TheTechGuide Forum

General Category => Tech Clinic => Topic started by: ArchN00blet on August 12, 2006, 03:44:53 AM

Title: TROJAN ATTACK!
Post by: ArchN00blet on August 12, 2006, 03:44:53 AM

Ok, it happend when i downloaded Limewire Accelerator 4.10. I installed it, it turned out that it had a Trojan it it. It's called a Win32: Spyware-Gen, that what avast! anti-virus says. It's really annoying because it keeps on re-appearing and avast! pops up and tell me to either move/rename, delete, move to chest or no action. Please help, this is really annoying!  Im going to restart my PC, and heres my Hijackthis Log:


Logfile of HijackThis v1.99.1
Scan saved at 6:44:15 PM, on 8/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
E:\avast!\aswUpdSv.exe
E:\avast!\ashServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\avast!\ashDisp.exe
E:\SpywareGuard\sgmain.exe
E:\SpywareGuard\sgbhp.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\WgaTray.exe
E:\avast!\ashMaiSv.exe
E:\avast!\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Mozzila\firefox.exe
E:\LimeWire\LimeWire.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Matthew\Desktop\hijackthis\HijackThis.exe

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - E:\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RAM Idle Professional] E:\RAM Idle LE\RAM_XP.exe
O4 - HKLM\..\Run: [Registry Toolkit] C:\Program Files\Registry Toolkit\RegToolkit.exe /scan
O4 - HKLM\..\Run: [WyvernWorks RAM Resurrect] E:\Program Files\WyvernWorks\RAM Resurrect 2004\WyvernWorks RAM Resurrect.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] E:\avast!\ashDisp.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
O4 - HKCU\..\Run: [Free Download Manager] E:\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: LimeWire On Startup.lnk = E:\LimeWire\LimeWire.exe
O4 - Startup: SpywareGuard.lnk = E:\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://G:\stuff\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://G:\stuff\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://G:\stuff\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://G:\stuff\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\avast!\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\avast!\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\avast!\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\avast!\ashWebSv.exe" /service (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Title: TROJAN ATTACK!
Post by: guestolo on August 12, 2006, 05:27:50 PM

You don't seem to have a good time with Limewire  /huh.gif\' class=\'bbc_emoticon\' alt=\':huh:\' />
You MUST be careful with filesharing programs, right click on and scan any file you download with your updated
Virus scanner Before opening it

Can you do the following
Access your Add/Remove programs and remove if found
New.Net domains

Follow the prompts
Restart the computer afterwards

If New.net is not found in add/remove
Go to the following link
http://www.newdotnet.com/#remove (http://\"http://www.newdotnet.com/#remove\")
Use Procedure #4
You can save the uninstaller to desktop to run it

Back in Windows post a fresh hijackthis log please

Title: TROJAN ATTACK!
Post by: ArchN00blet on August 12, 2006, 11:30:12 PM

Heres my Hijackthis logfile

Logfile of HijackThis v1.99.1
Scan saved at 2:28:28 PM, on 8/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\avast!\ashDisp.exe
E:\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\SpywareGuard\sgmain.exe
E:\SpywareGuard\sgbhp.exe
E:\avast!\aswUpdSv.exe
E:\avast!\ashServ.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\WgaTray.exe
E:\avast!\ashWebSv.exe
E:\avast!\ashMaiSv.exe
C:\Documents and Settings\Matthew\Desktop\hijackthis\HijackThis.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - E:\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RAM Idle Professional] E:\RAM Idle LE\RAM_XP.exe
O4 - HKLM\..\Run: [Registry Toolkit] C:\Program Files\Registry Toolkit\RegToolkit.exe /scan
O4 - HKLM\..\Run: [WyvernWorks RAM Resurrect] E:\Program Files\WyvernWorks\RAM Resurrect 2004\WyvernWorks RAM Resurrect.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] E:\avast!\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Free Download Manager] E:\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: LimeWire On Startup.lnk = E:\LimeWire\LimeWire.exe
O4 - Startup: SpywareGuard.lnk = E:\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://G:\stuff\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://G:\stuff\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://G:\stuff\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://G:\stuff\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\avast!\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\avast!\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\avast!\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\avast!\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Thanks for helping! Your a legend at this!

Title: TROJAN ATTACK!
Post by: ArchN00blet on August 16, 2006, 01:22:20 AM

Thats all

Title: TROJAN ATTACK!
Post by: guestolo on August 16, 2006, 07:01:43 AM

Your last log looked good
Are you having any problems?

Title: TROJAN ATTACK!
Post by: ArchN00blet on August 18, 2006, 01:40:11 AM

It's ok, except it's running a bit slow. CAn you help me with this other problem. I've got this game but when i play it for a while, my computer freezes and i can't do anything. Ctrl-alt-del doesn't even work. So i have to reset the computer. I think it's my ram. My ram is 256 MB.

Title: TROJAN ATTACK!
Post by: guestolo on August 19, 2006, 12:12:17 PM

I would have to know which game?
And what are your system specs.
Processor>>Video>>etc..

Title: TROJAN ATTACK!
Post by: ArchN00blet on August 22, 2006, 06:49:32 AM

The game is Grand Theft Auto San Andreas
AMD Athlon(tm) 1800+ XP
1.54GHz, 256MB of RAM
Nvidia GeForce FX 5200 and i also have Nvidia Quadro