The_Avatar Posted April 21, 2006 Share Posted April 21, 2006 ok so my computer detected a trojan horse and access was denied to it so im kinda confused on how to delete it since even the computer itself cant get to it anyone have any advice to get rid of it? i use windows xp. the filename of the trojan is system32/howipe but i cant get to it for some reason. heres a hijackthis log Logfile of HijackThis v1.99.1 Scan saved at 6:17:01 PM, on 4/21/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss[Caution: Executable File] C:\WINDOWS\system32\csrss[Caution: Executable File] C:\WINDOWS\system32\winlogon[Caution: Executable File] C:\WINDOWS\system32\services[Caution: Executable File] C:\WINDOWS\system32\lsass[Caution: Executable File] C:\WINDOWS\system32\svchost[Caution: Executable File] C:\WINDOWS\system32\svchost[Caution: Executable File] C:\WINDOWS\System32\svchost[Caution: Executable File] C:\WINDOWS\system32\svchost[Caution: Executable File] C:\WINDOWS\system32\svchost[Caution: Executable File] c:\Program Files\Common Files\Symantec Shared\ccProxy[Caution: Executable File] c:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: Executable File] c:\Program Files\Norton AntiVirus\navapsvc[Caution: Executable File] c:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: Executable File] c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc[Caution: Executable File] c:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: Executable File] C:\WINDOWS\system32\spoolsv[Caution: Executable File] C:\WINDOWS\system32\svchost[Caution: Executable File] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM[Caution: Executable File] C:\Program Files\Spyware Doctor\sdhelp[Caution: Executable File] C:\WINDOWS\system32\wdfmgr[Caution: Executable File] c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC[Caution: Executable File] C:\WINDOWS\System32\alg[Caution: Executable File] C:\WINDOWS\system32\svchost[Caution: Executable File] C:\WINDOWS\Explorer[Caution: Executable File] C:\Program Files\Java\j2re1.4.2_03\bin\jusched[Caution: Executable File] C:\windows\system\hpsysdrv[Caution: Executable File] C:\HP\KBD\KBD[Caution: Executable File] C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: Executable File] C:\WINDOWS\ALCXMNTR[Caution: Executable File] C:\Program Files\iTunes\iTunesHelper[Caution: Executable File] C:\Program Files\QuickTime\qttask[Caution: Executable File] C:\Program Files\Microsoft AntiSpyware\gcasServ[Caution: Executable File] C:\WINDOWS\system32\rundll32[Caution: Executable File] C:\Program Files\Internet Explorer\iexplore[Caution: Executable File] C:\WINDOWS\system32\ctfmon[Caution: Executable File] C:\Program Files\Comcast Wireless Adapter\MA111 Configuration Utility\Wlancfg4[Caution: Executable File] C:\Program Files\iPod\bin\iPodService[Caution: Executable File] C:\Program Files\Microsoft AntiSpyware\gcasDtServ[Caution: Executable File] c:\Program Files\Common Files\Symantec Shared\NMain[Caution: Executable File] c:\PROGRA~1\NORTON~1\navw32[Caution: Executable File] C:\Program Files\Internet Explorer\iexplore[Caution: Executable File] C:\PROGRA~1\SPYWAR~1\swdoctor[Caution: Executable File] C:\Program Files\WinAce\WinAce[Caution: Executable File] C:\DOCUME~1\WALKER~1.YOU\LOCALS~1\Temp\~AceTemp\hijackthis\HijackThis[Caution: Executable File] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched[Caution: Executable File] O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv[Caution: Executable File] O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD[Caution: Executable File] O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray[Caution: Executable File]" /r O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: Executable File]" -osboot O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD[Caution: Executable File] O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray[Caution: Executable File] O4 - HKLM\..\Run: [VTTimer] VTTimer[Caution: Executable File] O4 - HKLM\..\Run: [siSPower] Rundll32[Caution: Executable File] SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp[Caution: Executable File]" O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2[Caution: Executable File] O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR[Caution: Executable File] O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher[Caution: Executable File] O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper[Caution: Executable File]" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: Executable File]" -atboottime O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon[Caution: Executable File] /Consumer O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ[Caution: Executable File]" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32[Caution: Executable File] bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [hgqhp[Caution: Executable File]] C:\WINDOWS\system32\hgqhp[Caution: Executable File] O4 - HKCU\..\Run: [ctfmon[Caution: Executable File]] C:\WINDOWS\system32\ctfmon[Caution: Executable File] O4 - HKCU\..\Run: [unSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC[Caution: Executable File]" O4 - Global Startup: MA111 Configuration Utility.lnk = C:\Program Files\Comcast Wireless Adapter\MA111 Configuration Utility\Wlancfg4[Caution: Executable File] O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL[Caution: Executable File]/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: Executable File] O9 - Extra button: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Program Files\UnSpyPC\UnSpyPC[Caution: Executable File] (file missing) (HKCU) O9 - Extra 'Tools' menuitem: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Program Files\UnSpyPC\UnSpyPC[Caution: Executable File] (file missing) (HKCU) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.com/real/player/downl ... st_Win.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2323CF34-8576-4C61-8721-24167ADCD433}: NameServer = 85.255.116.35,85.255.112.65 O17 - HKLM\System\CCS\Services\Tcpip\..\{4B7E0D0C-4F12-43E9-AD5F-13B2A68BDAFA}: NameServer = 85.255.116.35,85.255.112.65 O17 - HKLM\System\CCS\Services\Tcpip\..\{A41A599C-479B-4AF8-B6E2-19E011457540}: NameServer = 85.255.116.35,85.255.112.65 O17 - HKLM\System\CCS\Services\Tcpip\..\{B45F6CD2-EA79-4726-A7B6-5300B43CDD4C}: NameServer = 85.255.116.35,85.255.112.65 O17 - HKLM\System\CCS\Services\Tcpip\..\{DA8977FB-9E3A-4408-9B9B-973A702648EA}: NameServer = 85.255.116.35,85.255.112.65 O17 - HKLM\System\CS1\Services\Tcpip\..\{2323CF34-8576-4C61-8721-24167ADCD433}: NameServer = 85.255.116.35,85.255.112.65 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: Executable File] O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy[Caution: Executable File] O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc[Caution: Executable File] O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: Executable File] O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: Executable File] O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: Executable File] O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc[Caution: Executable File] O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - c:\Program Files\Norton AntiVirus\IWP\NPFMntor[Caution: Executable File] O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan[Caution: Executable File] O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp[Caution: Executable File] O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: Executable File] O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc[Caution: Executable File] O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC[Caution: Executable File] Previously known as Monkeybeast0. Link to comment Share on other sites More sharing options...
weezcake Posted April 21, 2006 Share Posted April 21, 2006 Have you tried removing it in safe mode? ==================================Retired tip.it moderator.Teaching and inspiring. Link to comment Share on other sites More sharing options...
The_Avatar Posted April 22, 2006 Author Share Posted April 22, 2006 I have no idea how I would go about doing that could you explain? Previously known as Monkeybeast0. Link to comment Share on other sites More sharing options...
Rednax Posted April 22, 2006 Share Posted April 22, 2006 reboot, during the POST you should see an option like F8 for boot options. the F8 could be anything such as F12 or F2. If you tap that during the black screen you will get some options like safe mode, safe mode with command prompt, safe mode with networking. select the safe mode with networking. you need to have an administrator account to use this. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now