218.248.255.193 Do you have a static IP address? If you remove these and you dont have an internet connection afterwards, you will need to reinstall your network card. But if your not getting any popups, Its safe to say that you are clean. |
|
| |
|
12-14-2007, 09:22 PM
| #5 (permalink) |
| Newb Techie Join Date: May 2007
Posts: 27
| Re: HELP: Infected System I don't think you mentioned it in your post, but try the same scans from safe mode. I've had a couple machines at work that were not quite right and would come up clean until I scanned with various programs in safe mode. |
|
| |
|
12-15-2007, 12:11 AM
| #6 (permalink) | ||
| Newb Techie Join Date: Dec 2007
Posts: 10
| Re: HELP: Infected System Quote:
Quote:
Scanning so many times in safe mode and normal mode, can this result crashing the hard drive?? I mean its a general question just for my knowledge. Last edited by script.kiddie; 12-15-2007 at 11:19 AM. | ||
|
| |
 |
| Thread Tools | |
| Display Modes | |
| |
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Osiris' 4 Step Spyware Removal Guide (old) | Osiris | Virus - Spyware Protection / Detection | 89 | 12-26-2007 05:37 PM |
| Issue with BF2 on my E510 | dykzeulb | PC Gaming | 8 | 10-21-2007 03:26 PM |
| seagate 80gigs failing.. | acuariano | Hardware Troubleshooting | 27 | 08-27-2007 09:43 PM |
| AMD Athlon™ 64 X2 Dual Core Processor Utilities & Updates | Osiris | Overclocking, Case Mod, Tweaking PC Performance | 6 | 05-31-2007 12:41 PM |
| User Locked Out of Account....Its Weird Though.... | qbbraveheart | Computer Networking & Internet Access | 2 | 05-07-2007 08:58 AM |
Linear Mode
