Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and HijackThis Logs » Download.Trojan: Hijackthis Log

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

Download.Trojan: Hijackthis Log

Reply
Thread Tools
Spyware, Adware, Viruses and HijackThis Logs
  #1 (permalink)  
Old 16-01-2006, 03:51 AM
Newbie
D-A-L Newbie
  
Join Date: Jun 2005
Posts: 7
Dominic Greco Is a beginner here at D-A-L
Download.Trojan: Hijackthis Log
Good evening,
I have (yet another) virus on my computer. NAV reports it as a variant of the Download.Trojan virus. But it doesn't get more specific than that.

After turning on my computer, and when I attempt to use my browser (IE) for the first time, a NAV dialog box pops and tells me it detected a virus and has quarantined it. However, it keeps happening. I've noticed a degradation in performance and my email program (MS Outlook) will not retrieve email from my mail server.

Using Control Panel, I've deleted all offline content, as well as any cookies (just to be sure). I've also run the latest versions of Spybot (which found nothing) and Adaware (which found two occurrences of spyware).

Here is my Hijack this log:
---------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:40:00 PM, on 1/15/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\RunDll32.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\WINNT\system32\mshta.exe
D:\install\HiJackthis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.netscape.com/index2.psp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.hta
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: start.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1129850646845
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/...npseatools.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 16-01-2006, 02:52 PM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: Download.Trojan: Hijackthis Log
Run the following two scans:


Please download, install, update and scan your system with the free (trial) version of Ewido trojan scanner:
  1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  2. When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  3. From the main ewido screen, click on update in the left menu, then click the Start update button.
  4. After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
  5. If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
  6. When the scan finishes, click on "Save Report". This will create a text file. Please then paste the contents of the text file to this thread.


REBOOT.


Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
      - Extended (if available otherwise Standard)
    • Scan Options:
      - Scan Archives
      - Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    • Select My Computer
  • This program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 17-01-2006, 03:04 AM
Newbie
D-A-L Newbie
  
Join Date: Jun 2005
Posts: 7
Dominic Greco Is a beginner here at D-A-L
Re: Download.Trojan: Hijackthis Log
Thanks for the help! I believe Ewido found the virus and eliminated it. However, I still will do as you suggested and run Kaspersky Online Scanner

-------------------------------------
Here is the report from Ewido:

ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 8:58:24 PM, 1/16/2006
+ Report-Checksum: 1EBB0D29

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup


::Report End

--------------------------
Here is the elog file for Kaspersky Online Scanner

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, January 17, 2006 01:47:29
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 17/01/2006
Kaspersky Anti-Virus database records: 161114
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 48457
Number of viruses found: 1
Number of infected objects: 72
Number of suspicious objects: 0
Duration of the scan process: 2629 sec

Infected Object Name - Virus Name
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\06D06BCF.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\073761D7.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\14C66BFB.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1BC82634.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1C81590D.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1DF163CC.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1E5759D4.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1EBD4FDB.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\207F7559.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\251F3054.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\275D6DA4.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\27713EF3.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28C87779.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28D84967.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28DB7364.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28DF1D60.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28E2475D.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\29061535.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\29093F31.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\29475CED.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\295404DF.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\295E02D4.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\333C5B03.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\35DE47D9.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\36443DE0.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\39A25611.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3B3E004C.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3B4B283E.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3BCA0DB2.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3BD735A3.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3BE13398.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3BEE5B8A.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3BF8597F.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3C050171.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3C0F7F66.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3C1C2758.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3C294F49.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3CAF08B6.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3F990311.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\46E13536.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\499066F1.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4A700C36.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4B0071B0.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4D6535DE.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\51700197.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\51742B93.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\539F0D30.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\56004835.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\56F60583.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\571A535B.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\57317942.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\57384D3B.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\573B7737.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\573E2134.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\611754F6.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\61910433.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\61F77A3B.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\624A370D.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\625D7042.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6D747D04.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6FB073D2.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\77803CF6.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\78384CF3.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7DA573FE.exe Infected: Trojan-Downloader.Win32.Small.ccm
C:\WINNT\system32\ldr299.dll Infected: Trojan-Downloader.Win32.Small.ccm
C:\WINNT\system32\ldr601.dll Infected: Trojan-Downloader.Win32.Small.ccm
C:\WINNT\system32\ldr742.dll Infected: Trojan-Downloader.Win32.Small.ccm
C:\WINNT\system32\ldr766.dll Infected: Trojan-Downloader.Win32.Small.ccm
C:\WINNT\system32\ldr804.dll Infected: Trojan-Downloader.Win32.Small.ccm
C:\WINNT\system32\ldr870.dll Infected: Trojan-Downloader.Win32.Small.ccm
C:\WINNT\system32\ldr874.dll Infected: Trojan-Downloader.Win32.Small.ccm
C:\WINNT\system32\ldr924.dll Infected: Trojan-Downloader.Win32.Small.ccm

Scan process completed.
Last edited by Dominic Greco; 17-01-2006 at 09:01 AM. Reason: added log file
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 18-01-2006, 09:42 PM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: Download.Trojan: Hijackthis Log
Suggest that you clean out the NAV quarantine area.


Be mindful that some tools like NAV find the viruses created by a Trojan but do not attempt to deal with the Trojan itself or any related EXECUTABLE files.


Delete the following files in SAFE MODE, if still present:

Try using exact search TEXT: C:\WINNT\system32\ldr*.DLL in case new variations may have also been created.


Infected: Trojan-Downloader.Win32.Small.ccm

C:\WINNT\system32\ldr299.dll
C:\WINNT\system32\ldr601.dll
C:\WINNT\system32\ldr742.dll
C:\WINNT\system32\ldr766.dll
C:\WINNT\system32\ldr804.dll
C:\WINNT\system32\ldr870.dll
C:\WINNT\system32\ldr874.dll
C:\WINNT\system32\ldr924.dll



REBOOT.

Verify that Kaspersky is now running clean.

Post a new HJT log and indicate how your PC is now behaving
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
hijackthis log trojan? error1f1f Spyware, Adware, Viruses and HijackThis Logs 5 30-07-2007 04:54 AM
download.generic2 trojan help gazza1988 Spyware, Adware, Viruses and HijackThis Logs 13 28-12-2006 01:25 PM
download.trojan help 5h0rtieee Spyware, Adware, Viruses and HijackThis Logs 1 16-04-2006 04:55 PM
download.trojan oskar132 Windows XP Help 1 02-06-2005 11:47 PM
Trojan.StartPage automatic download KyPPo Spyware, Adware, Viruses and HijackThis Logs 4 04-02-2005 08:39 PM


All times are GMT +1. The time now is 06:08 PM.
Member Login
Remember me ?
Forgot password?
Ads

Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav