Results 1 to 6 of 6

Thread: malicious?

  1. #1
    Junior Member
    Join Date
    Jul 2006
    Posts
    3

    Default malicious?

    HJT log.
    Can someone help me out here an tell me weather anything looks sus, that BHO ssvhelper is what worries me.

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
    C:\WINDOWS\Logi_MwX.Exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\CTHELPER.EXE
    C:\Program Files\ICQPlus\vplus.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
    D:\program files\gapa\gapa.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\ICQ\ICQ.exe
    D:\mIRC6.16\anaconda\Anaconda\mirc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    D:\program files\hijack\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [OfficeGuard RegChecker] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe"
    O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\ICQNet.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKCU\..\Run: [ICQ Plus] "C:\Program Files\ICQPlus\vplus.exe"
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\RunOnce: [ICQ] C:\Program Files\ICQ\ICQ.exe -trayboot
    O4 - Startup: Shortcut to gapa.lnk = D:\program files\gapa\gapa.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O17 - HKLM\System\CCS\Services\Tcpip\..\{834A63EE-0276-47F2-9E1D-71412E8AF39B}: NameServer = 192.168.1.1
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /service (file missing)
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe" /service (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

  2. #2
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,252

    Default

    Hello and welcome to the forum. MessengerPlus would worry me more:
    http://chooseknowledge.com/How-to-un...enger-Plus.htm Installed with sponsor programs it can be a real pain, so I wonder about the folks who provide it.

    Here is the Google on the CLSID of the BHO you asked about:
    http://www.castlecops.com/tk26190-SSVHelper_Class.html

    You have cut off the first four lines of the HJT log, if you want me to look more, provide a complete HJT log run in normal mode with everything enabled in MSConfig.

    Thanks...pskelley
    Safer Networking Forums

  3. #3
    Junior Member
    Join Date
    Jul 2006
    Posts
    3

    Default :)

    Logfile of HijackThis v1.99.1
    Scan saved at 12:51:52 PM, on 7/2/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Is the other 4 lines.
    i didnt think it was important so i didnt add it.
    Messenger plus wasnt installed with the sponsers, i refused
    I just was wondering if the BHO was something i needed to worry about ?
    Im still unclear from that page you posted.
    Is it just related to java, and i dont need to worry about it ?
    Thanks in advanced

  4. #4
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,252

    Default

    Thanks for returning that information. Without it we can not tell if the HJT version is up to date, we do not know if Windows Service Packs are up to date, along with the browser (criticals)

    That BHO started showing in one of the recent updates of Java and is nothing to worry about. Since some really nasty trojans have been accessing computer through outdated Java (Vundo for one) it is best to keep it very current and I notice you need an update that just was released:
    http://forums.spybot.info/showpost.p...80&postcount=2

    This: D:\program files\gapa\gapa.exe is it a valid program?

    I am showing this one as questionable: D:\mIRC6.16\anaconda\Anaconda\mirc.exe
    Here is the Google: http://www.google.com/search?sourcei...n&q=mirc%2Eexe
    You can see all of the optional information. Our tool only tells us it MAY be a problem.

    Here are free online scanners you can use to find out if you are unsure:
    http://virusscan.jotti.org/
    http://www.kaspersky.com/scanforvirus
    http://www.virustotal.com/flash/index_en.html

    The balance of the HJT log looks fine, here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
    http://boards.cexx.org/viewtopic.php?t=957
    http://russelltexas.com/malware/allclear.htm
    http://forum.malwareremoval.com/viewtopic.php?t=14
    http://www.bleepingcomputer.com/forums/topict2520.html
    http://cybercoyote.org/security/not-admin.shtml

    Let me know if there is more I can do.

    Thanks...pskelley
    Safer Networking Forums
    http://www.spybot.info/en/donate/index.html
    If you are reading this information...thank a teacher,
    If you are reading it in English...thank a soldier.

  5. #5
    Junior Member
    Join Date
    Jul 2006
    Posts
    3

    Default :)

    Thanks very much for all the info, you have been very very helpful.
    The gapa is a gamma program i use that has hotkeys but poses no risk.
    Anaconda is a script that is loaded in mirc which i downloaded, also poses no risk aswell.

    I have just updated to the new java and also installed spyblaster just to be on the safe side of things, i use kaspersky as my avp and it is always updated.

    I use a firewall and nat and hardware firewall, i also use firefox as my browser, i use spybot every week to make sure there is nothing sus, so hopully i have covered most things here :P

    Thanks for the quick reply you guys are doing a fantastic job and im sure everyone is thank full for you being here.

  6. #6
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,457

    Default

    As the problem appears to be resolved this topic will be archived.

    If you need it re-opened please send me a private message (pm) and provide a link to the thread.

    Cheers.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •