Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 09-23-2006, 02:36 AM   #1
Baseband Member
 
Join Date: Oct 2005
Posts: 25
Default Help! Cant get rid of trojan.. adw altnet.c

ok i cannot seem to get rid of this trojan (adw altnet.c and adw topsearch.a).

Im using trend micro pc-cillin and when i manually scan it wont detect. It will just occasionally detect on real-time scan. Ill quarantine, then delete, but it always comes back. I have adaware and spybot and they both dont detect it either.

For some reason my AV wont scan in safe mode. Anyone wanna lend a helping hand?

This is my log from hijackthis..

Logfile of HijackThis v1.99.1
Scan saved at 8:13:34 PM, on 9/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1154230833\ee\aolsoftware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\common files\aol\1154230833\ee\aim6.exe
C:\Documents and Settings\Dennis\Desktop\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe


TIA!
__________________

Neoz1 is offline   Reply With Quote
Old 09-23-2006, 02:56 AM   #2
Daemon Poster
 
Toby's Avatar
 
Join Date: Jan 2006
Posts: 1,028
Send a message via MSN to Toby Send a message via Yahoo to Toby
Default Re: Help! Cant get rid of trojan.. adw altnet.c

See if these get rid of them...


http://housecall.trendmicro.com/
www.pandasoftware.com/activescan/
www.bitdefender.com/scan8/ie.html
www.kaspersky.com/scanforvirus
www3.ca.com/virusinfo/virusscan.aspx
http://support.f-secure.com/enu/home/ols.shtml
www.thefreecountry.com/security/antivirus.shtml
__________________

__________________
Dell Inspiron 9400 Notebook 120GB 5400RPM SATA HDD, 500GB 7200RPM SATA External HDD, DVD+-RW, DVD+-RW External, Mobile Intel Calistoga i945PM, Intel Core 2 Duo 2.0 GhZ, 2GB DDR2-667MhZ Dual Channel SDRAM, Nvidia GeForce GO 7900 GS 256MB Single-Pipe.
TinyXP Rev05, PerfectDisk, TuneUp Utilities, Window Washer, Nod32, Bo-Clean, SuperAntiSpyware Pro, Spyware Blaster, Comodo Firewall Pro.
Toby is offline   Reply With Quote
Old 09-23-2006, 07:29 AM   #3
Golden Master
 
dude_se's Avatar
 
Join Date: Nov 2004
Posts: 8,632
Send a message via AIM to dude_se Send a message via MSN to dude_se
Default Re: Help! Cant get rid of trojan.. adw altnet.c

i would personally go a few of the above and then a good old format. ive found the best way of backing up is to create a new partition and put all your docs and stuff on there. atleast then you can be sure your pc is totally clean
__________________
Laptop spec: ASUS X53E, i5 2430m 2.4ghz, 3gb ram, 320gb hdd, intel hd graphics, usb 3.0
dude_se is offline   Reply With Quote
Old 09-24-2006, 03:50 PM   #4
Baseband Member
 
Join Date: Oct 2005
Posts: 25
Default Re: Help! Cant get rid of trojan.. adw altnet.c

ok ive treid all the above, but still no luck. Any other way to solve this?
Neoz1 is offline   Reply With Quote
Old 09-24-2006, 09:28 PM   #5
Daemon Poster
 
Toby's Avatar
 
Join Date: Jan 2006
Posts: 1,028
Send a message via MSN to Toby Send a message via Yahoo to Toby
Default Re: Help! Cant get rid of trojan.. adw altnet.c

http://www.emsisoft.com/en/malware/?...32.TopSearch.a
http://www.emsisoft.com/en/software/free/
http://www.webroot.com/
http://www.pctools.com/
http://www.ewido.net/

Give them a try.
__________________
Dell Inspiron 9400 Notebook 120GB 5400RPM SATA HDD, 500GB 7200RPM SATA External HDD, DVD+-RW, DVD+-RW External, Mobile Intel Calistoga i945PM, Intel Core 2 Duo 2.0 GhZ, 2GB DDR2-667MhZ Dual Channel SDRAM, Nvidia GeForce GO 7900 GS 256MB Single-Pipe.
TinyXP Rev05, PerfectDisk, TuneUp Utilities, Window Washer, Nod32, Bo-Clean, SuperAntiSpyware Pro, Spyware Blaster, Comodo Firewall Pro.
Toby is offline   Reply With Quote
Old 09-25-2006, 03:25 AM   #6
Baseband Member
 
Join Date: Oct 2005
Posts: 25
Default Re: Help! Cant get rid of trojan.. adw altnet.c

http://www.emsisoft.com/en/software/free/

This one did it! Thanks toby!
Neoz1 is offline   Reply With Quote
Old 09-25-2006, 03:26 AM   #7
Daemon Poster
 
Toby's Avatar
 
Join Date: Jan 2006
Posts: 1,028
Send a message via MSN to Toby Send a message via Yahoo to Toby
Default Re: Help! Cant get rid of trojan.. adw altnet.c

No worries,

Anytime.
__________________

__________________
Dell Inspiron 9400 Notebook 120GB 5400RPM SATA HDD, 500GB 7200RPM SATA External HDD, DVD+-RW, DVD+-RW External, Mobile Intel Calistoga i945PM, Intel Core 2 Duo 2.0 GhZ, 2GB DDR2-667MhZ Dual Channel SDRAM, Nvidia GeForce GO 7900 GS 256MB Single-Pipe.
TinyXP Rev05, PerfectDisk, TuneUp Utilities, Window Washer, Nod32, Bo-Clean, SuperAntiSpyware Pro, Spyware Blaster, Comodo Firewall Pro.
Toby is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 06:58 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0