Go Back   Computer Forums > General Computing > Hardware
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 10-01-2007, 10:44 PM   #1
Daemon Poster
 
Captain Pooka's Avatar
 
Join Date: Oct 2006
Posts: 1,108
Default BackDoor Trojan

I'm currently doing a scan and I know I have about 34,000 backdoor trojans (not exagerating, I did an avg scan) AVG failed me. Can you believe it?

I retreated to Kaspersky which it working alot better than avg at the moment. For you can do multiple things at once..

I know once I get rid of these backdoors it will just come back.. like I saw in this post:

http://forums.spywareinfo.com/lofive...hp/t37433.html

I have my own Hijackthis log for you guys to look at and tell me what's wrong

------------------------------**********--------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:26 PM, on 10/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
G:\Program Files\Kaspersky\avp.exe
F:\WINDOWS\system32\svchost.exe
G:\Program Files\Kaspersky\avp.exe
F:\WINDOWS\System32\svchost.exe
F:\PROGRA~1\MICROS~2\rapimgr.exe
F:\Program Files\Microsoft ActiveSync\wcescomm.exe
F:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
F:\Program Files\Lexmark 1200 Series\lxczbmon.exe
F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxczjsw x.exe
F:\WINDOWS\system32\lxczcoms.exe
F:\Program Files\Internet Explorer\iexplore.exe
G:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {38669093-C41B-40BF-924F-D9A7F07283CC} - (no file)
O2 - BHO: (no name) - {7378296C-1FA1-46CC-927A-059E501AFAE4} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {837B45D6-BF85-457D-AABF-6D2E7815F791} - (no file)
O2 - BHO: (no name) - {A75E294E-C047-4D29-B07E-37B792881BEF} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Pinnacle WebUpdater] -"F:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [DLink Control Panel Silent] rundll32 dlnetcp.cpl,SilentCall
O4 - HKLM\..\Run: [AVP] "G:\Program Files\Kaspersky\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [msnmsgr] "F:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] F:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] F:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - G:\Program Files\Kaspersky\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://mypoints.worldwinner.com/game...amesLoader.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46.../bejeweled.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1164905273046
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} -
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v46/sol/sol.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by117fd.bay117.hotmail.msn.co...x/HMAtchmt.ocx
O20 - Winlogon Notify: eeabaefdebffaa - F:\WINDOWS\system32\eeabaefdebffaa.dll (file missing)
O20 - Winlogon Notify: vtussrs - vtussrs.dll (file missing)
O20 - Winlogon Notify: winzlo32 - winzlo32.dll (file missing)
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - G:\Program Files\Kaspersky\avp.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - G:\Pinacle Movies\BlackIce\blackd.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Unknown owner - -"F:\Program Files\Bonjour\mDNSResponder.exe" (file missing)
O23 - Service: FLEXnet Licensing Service - Unknown owner - -"F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - -"F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (file missing)
O23 - Service: iPod Service - Unknown owner - -"F:\Program Files\iPod\bin\iPodService.exe" (file missing)
O23 - Service: lxcz_device - - F:\WINDOWS\system32\lxczcoms.exe
O23 - Service: MioNet Service (MioNet) - Unknown owner - -"F:\Program Files\MioNet\MioNetManager.exe" -s "F:\Program Files\MioNet\wrapper.conf" (file missing)
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - -"F:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: MSSQLServerADHelper - Unknown owner - -"F:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe" (file missing)
O23 - Service: Office Source Engine (ose) - Unknown owner - -"F:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (file missing)
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Unknown owner - -"F:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe" (file missing)
O23 - Service: RapApp - Internet Security Systems, Inc. - G:\Pinacle Movies\BlackIce\rapapp.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - -"F:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - -"F:\Program Files\MSN Messenger\usnsvc.exe" (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - -"F:\Program Files\Windows Media Player\WMPNetwk.exe" (file missing)

--
End of file - 8718 bytes

-----------------------------************-----------------------


Btw, no music of any kind works, neither online or offline game music. Just the error noises for windows works.. any Idea what's wrong? I think it's because of this virus.

I am currently at 18,000 backdoors and on Kaspersky you can heal them WHILE your scanning and it goes considerably faster.

I am aware of what a backdoor is, if you don't know, refer here:

http://www.viruslist.com/en/virusesd...152540521#back

That's why I'm thinking everything that's wrong is because if this
Mr. Jack S. that's messing with me.

Please help me 34k is alot of viruses
__________________

Captain Pooka is offline   Reply With Quote
Old 10-01-2007, 10:47 PM   #2
Daemon Poster
 
Captain Pooka's Avatar
 
Join Date: Oct 2006
Posts: 1,108
Default Re: BackDoor Trojan

Sorry about double post, but the other is to long to edit.

Just thought you might want to know, they are all in my system32 folder... so those processes up there are looking kind of fishy ;D

And I don't care what happenes.. what they get or whatever. It's been on my machine for like 4 days and i've been on the internet.. so it's to late to just get off and fix it

I disabled sys. restore yesterday, it wasn't working anyways and people say things can hide in there.

*edit

I'm at 22.3k now. Man, this backdoor trojan is running all over this place. Is my backdoor broken yet? lol
__________________

Captain Pooka is offline   Reply With Quote
Old 10-02-2007, 12:34 PM   #3
Daemon Poster
 
disturbed13's Avatar
 
Join Date: Jul 2007
Posts: 1,154
Send a message via Yahoo to disturbed13
Default Re: BackDoor Trojan

wow
im sorry to hear that you had that many backdoor trojans
is the k... program that you are using free?
and if so could you provide a link so i can try it out?
thanks
disturbed13 is offline   Reply With Quote
Old 10-02-2007, 01:39 PM   #4
Daemon Poster
 
Captain Pooka's Avatar
 
Join Date: Oct 2006
Posts: 1,108
Default Re: BackDoor Trojan

Eh, no it's not free ..heh.. well....... lol Just google it and get the 30 day trial. It's worth the 30 days iif nothing else.
Captain Pooka is offline   Reply With Quote
Old 10-02-2007, 02:12 PM   #5
Fully Optimized
 
Fisher's Avatar
 
Join Date: Aug 2005
Posts: 1,581
Default Re: BackDoor Trojan

i would just format and reinstall windows if i had that many. but might have some files that you want to keep. does any one know if the user account control in vista would help protect against this by stopping anything in the background being installed with administrator pilivages?
__________________
Core i7 2600K Sandybridge + Prolimatech Megahalems Cooler ₪ Asus P8P67 DELUXE ₪ G.Skill RipJawsX 8GB DDR3 1600MHz ₪ Crossfire 5870's ₪ OCZ GameXstream 850w ₪ X-Fi Fatal1ty FPS edition ₪ OCZ Vertex 3 120GB ₪ Antec P182 ₪ NAS ReadyDuo 4Tb ₪ BenQ FP241WZ 24" Widescreen LCD ₪ Windows 7 x64
Fisher is offline   Reply With Quote
Old 10-02-2007, 03:15 PM   #6
Daemon Poster
 
Captain Pooka's Avatar
 
Join Date: Oct 2006
Posts: 1,108
Default Re: BackDoor Trojan

Um, they are all gone now, I told you I was going to get rid of them. I have windows xp, reformat is not an option. I guess I'll use my best judgement and delete stuff when I get home, in about 2 hours.
Captain Pooka is offline   Reply With Quote
Old 10-02-2007, 04:08 PM   #7
Fully Optimized
 
Fisher's Avatar
 
Join Date: Aug 2005
Posts: 1,581
Default Re: BackDoor Trojan

fair shout for getting rid of them. i would of just jumped to the reinstall. gives me piece of mind that they are actually gone.
__________________
Core i7 2600K Sandybridge + Prolimatech Megahalems Cooler ₪ Asus P8P67 DELUXE ₪ G.Skill RipJawsX 8GB DDR3 1600MHz ₪ Crossfire 5870's ₪ OCZ GameXstream 850w ₪ X-Fi Fatal1ty FPS edition ₪ OCZ Vertex 3 120GB ₪ Antec P182 ₪ NAS ReadyDuo 4Tb ₪ BenQ FP241WZ 24" Widescreen LCD ₪ Windows 7 x64
Fisher is offline   Reply With Quote
Old 10-02-2007, 04:14 PM   #8
Site Team
 
celegorm's Avatar
 
Join Date: Sep 2006
Posts: 10,713
Send a message via AIM to celegorm
Default Re: BackDoor Trojan

Quote:
Originally Posted by Fisher View Post
fair shout for getting rid of them. i would of just jumped to the reinstall. gives me piece of mind that they are actually gone.
Me too. But I would aslo go through with a second AV (like NOD's online scanner, or even better, it's 30-day trial) just to make sure yours isn't missing anything. Run all scans in normal and safe mode.
__________________
"as a fanboy i refuse to admit it and will pull countless things out of my butt to disprove it"

Team Thelegorm! Total Kills: 21 (i iz in uor profile, editsing your sigz)
celegorm is offline   Reply With Quote
Old 10-03-2007, 12:11 AM   #9
Daemon Poster
 
Captain Pooka's Avatar
 
Join Date: Oct 2006
Posts: 1,108
Default Re: BackDoor Trojan

ok about that, what about the hijack this log.. lol
Captain Pooka is offline   Reply With Quote
Old 10-03-2007, 12:21 AM   #10
Golden Master
 
borat_sagdiyev's Avatar
 
Join Date: Feb 2006
Posts: 8,986
Send a message via AIM to borat_sagdiyev Send a message via MSN to borat_sagdiyev
Default Re: BackDoor Trojan

Quote:
Originally Posted by Captain Pooka View Post
ok about that, what about the hijack this log.. lol
well nobody can just read one of those to diagnose it...

just go to this site and paste it in and it analyzes it

www.hijackthis.de
__________________

__________________
Core 2 Duo e4500 2.2ghz @ 2.8ghz
evga 650i ultra
2gb 400mhz ram OC'ed to 450
evga geforce 7600GT overclocked
borat_sagdiyev is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 08:15 AM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0