ltavr
2008-05-31, 03:43
Hi guys,
Hi guys,
A friend of mine told me about your forum after a couple of days trying to solve this without success.
I have this OVH server that runs Windows 2003 Server SP1. I never felt the need to install any AV software in my previous servers. i usually only install Spybot to remove minor common nuisances and I also rely on Windows Firewall.
I don't usually browse the net through the server and I'm not downloading or executing applications directly downloaded from the net without first checking them on my home PC. This time I did that mistake... and I'm paying big time.
My server is a total mess. I can't even access the net cause a lot of applications including IE and Firefox don't open. IE opens but closes immediatelly after that without even showing the home page. I'm used to Bulletproof FTP server ( "Access violation at address 003DFFFB. Read of address 003DFFFB" ) and FlashFXP but I doesn't work also so I can't send anything from my home PC.
Fortunatelly, Hijackthis manages to run ( I sent it to my Server before BulletProof stopped working ). This is the current log it gives me:
Logfile of HijackThis v1.99.1
Scan saved at 12:59:32 PM, on 5/30/2008
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\copssh\bin\cygrunsrv.exe
C:\Program Files\copssh\bin\sshd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://google.com/
O2 - BHO: (no name) - {06E12C36-760F-4D92-8509-5E5DBF12C423} - C:\WINDOWS\system32\fccCRjhH.dll
O2 - BHO: {f3ded546-772b-ec4b-6044-ea44dc881fe3} - {3ef188cd-44ae-4406-b4ce-b277645ded3f} - C:\WINDOWS\system32\kcmybybx.dll
O2 - BHO: (no name) - {B41CF27D-01D0-4A5C-98BA-4A58A28C3E37} - C:\WINDOWS\system32\vtUnnkkK.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [f873e32b] rundll32.exe "C:\WINDOWS\system32\pteyaevj.dll",b
O4 - HKLM\..\Run: [BMfb40d0b7] Rundll32.exe "C:\WINDOWS\system32\yquoossm.dll",s
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149752800553
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A2BDFF3-C114-4C4E-B7B0-7426644239A8}: NameServer = 10.48.100.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{8802DDAB-18B4-412C-9395-A22DD8F74F0B}: NameServer = 10.48.100.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1F056F8-2F80-4496-B66D-6348B45BFAFF}: NameServer = 10.48.100.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{C686F0B6-F4C8-4BA4-8DC1-97EC2058202B}: NameServer = 10.48.100.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA8ED4EC-0D15-4DED-8C33-73E10268CE1B}: NameServer = 10.48.100.2
O20 - Winlogon Notify: fccCRjhH - C:\WINDOWS\SYSTEM32\fccCRjhH.dll
O23 - Service: Openssh SSHD (copSSHD) - Unknown owner - C:\Program Files\copssh\bin\cygrunsrv.exe
I have this server for 4 days now... I never got to use it. OVH doesn't seem to provide any assistance in a situation like this. I already contacted them 2 days ago.
I know it was my fault... I had a leaseweb server and I never had any problems cause I never downloaded anything and then opened it on the server. It was so stupid...
I spent the last couple of days googling like crazy to try and fix this but I simply don't have the skills to do it. I know this is my first post here and I wouldn't immediatelly ask for something if I wasn't desperate.
Many thanks in advance for any help you might give me on this.
Cheers.
[I]Edit. Topic: http://forum.hijackthis.de/showthread.php?t=31045
Hi guys,
A friend of mine told me about your forum after a couple of days trying to solve this without success.
I have this OVH server that runs Windows 2003 Server SP1. I never felt the need to install any AV software in my previous servers. i usually only install Spybot to remove minor common nuisances and I also rely on Windows Firewall.
I don't usually browse the net through the server and I'm not downloading or executing applications directly downloaded from the net without first checking them on my home PC. This time I did that mistake... and I'm paying big time.
My server is a total mess. I can't even access the net cause a lot of applications including IE and Firefox don't open. IE opens but closes immediatelly after that without even showing the home page. I'm used to Bulletproof FTP server ( "Access violation at address 003DFFFB. Read of address 003DFFFB" ) and FlashFXP but I doesn't work also so I can't send anything from my home PC.
Fortunatelly, Hijackthis manages to run ( I sent it to my Server before BulletProof stopped working ). This is the current log it gives me:
Logfile of HijackThis v1.99.1
Scan saved at 12:59:32 PM, on 5/30/2008
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\copssh\bin\cygrunsrv.exe
C:\Program Files\copssh\bin\sshd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://google.com/
O2 - BHO: (no name) - {06E12C36-760F-4D92-8509-5E5DBF12C423} - C:\WINDOWS\system32\fccCRjhH.dll
O2 - BHO: {f3ded546-772b-ec4b-6044-ea44dc881fe3} - {3ef188cd-44ae-4406-b4ce-b277645ded3f} - C:\WINDOWS\system32\kcmybybx.dll
O2 - BHO: (no name) - {B41CF27D-01D0-4A5C-98BA-4A58A28C3E37} - C:\WINDOWS\system32\vtUnnkkK.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [f873e32b] rundll32.exe "C:\WINDOWS\system32\pteyaevj.dll",b
O4 - HKLM\..\Run: [BMfb40d0b7] Rundll32.exe "C:\WINDOWS\system32\yquoossm.dll",s
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149752800553
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A2BDFF3-C114-4C4E-B7B0-7426644239A8}: NameServer = 10.48.100.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{8802DDAB-18B4-412C-9395-A22DD8F74F0B}: NameServer = 10.48.100.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1F056F8-2F80-4496-B66D-6348B45BFAFF}: NameServer = 10.48.100.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{C686F0B6-F4C8-4BA4-8DC1-97EC2058202B}: NameServer = 10.48.100.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA8ED4EC-0D15-4DED-8C33-73E10268CE1B}: NameServer = 10.48.100.2
O20 - Winlogon Notify: fccCRjhH - C:\WINDOWS\SYSTEM32\fccCRjhH.dll
O23 - Service: Openssh SSHD (copSSHD) - Unknown owner - C:\Program Files\copssh\bin\cygrunsrv.exe
I have this server for 4 days now... I never got to use it. OVH doesn't seem to provide any assistance in a situation like this. I already contacted them 2 days ago.
I know it was my fault... I had a leaseweb server and I never had any problems cause I never downloaded anything and then opened it on the server. It was so stupid...
I spent the last couple of days googling like crazy to try and fix this but I simply don't have the skills to do it. I know this is my first post here and I wouldn't immediatelly ask for something if I wasn't desperate.
Many thanks in advance for any help you might give me on this.
Cheers.
[I]Edit. Topic: http://forum.hijackthis.de/showthread.php?t=31045