infected with Trojan downloader

P

Patrick000

New member
Can you help me clean my machine?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:38 PM, on 8/21/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MsgSys.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Patrick\Application Data\mjusbsp\magicJack.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_15\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Patrick\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [Advanced Uninstaller PRO Installation Monitor] "C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO - Version 9\monitor.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - Startup: taskmgr.lnk = C:\WINDOWS\system32\taskmgr.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_15\bin\npjpi150_15.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_15\bin\npjpi150_15.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

--
End of file - 3023 bytes


***************************
Kaspersky:


Scan statistics
Files scanned 2505
Threat name 4
Infected objects 6
Suspicious objects 0
Duration of the scan 01:45:54

File name Threat name Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\031C0000.VBN Infected: Trojan-Dropper.Win32.Agent.vkz 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\031C0002.VBN Infected: Trojan.Win32.BHO.gcr 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\031C0004.VBN Infected: Trojan.Win32.BHO.gcr 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\031C0006.VBN Infected: Trojan.Win32.BHO.gcr 1
C:\Documents and Settings\Patrick\Local Settings\Temp\.ttF.tmp Infected: Trojan.Win32.Agent.zrd 1
C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\scan[1].exe Infected: Trojan-Downloader.Win32.Small.aafy 1
The scan was stopped by the user.

Thank you.

Thanks in advance for your help.
 
Last edited by a moderator:
what should I do now?

Yes it is a corp machine. I installed the latest Java that will run on windows 2000. I do not want to install SP2.

What steps do I take now, with my machine as you see it, to remove the viruses?

Thank you.
 
repair needed

Tashi,

This is my own computer at home for my own small business, which I also use
for personal use. There is no IT department.

So, will you please provide me with the fixes so I can get my machine running again?

I have used spybot for several years.

Thank you.
 
Hello,
Patrick000 said:
What are the steps I need to take to fix this?
Thanks.
Click to expand...

tashi said:
Please wait for a helper, also see: Post here if still waiting for help in the Malware Forum, (AFTER) FOUR days

Regards.
Click to expand...

Patrick000 said:
How do you fix the problem above?
Thanks.
Click to expand...

Patrick000 said:
I've been patiently waiting. What's the fix?
Thanks.
Click to expand...

I wonder why you believe that posting the same thing to your own topic will draw any helpers here.

They are volunteers and this is not a shop. :cowboy:

Post here if still waiting for help in the Malware Forum, (AFTER) FOUR days

Regards.
 
Just trying to get help

hashi,

Just trying to get help that's all.
I will post in the other forum you mention. You guys have helped me in the past. Keep up the good work.
 
Last edited by a moderator:
You must log in or register to reply here.
Back
Top