Page 2 of 2 FirstFirst 12
Results 11 to 16 of 16

Thread: I have several trojans, please help.

  1. #11
    Junior Member
    Join Date
    Nov 2008
    Posts
    14

    Default

    Results for explorer.exe




    Antivirus Version Last Update Result
    a-squared 4.0.0.101 2009.03.18 Trojan.Win32.Patched!IK
    AhnLab-V3 5.0.0.2 2009.03.18 -
    AntiVir 7.9.0.116 2009.03.17 -
    Authentium 5.1.0.4 2009.03.17 -
    Avast 4.8.1335.0 2009.03.17 -
    AVG 8.0.0.237 2009.03.17 -
    BitDefender 7.2 2009.03.18 -
    CAT-QuickHeal 10.00 2009.03.18 -
    ClamAV 0.94.1 2009.03.18 -
    Comodo 1062 2009.03.17 -
    DrWeb 4.44.0.09170 2009.03.18 -
    eSafe 7.0.17.0 2009.03.17 -
    eTrust-Vet None 2009.03.09 -
    F-Prot 4.4.4.56 2009.03.17 -
    F-Secure 8.0.14470.0 2009.03.18 -
    Fortinet 3.117.0.0 2009.03.18 -
    GData 19 2009.03.18 -
    Ikarus T3.1.1.45.0 2009.03.18 Trojan.Win32.Patched
    K7AntiVirus 7.10.674 2009.03.17 -
    Kaspersky 7.0.0.125 2009.03.18 -
    McAfee 5556 2009.03.17 -
    McAfee+Artemis 5556 2009.03.17 -
    McAfee-GW-Edition 6.7.6 2009.03.17 -
    Microsoft 1.4502 2009.03.17 -
    NOD32 3944 2009.03.17 -
    Norman 6.00.06 2009.03.17 -
    nProtect 2009.1.8.0 2009.03.18 -
    Panda 10.0.0.10 2009.03.18 -
    PCTools 4.4.2.0 2009.03.17 -
    Prevx1 V2 2009.03.18 -
    Rising 21.21.20.00 2009.03.18 -
    Sophos 4.39.0 2009.03.18 -
    Sunbelt 3.2.1858.2 2009.03.18 -
    Symantec 1.4.4.12 2009.03.18 -
    TheHacker 6.3.3.0.283 2009.03.16 -
    TrendMicro 8.700.0.1004 2009.03.18 -
    VBA32 3.12.10.1 2009.03.17 -
    ViRobot 2009.3.18.1653 2009.03.18 -
    VirusBuster 4.6.5.0 2009.03.17 -
    Additional information
    File size: 1033728 bytes
    MD5...: 5a4d8cc07e31b75a8faa2ca71a891227
    SHA1..: 1dbcc4d7e82ec73a768c1c4a13ca88630e51b336
    SHA256: a7bfcbf62d13f1de18bb4f24b64a581113c58c4650feddb3cb226e1d4be65ea1
    SHA512: c44efc217147b56736de049573f78559354a580bb2880321b503226eea5ff608
    b92edb911c2b9f717da0dfac3944502cacf6ff7af35dd691f5355b6c986e7fde
    ssdeep: 12288:RHmcoCUyZtwAvAs4wTCyrPTloHWYUrkf8w0Vnzac1/g/J/vMS:lmfty/wA
    vN7lrvbkf8w0VnH1/g/J/k

    PEiD..: -
    TrID..: File type identification
    Generic Win/DOS Executable (49.9%)
    DOS Executable Generic (49.8%)
    Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x1a55f
    timedatestamp.....: 0x48025c30 (Sun Apr 13 19:17:04 2008)
    machinetype.......: 0x14c (I386)

    ( 4 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0x44c09 0x44e00 6.38 fd89c9ce334764ffdbb62637ad9b5809
    .data 0x46000 0x1db4 0x1800 1.30 983f35021232560eaaa99fcbc1b7d359
    .rsrc 0x48000 0xb2268 0xb2400 6.63 95339c37646fa93e3695e06572a21889
    .reloc 0xfb000 0x3800 0x3800 6.78 ec335057489badbf6d8142b57175fd91

    ( 13 imports )
    > ADVAPI32.dll: RegSetValueW, RegEnumKeyExW, GetUserNameW, RegNotifyChangeKeyValue, RegEnumValueW, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyW, RegCloseKey, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, RegDeleteValueW, RegQueryValueW
    > BROWSEUI.dll: -, -, -, -
    > GDI32.dll: GetStockObject, CreatePatternBrush, OffsetViewportOrgEx, GetLayout, CombineRgn, CreateDIBSection, GetTextExtentPoint32W, StretchBlt, CreateRectRgnIndirect, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, PatBlt, GetBkColor, CreateCompatibleDC, CreateCompatibleBitmap, OffsetWindowOrgEx, DeleteDC, SetBkColor, BitBlt, ExtTextOutW, GetTextExtentPointW, GetClipBox, GetObjectW, SetTextColor, SetBkMode, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SelectObject, GetDeviceCaps, TranslateCharsetInfo, SetStretchBltMode
    > KERNEL32.dll: GetSystemDirectoryW, CreateThread, CreateJobObjectW, ExitProcess, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, SetPriorityClass, GetCurrentProcess, GetStartupInfoW, GetCommandLineW, SetErrorMode, LeaveCriticalSection, EnterCriticalSection, ResetEvent, LoadLibraryExA, CompareFileTime, GetSystemTimeAsFileTime, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetUserDefaultLangID, Sleep, GetBinaryTypeW, GetModuleHandleExW, SystemTimeToFileTime, GetLocalTime, GetCurrentProcessId, GetEnvironmentVariableW, UnregisterWait, GlobalGetAtomNameW, GetFileAttributesW, MoveFileW, lstrcmpW, LoadLibraryExW, FindClose, FindNextFileW, FindFirstFileW, lstrcmpiA, SetEvent, AssignProcessToJobObject, GetDateFormatW, GetTimeFormatW, FlushInstructionCache, lstrcpynW, GetSystemWindowsDirectoryW, SetLastError, GetProcessHeap, HeapFree, HeapReAlloc, HeapSize, HeapAlloc, GetUserDefaultLCID, ReadProcessMemory, OpenProcess, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, UnhandledExceptionFilter, SetUnhandledExceptionFilter, VirtualFree, VirtualAlloc, ResumeThread, TerminateProcess, TerminateThread, GetSystemDefaultLCID, GetLocaleInfoW, CreateEventW, GetLastError, OpenEventW, DelayLoadFailureHook, WaitForSingleObject, GetTickCount, ExpandEnvironmentStringsW, GetModuleFileNameW, GetPrivateProfileStringW, lstrcmpiW, CreateProcessW, FreeLibrary, GetWindowsDirectoryW, LocalAlloc, CreateFileW, DeviceIoControl, LocalFree, GetQueuedCompletionStatus, CreateIoCompletionPort, SetInformationJobObject, CloseHandle, LoadLibraryW, GetModuleHandleW, ActivateActCtx, DeactivateActCtx, GetFileAttributesExW, GetProcAddress, DeleteCriticalSection, CreateEventA, HeapDestroy, InitializeCriticalSection, MulDiv, InitializeCriticalSectionAndSpinCount, lstrlenW, InterlockedDecrement, InterlockedIncrement, GlobalAlloc, InterlockedExchange, GetModuleHandleA, GetVersionExA, GlobalFree, GetProcessTimes, lstrcpyW, GetLongPathNameW, RegisterWaitForSingleObject
    > msvcrt.dll: _itow, free, memmove, realloc, _except_handler3, malloc, _ftol, _vsnwprintf
    > ntdll.dll: RtlNtStatusToDosError, NtQueryInformationProcess
    > ole32.dll: CoFreeUnusedLibraries, RegisterDragDrop, CreateBindCtx, RevokeDragDrop, CoInitializeEx, CoUninitialize, OleInitialize, CoRevokeClassObject, CoRegisterClassObject, CoMarshalInterThreadInterfaceInStream, CoCreateInstance, OleUninitialize, DoDragDrop
    > OLEAUT32.dll: -, -
    > SHDOCVW.dll: -, -, -
    > SHELL32.dll: -, -, SHGetFolderPathW, -, -, -, -, -, ExtractIconExW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHGetSpecialFolderLocation, ShellExecuteExW, -, -, -, SHGetSpecialFolderPathW, -, -, -, SHBindToParent, -, -, -, SHParseDisplayName, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHChangeNotify, SHGetDesktopFolder, SHAddToRecentDocs, -, -, -, DuplicateIcon, -, -, -, -, -, -, -, -, SHUpdateRecycleBinIcon, SHGetFolderLocation, SHGetPathFromIDListA, -, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, -
    > SHLWAPI.dll: StrCpyNW, -, -, -, -, StrRetToBufW, StrRetToStrW, -, -, -, -, SHQueryValueExW, PathIsNetworkPathW, -, AssocCreate, -, -, -, -, -, StrCatW, StrCpyW, -, -, -, -, -, -, SHGetValueW, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, PathFindFileNameW, StrStrIW, PathGetArgsW, -, StrToIntW, SHRegGetBoolUSValueW, SHRegWriteUSValueW, SHRegCloseUSKey, SHRegCreateUSKeyW, SHRegGetUSValueW, SHSetValueW, -, PathAppendW, PathUnquoteSpacesW, -, -, PathQuoteSpacesW, -, SHSetThreadRef, SHCreateThreadRef, -, -, -, PathCombineW, -, -, -, SHStrDupW, PathIsPrefixW, PathParseIconLocationW, AssocQueryKeyW, -, AssocQueryStringW, StrCmpW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, SHRegSetUSValueW, PathIsDirectoryW, PathFileExistsW, PathGetDriveNumberW, -, StrChrW, PathFindExtensionW, -, -, PathRemoveFileSpecW, PathStripToRootW, -, -, -, SHOpenRegStream2W, -, -, -, StrDupW, SHDeleteValueW, StrCatBuffW, SHDeleteKeyW, StrCmpIW, -, -, wnsprintfW, -, -, StrCmpNW, -, -
    > USER32.dll: TileWindows, GetDoubleClickTime, GetSystemMetrics, GetSysColorBrush, AllowSetForegroundWindow, LoadMenuW, GetSubMenu, RemoveMenu, SetParent, GetMessagePos, CheckDlgButton, EnableWindow, GetDlgItemInt, SetDlgItemInt, CopyIcon, AdjustWindowRectEx, DrawFocusRect, DrawEdge, ExitWindowsEx, WindowFromPoint, SetRect, AppendMenuW, LoadAcceleratorsW, LoadBitmapW, SendNotifyMessageW, SetWindowPlacement, CheckMenuItem, EndDialog, SendDlgItemMessageW, MessageBeep, GetActiveWindow, PostQuitMessage, MoveWindow, GetDlgItem, RemovePropW, GetClassNameW, GetDCEx, SetCursorPos, ChildWindowFromPoint, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, SendMessageTimeoutW, GetWindowPlacement, LoadImageW, SetWindowRgn, IntersectRect, OffsetRect, EnumDisplayMonitors, RedrawWindow, SubtractRect, TranslateAcceleratorW, WaitMessage, InflateRect, CallWindowProcW, GetDlgCtrlID, SetCapture, LockSetForegroundWindow, SystemParametersInfoW, FindWindowW, CreatePopupMenu, GetMenuDefaultItem, DestroyMenu, GetShellWindow, EnumChildWindows, GetWindowLongW, SendMessageW, RegisterWindowMessageW, GetKeyState, CopyRect, MonitorFromRect, MonitorFromPoint, RegisterClassW, SetPropW, GetWindowLongA, SetWindowLongW, FillRect, GetCursorPos, MessageBoxW, LoadStringW, ReleaseDC, GetDC, EnumDisplaySettingsExW, EnumDisplayDevicesW, PostMessageW, DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW, PtInRect, BeginPaint, EndPaint, SetWindowTextW, GetAsyncKeyState, InvalidateRect, GetWindow, ShowWindowAsync, TrackPopupMenuEx, UpdateWindow, DestroyIcon, IsRectEmpty, SetActiveWindow, GetSysColor, DrawTextW, IsHungAppWindow, SetTimer, GetMenuItemID, TrackPopupMenu, EndTask, SendMessageCallbackW, GetClassLongW, LoadIconW, OpenInputDesktop, CloseDesktop, SetScrollPos, ShowWindow, BringWindowToTop, GetDesktopWindow, CascadeWindows, CharUpperBuffW, SwitchToThisWindow, InternalGetWindowText, GetScrollInfo, GetMenuItemCount, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, CharNextA, RegisterClipboardFormatW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, PrintWindow, SetClassLongW, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, ChildWindowFromPointEx, IsChild, NotifyWinEvent, TrackMouseEvent, GetCapture, GetAncestor, CharUpperW, SetWindowLongA, DrawCaption, ModifyMenuW, InsertMenuW, IsWindowEnabled, GetMenuState, LoadCursorW, GetParent, IsDlgButtonChecked, DestroyWindow, EnumWindows, IsWindowVisible, GetClientRect, UnionRect, EqualRect, GetWindowThreadProcessId, GetForegroundWindow, KillTimer, GetClassInfoExW, DefWindowProcW, RegisterClassExW, GetIconInfo, SetScrollInfo, GetLastActivePopup, SetForegroundWindow, IsWindow, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, SetMenuDefaultItem, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, GetFocus, SetFocus, MapWindowPoints, ScreenToClient, ClientToScreen, GetWindowRect, SetWindowPos, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharNextW
    > UxTheme.dll: GetThemeBackgroundContentRect, GetThemeBool, GetThemePartSize, DrawThemeParentBackground, OpenThemeData, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, CloseThemeData, SetWindowTheme, GetThemeBackgroundRegion, -, GetThemeMargins, GetThemeColor, GetThemeFont, GetThemeRect, IsAppThemed

    ( 0 exports )

  2. #12
    Junior Member
    Join Date
    Nov 2008
    Posts
    14

    Default

    While I was navigating to C:\Windows\system32\ McAfee was showing many popups saying at least 20 + file were cleaned and it was reported as W32 Virut.n.gen Virus. Hopefully this info will help.

    Thanks.

  3. #13
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    While I was navigating to C:\Windows\system32\ McAfee was showing many popups saying at least 20 + file were cleaned and it was reported as W32 Virut.n.gen Virus. Hopefully this info will help.
    Yes, that will definitely help. Unfortunately, you probably won't like what I'm going to tell you.

    Virut is file infector and system infected with it can be only reformatted.

    You may use external usb drive (if you own one) for backuping after you've first made sure it doesn't carry Virut.

    1. Download Flash_Disinfector and save it to your Desktop of your clean system.
    2. After downloading, double-click on Flash_Disinfector to run it.
    3. Just follow the prompts and continue until it begin scanning.
    4. If asked to insert your flash drive or any removable device including USB Pen Drive and Memory Stick, please do so.
    5. It will scan removable drives, wait for the scan to finish. Done.

    After that run Kaspersky Online Scanner on clean machine to check your USB drive.

    If Kaspersky doesn't find anything bad on USB drive then you can use it to backup stuff from infected system keeping in mind that these filetypes are not allowed:
    -.exe
    -.scr
    -all web page files (.htm, .html, .asp, .aspx etc.)
    -archived files (.zip & .rar) with any of above mentioned file types inside
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  4. #14
    Junior Member
    Join Date
    Nov 2008
    Posts
    14

    Default

    Hello,

    Now I'm having trouble trying to Boot from the CD Drive to try to format and reinstall XP Pro. Do you think the Virus is affecting the computer to prevent the reinstallation?

  5. #15
    Junior Member
    Join Date
    Nov 2008
    Posts
    14

    Default

    Hello Blade81,

    Well, I was finally able to format the HD using the 6 floppy disk method of installing a new OS, and I'm finally clean. Thanks for taking your time to look over my Hijackthis log.

    Take care,

    Skull001

  6. #16
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Since this issue appears to be resolved ... this Topic has been closed.

    Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

    If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •