Go Back   Computer Forums > General Computing > Hardware
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 10-22-2006, 04:24 PM   #1
Solid State Member
 
Join Date: Nov 2004
Posts: 20
Default WIN32.TROJAN.DOWNLOADER help please :(

so yea, adawre picked this out..I have been looking every where to uninstall it and nothing..Or atleast I think its removed but i still get in my ctrl+alt+del thing i get :
Iexploer 2 times and i keep getting popups..

This was from the ad-aware log:
WIN32.TROJAN.DOWNLOADER

obj[12]=File : C:\Documents and Settings\Evan\Local Settings\Temp\nsz8E3.tmp\nsisdl.dll


here is my HJT log:
Code:
Logfile of HijackThis v1.99.1
Scan saved at 3:15:57 PM, on 10/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AIM\aim.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Steam\Steam.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Documents and Settings\Evan\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Data does 32 curb] C:\Documents and Settings\All Users\Application Data\showholedatadoes\teamfind.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [beep ante] C:\DOCUME~1\Evan\APPLIC~1\BROWSE~1\proc meet.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Super Turbo Tango Patcher Reloader.lnk = C:\WINDOWS\Super Turbo Tango Patcher\Reloader.exe
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.0.0971.20/WinSSWebAgent.CAB
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: MSMPSVC - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe" -n 4 (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Sorry had a little fun with the image haha.

iv googled and got nothing that will help..if anyone can help i would love them for ever.

thanks,
Evan
__________________

Skyline4life is offline   Reply With Quote
Old 10-22-2006, 04:40 PM   #2
Fully Optimized
 
Join Date: Oct 2005
Location: 1
Posts: 2,525
Default Re: WIN32.TROJAN.DOWNLOADER help please :(

plug that directory path in run and delete it that way.
__________________

Ronco Rox is offline   Reply With Quote
Old 10-22-2006, 04:42 PM   #3
Solid State Member
 
Join Date: Nov 2004
Posts: 20
Default Re: WIN32.TROJAN.DOWNLOADER help please :(

Quote:
Originally Posted by Ronco Rox
plug that directory path in run and delete it that way.
I just did a scan again, and its not there...But its quanrteened..But if i run it wont it run that .dll? then how would i delete it?
Skyline4life is offline   Reply With Quote
Old 10-22-2006, 05:07 PM   #4
Fully Optimized
 
Join Date: Oct 2005
Location: 1
Posts: 2,525
Default Re: WIN32.TROJAN.DOWNLOADER help please :(

plug this part in
C:\Documents and Settings\Evan\Local Settings\Temp\

then find the nsz8E3.tmp folder and delete that
Ronco Rox is offline   Reply With Quote
Old 10-22-2006, 05:08 PM   #5
Solid State Member
 
Join Date: Nov 2004
Posts: 20
Default Re: WIN32.TROJAN.DOWNLOADER help please :(

alrigh did that..now what about the Iexplore thing? its still there.
Skyline4life is offline   Reply With Quote
Old 10-22-2006, 05:46 PM   #6
Fully Optimized
 
troy's Avatar
 
Join Date: Jul 2006
Location: USA
Posts: 2,410
Default Re: WIN32.TROJAN.DOWNLOADER help please :(

try using hijackthis. Download it here: http://www.download.com/HijackThis/3...3.html?tag=hed and then copy and paste a logfile at: http://www.hijackthis.de/ and try to delete the process there.

Another thing to try is avira. Avira gets rid of that trojan. I've had it before and I ran a scan with avira and it caught it. Avast or AVG might catch it too, i don't know because i wasn't using them when I caught it but I know avira can get rid of it so you could try that if you want. you can download avira at freeav.org
__________________
Desktop: Dell Dimension E510, 2.5GB RAM, Intel P4 3.0GHZ, 250GB HDD, Windows Vista Premium. Might not be the best, but the old girl is still running good.
troy is offline   Reply With Quote
Old 10-22-2006, 05:57 PM   #7
Solid State Member
 
Join Date: Nov 2004
Posts: 20
Default Re: WIN32.TROJAN.DOWNLOADER help please :(

Quote:
Originally Posted by troy272
try using hijackthis. Download it here: http://www.download.com/HijackThis/3...3.html?tag=hed and then copy and paste a logfile at: http://www.hijackthis.de/ and try to delete the process there.

Another thing to try is avira. Avira gets rid of that trojan. I've had it before and I ran a scan with avira and it caught it. Avast or AVG might catch it too, i don't know because i wasn't using them when I caught it but I know avira can get rid of it so you could try that if you want. you can download avira at freeav.org
sweet! that site from HJT worked i think..So far theres no IE in the processes..i'll scan my computer with the progy you told me about.
Skyline4life is offline   Reply With Quote
Old 10-22-2006, 07:44 PM   #8
Solid State Member
 
Join Date: Nov 2004
Posts: 20
Default Re: WIN32.TROJAN.DOWNLOADER help please :(

Nope...both IE is still in the processes..and avira didnt find anything, and i still get popups once in a whilek..
Skyline4life is offline   Reply With Quote
Old 10-22-2006, 07:56 PM   #9
Daemon Poster
 
Toby's Avatar
 
Join Date: Jan 2006
Posts: 1,028
Send a message via MSN to Toby Send a message via Yahoo to Toby
Default Re: WIN32.TROJAN.DOWNLOADER help please :(

This might explain it:

http://www.castlecops.com/t149372-Fa...ownloader.html

Or this:

http://virusscan.jotti.org/

Powered by almost all of the major AV companies. Should tell you if your trojan is infact a virus or not.

Otherwise try these online scans:

housecall.trendmicro.com
www.pandasoftware.com/activescan/
www.bitdefender.com/scan8/ie.html
www.kaspersky.com/scanforvirus
www3.ca.com/virusinfo/virusscan.aspx
support.f-secure.com/enu/home/ols.shtml
www.thefreecountry.com/security/antivirus.shtml

Should pick up any malware/virus that you have on your computer.
__________________
Dell Inspiron 9400 Notebook 120GB 5400RPM SATA HDD, 500GB 7200RPM SATA External HDD, DVD+-RW, DVD+-RW External, Mobile Intel Calistoga i945PM, Intel Core 2 Duo 2.0 GhZ, 2GB DDR2-667MhZ Dual Channel SDRAM, Nvidia GeForce GO 7900 GS 256MB Single-Pipe.
TinyXP Rev05, PerfectDisk, TuneUp Utilities, Window Washer, Nod32, Bo-Clean, SuperAntiSpyware Pro, Spyware Blaster, Comodo Firewall Pro.
Toby is offline   Reply With Quote
Old 10-23-2006, 05:11 PM   #10
Solid State Member
 
Join Date: Nov 2004
Posts: 20
Default Re: WIN32.TROJAN.DOWNLOADER help please :(

Quote:
Originally Posted by Toby
This might explain it:

http://www.castlecops.com/t149372-Fa...ownloader.html

Or this:

http://virusscan.jotti.org/

Powered by almost all of the major AV companies. Should tell you if your trojan is infact a virus or not.

Otherwise try these online scans:

housecall.trendmicro.com
www.pandasoftware.com/activescan/
www.bitdefender.com/scan8/ie.html
www.kaspersky.com/scanforvirus
www3.ca.com/virusinfo/virusscan.aspx
support.f-secure.com/enu/home/ols.shtml
www.thefreecountry.com/security/antivirus.shtml

Should pick up any malware/virus that you have on your computer.
...The win32 thing is gone..I'm just having issues with this:
__________________

Skyline4life is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 08:09 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0