Results 1 to 10 of 10

Thread: Possible trojan banker

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. 2010-05-01, 09:39 #1
    Tecolote
    Tecolote is offline
    Translator Team Tecolote's Avatar
    Join Date
    Nov 2005
    Location
    Goiânia, Goiás, Brasil
    Posts
    40

    Default Possible trojan banker

    Hi,

    My pc is behaving awry and i believe it's a trojan banker. I may be wrong regarding the "species", but i'm sure it's infected. Can you help me?

    First i want to warn you of a cople of things (i hope they are irrelevant): i didn't install DDS to the desktop to keep it clean; instead, i installed it in the c:\Arquivos de Programas folder (the Program Files folder in this XP translation). Is that ok?

    Second, when i made the backup of the registry, i checked the "Current User Registry" box... Sorry. Is that ok too?

    I am attaching the larger txt log of DDS, as instructed by the program...

    Thank you!

    The DDS log:


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Pablo Mello at 4:06:43,45 on s*b 01/05/2010
    Internet Explorer: 6.0.2900.2180
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.55.1046.18.511.327 [GMT -3:00]


    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\WService.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Arquivos de programas\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\Drivers\WTSRV.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
    C:\Arquivos de programas\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com.br/
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\lib\deploy\jqs\ie\jqs_plugin.dll
    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    mRun: [WService] WService.EXE
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [SunJavaUpdateSched] "c:\arquivos de programas\arquivos comuns\java\java update\jusched.exe"
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Hosts: 127.0.0.1 www.spywareinfo.com

    ============= SERVICES / DRIVERS ===============


    =============== Created Last 30 ================

    2010-05-01 06:35:32 525824 ----a-w- c:\arquivos de programas\dds.scr
    2010-05-01 06:34:40 791393 ----a-w- c:\arquivos de programas\erunt-setup.exe
    2010-04-29 22:06:20 1150 ----a-w- c:\windows\favicon-vfl147246[1].ico
    2010-04-29 22:05:41 1150 ----a-w- c:\windows\favicon[1].ico
    2010-04-25 19:49:50 305152 ----a-w- c:\windows\IsUninst.exe
    2010-04-25 19:49:49 0 d-----w- c:\documents and settings\pablo mello\WINDOWS
    2010-04-25 19:44:20 5455526 ----a-w- c:\arquivos de programas\acrobat_reader_40eng.exe
    2010-04-25 19:14:19 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
    2010-04-25 19:14:19 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
    2010-04-25 19:14:19 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
    2010-04-25 19:14:19 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX
    2010-04-25 19:14:16 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
    2010-04-25 19:14:16 0 d-----w- c:\arquivos de programas\PDFCreator
    2010-04-25 19:11:40 17776464 ----a-w- c:\arquivos de programas\PDFCreator-0_9_9_setup.exe
    2010-04-25 18:53:58 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-04-25 18:53:58 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-04-25 18:53:53 0 d-----w- c:\arquivos de programas\lib
    2010-04-25 18:53:51 0 d-----w- c:\arquivos de programas\bin
    2010-04-25 18:01:29 0 d-----w- c:\arquivos de programas\GENIUS TABLET
    2010-04-25 18:01:22 583 ----a-w- c:\windows\SETUPEXT.INF
    2010-04-25 18:01:22 315392 ----a-w- c:\windows\SETUPX32.EXE
    2010-04-25 17:58:36 0 d-----w- c:\arquivos de programas\C-Media 3D Audio
    2010-04-25 17:54:22 0 d-----w- c:\arquivos de programas\arquivos comuns\InstallShield
    2010-04-25 17:53:51 0 d-----w- c:\arquivos de programas\NVIDIA
    2010-04-25 17:39:03 0 d-sh--w- c:\documents and settings\all users\DRM
    2010-04-25 17:38:44 0 d--h--w- c:\arquivos de programas\WindowsUpdate
    2010-04-25 17:38:40 0 d-----w- c:\arquivos de programas\Serviços on-line
    2010-04-25 17:38:04 0 d-----w- c:\arquivos de programas\arquivos comuns\Serviços
    2010-04-25 17:38:01 0 d-----w- c:\arquivos de programas\arquivos comuns\MSSoap
    2010-04-25 17:36:39 0 d-----w- c:\arquivos de programas\Messenger
    2010-04-25 17:36:36 0 d-----w- c:\arquivos de programas\MSN Gaming Zone
    2010-04-25 17:36:16 0 d-----w- c:\arquivos de programas\Windows NT
    2010-04-25 13:27:10 0 d-----w- c:\arquivos de programas\arquivos comuns\ODBC
    2010-04-25 13:27:07 0 d-----w- c:\arquivos de programas\arquivos comuns\SpeechEngines
    2010-04-25 13:26:44 0 d--h--w- c:\documents and settings\all users\Modelos
    2010-04-25 13:26:44 0 d-----w- c:\documents and settings\all users\Favoritos
    2010-04-25 13:26:44 0 d-----r- c:\documents and settings\all users\Menu Iniciar
    2010-04-25 13:26:44 0 d-----r- c:\documents and settings\all users\Documentos
    2010-04-25 13:26:25 0 d--h--r- c:\documents and settings\all users\Dados de aplicativos

    ==================== Find3M ====================

    2010-05-01 06:43:42 48846 ----a-w- c:\windows\system32\perfc016.dat
    2010-05-01 06:43:42 344734 ----a-w- c:\windows\system32\perfh016.dat
    2010-04-25 18:53:52 994 ----a-w- c:\arquivos de programas\Welcome.html
    2010-04-25 18:53:52 3841 ----a-w- c:\arquivos de programas\COPYRIGHT
    2010-04-25 18:53:52 186655 ----a-w- c:\arquivos de programas\THIRDPARTYLICENSEREADME.txt
    2010-04-25 18:53:52 16282 ----a-w- c:\arquivos de programas\README.txt
    2010-04-25 18:53:52 12981 ----a-w- c:\arquivos de programas\LICENSE
    2010-04-25 17:37:32 21844 ----a-w- c:\windows\system32\emptyregdb.dat
    2005-01-25 02:53:38 16409960 ----a-w- c:\arquivos de programas\spybotsd162.exe
    2001-11-23 04:08:20 712704 ----a-r- c:\windows\inf\other\AUDIO3D.DLL

    ============= FINISH: 4:07:02,46 ===============
    Attached Files Attached Files
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules