Results 1 to 5 of 5

Thread: Downloader-ayv

  1. #1
    Junior Member
    Join Date
    Dec 2006
    Posts
    2

    Default Downloader-ayv

    I need help to get rid of trojan "downloader-ayv". I already tried safe start (windows xp, I.E.7.0) without success. Spybot and McAffee are not able to delete. Is there a way to eliminate this trojan properly?

    Manfred

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,956

    Default

    Hello.

    In order for one of our helpers to make an analysis, please follow the procedure here "BEFORE you POST" -Preliminary Steps to produce a HJT log after you have done an on-line anti virus scan.

    Regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Junior Member
    Join Date
    Dec 2006
    Posts
    2

    Default Downloader-ayv

    So far I have done as requested:

    BitDefender Online Scanner - Real Time Virus Report

    Generated at: Fri, Dec 22, 2006 - 23:29:49

    --------------------------------------------------------------------------------


    Scan Info

    Scanned Files
    279226

    Infected Files
    0


    Virus Detected

    No virus found.

    --------------------------------------------------------------------------------
    This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.


    This is contrary to my McAffee-report, which detected trojan "downloader-ayv"


    And tis is what hijackthis says:

    Logfile of HijackThis v1.99.1
    Scan saved at 22:23:28, on 22.12.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\rmass.exe
    C:\WINDOWS\system32\rmass.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Programme\McAfee.com\VSO\mcvsshld.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Programme\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
    C:\Programme\AntiVir PersonalEdition Classic\sched.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
    C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
    C:\Programme\QuickTime\qttask.exe
    C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Programme\FRITZ!DSL\IGDCTRL.EXE
    C:\Programme\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programme\Gemeinsame Dateien\AOL\1165600933\ee\aolsoftware.exe
    C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\TEMP\tmp8.tmp
    c:\programme\mcafee.com\agent\mcdetect.exe
    C:\Programme\AOL 9.0\aoltray.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    C:\Programme\AOL 9.0\waol.exe
    C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe
    C:\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\programme\mcafee\spamkiller\mcapfbho.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar3.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [VirusScan Online] C:\Programme\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Programme\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [OASClnt] C:\Programme\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\AOL\1165600933\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe
    O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\programme\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\programme\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1166737422984
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{59A35BF6-FA22-4C46-BB01-B778CC7E97A5}: NameServer = 205.188.146.145
    O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Programme\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: {BC84DF00-BC38-9902-8082-6FCBF2D87A0B} - C:\WINDOWS\system32\RECOVER32.DLL
    O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL Privacy Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\GEMEIN~1\aol\AOLPRI~1\\aolserv.exe
    O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CreativeLicensing.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - The Firebird Project - C:\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programme\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programme\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe


    Any ideas what to do next?
    Regards,
    Manfred

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,956

    Default

    Hello and sorry for the wait.

    If you have not resolved the problem, we do have this sticky topic:

    If you have waited four days for advice post here.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  5. #5
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Hi

    Are you recieving help elswhere ?

    I assume its mcafee that see's downloader-ayv ?
    What is the file's name and where is it located ?

    Any other symtoms ?

    Do you have both mcafee antivirus and antivir antivirus installed ?
    ~~~~~~~~~~~~~~~~~~~~~~~
    Microsoft MVP Windows-Security 2006

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •