Register Members List Social Groups Search Today's Posts Mark Forums Read  
Computer Forums

Member Login

Remember Me? Sign Up! | Forgot Password
 
Slogan
 
Computer Forums > The World Wide Web > Virus - Spyware Protection / Detection » Trojan Horse lop.BK
Closed Thread
LinkBack Thread Tools Display Modes
 
Old 03-31-2007, 01:38 AM   #1 (permalink)
 
Newb Techie

Join Date: Mar 2007

Posts: 23

Havoc1212

Exclamation Trojan Horse lop.BK
Hello my tech-wise friends!

I turned on my computer this morning and AVG tells me I have a virus called Trojan Horse lop.BK. I tried scanning my computer with AVG but it didn't detect it. What would you recommend for getting rid of this nuisance?
Havoc1212 is offline  
Old 03-31-2007, 02:52 AM   #2 (permalink)
Osiris's Avatar
 

Join Date: Jan 2005

Location: Kentucky

Posts: 32,219

Osiris is a jewel in the roughOsiris is a jewel in the roughOsiris is a jewel in the roughOsiris is a jewel in the rough

Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris Send a message via Skype™ to Osiris
Default Re: Trojan Horse lop.BK
post a hijackthis log
__________________
Osiris is offline  
Old 03-31-2007, 01:09 PM   #3 (permalink)
 
Newb Techie

Join Date: Mar 2007

Posts: 23

Havoc1212

Default Re: Trojan Horse lop.BK
Quote:
Originally Posted by Warez Monster View Post
post a hijackthis log
Ergh, what's that? :S
Havoc1212 is offline  
Old 03-31-2007, 01:33 PM   #4 (permalink)
 
Newb Techie

Join Date: Mar 2007

Posts: 23

Havoc1212

Default Re: Trojan Horse lop.BK
Oh wait, is it this?

Logfile of HijackThis v1.99.1
Scan saved at 11:31:53 AM, on 31/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
C:\PROGRA~1\Keyboard\Ikeymain.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HighSpeedLite.com Accelerator\PropelAC.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\skater dude\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = eMachines Computers
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=localhost:8081
O2 - BHO: (no name) - {0675C27D-61A9-4AA0-9627-8AC5D32DFA4D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - C:\WINDOWS\system32\cbxwuss.dll
O2 - BHO: (no name) - {46656D2B-2532-4CB2-B22C-ACC7C38D2F63} - C:\WINDOWS\system32\qpkhxxpa.dll (file missing)
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\gjaouehb.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\HighSpeedLite.com Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {81815989-F5B3-45A0-9A47-62064A1BB60D} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {CB5DCA5F-DE40-46E0-AD5A-DDD4A6597EE4} - (no file)
O2 - BHO: (no name) - {E94D4679-0CFC-47B8-A62D-566202AC1148} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MediaFace Integration] "C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe"
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\HighSpeedLite.com Accelerator\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundService] "rundll32.exe" "C:\WINDOWS\system32\rjeycvwx.dll",setvm
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\HighSpeedLite.com Accelerator\pac-addwl.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\HighSpeedLite.com Accelerator\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\HighSpeedLite.com Accelerator\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1140818889702
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awvvs - C:\WINDOWS\
O20 - Winlogon Notify: cbxwuss - C:\WINDOWS\SYSTEM32\cbxwuss.dll
O20 - Winlogon Notify: geeby - C:\WINDOWS\system32\geeby.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: qomjhfe - C:\WINDOWS\SYSTEM32\qomjhfe.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dl l
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Havoc1212 is offline  
Old 04-01-2007, 12:08 PM   #5 (permalink)
Osiris's Avatar
 

Join Date: Jan 2005

Location: Kentucky

Posts: 32,219

Osiris is a jewel in the roughOsiris is a jewel in the roughOsiris is a jewel in the roughOsiris is a jewel in the rough

Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris Send a message via Skype™ to Osiris
Default Re: Trojan Horse lop.BK
Yes thats it


remove these entries


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = eMachines Computers

O2 - BHO: (no name) - {0675C27D-61A9-4AA0-9627-8AC5D32DFA4D} - (no file)

O2 - BHO: (no name) - {182B90A3-F372-438A-800C-6814B4DE417B} - C:\WINDOWS\system32\cbxwuss.dll

O2 - BHO: (no name) - {46656D2B-2532-4CB2-B22C-ACC7C38D2F63} - C:\WINDOWS\system32\qpkhxxpa.dll (file missing)

O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\gjaouehb.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {81815989-F5B3-45A0-9A47-62064A1BB60D} - (no file)

O2 - BHO: (no name) - {CB5DCA5F-DE40-46E0-AD5A-DDD4A6597EE4} - (no file)

O2 - BHO: (no name) - {E94D4679-0CFC-47B8-A62D-566202AC1148} - (no file)

O4 - HKLM\..\Run: [SoundService] "rundll32.exe" "C:\WINDOWS\system32\rjeycvwx.dll",setvm

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O20 - Winlogon Notify: awvvs - C:\WINDOWS\

O20 - Winlogon Notify: cbxwuss - C:\WINDOWS\SYSTEM32\cbxwuss.dll

O20 - Winlogon Notify: geeby - C:\WINDOWS\system32\geeby.dll (file missing)

O20 - Winlogon Notify: qomjhfe - C:\WINDOWS\SYSTEM32\qomjhfe.dll



then post another log after you remove these
__________________
Osiris is offline  
 
Closed Thread

« Urgent trojan problem. | JavaScript Botnet Code Leaked To Internet »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
Urgent trojan problem. gloomer Virus - Spyware Protection / Detection 2 04-01-2007 12:03 PM

Contact Us - Computer Technology Forums - Archive - Top

 

All times are GMT -5. The time now is 12:33 PM.
Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.3.2 Copyright ©2002-2009, Tech-Forums.net
vBulletin skin created by Baez & Baez Computers Inc.   |   Contact Management Software and AAOutlook 		Log Out Unregistered