Show Posts
1
Tech Clinic / Ha, yet -another- msdirectx invasion
« on: May 31, 2005, 10:30:28 PM »
Pretty run of the mill.
Collected.5.L pops up on startup from AVG AntiVirus.
Already tried to delete it, doesnt help.
Noticed there was a problem when taskmgr.exe failed to remain open.
Included is my HJT log. Thanks in advance:
Logfile of HijackThis v1.99.1
Scan saved at 12:14:41 AM, on 6/1/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Xoblite\Blackbox.exe
D:\PROGRA~1\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\AVGFRE~1\avgcc.exe
D:\PROGRA~1\AVGFRE~1\avgupsvc.exe
D:\PROGRA~1\AVGFRE~1\avgemc.exe
D:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\System32\msconfig32.exe
d:\program files\valve\steam\steam.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Gaim\gaim.exe
D:\Documents and Settings\eric\Desktop\egsfdgs.exe (hijackthis application, had to be renamed, trojan was blocking hijackthis.exe from being executed)
F2 - REG:system.ini: Shell=D:\Xoblite\Blackbox.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] D:\PROGRA~1\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKLM\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKCU\..\Run: [Steam] "d:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Gaim] D:\Program Files\Gaim\gaim.exe
O4 - HKCU\..\Run: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKCU\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{915052EE-2616-4F61-BCDB-02301327EC4D}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{915052EE-2616-4F61-BCDB-02301327EC4D}: NameServer = 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{915052EE-2616-4F61-BCDB-02301327EC4D}: NameServer = 192.168.2.1
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\AVGFRE~1\avgupsvc.exe
---
nevermind, i think i might have found the file responsible, msconfig32 its definitely the program blocking taskmgr. if you see anything else, please reply with your thoughts.
Collected.5.L pops up on startup from AVG AntiVirus.
Already tried to delete it, doesnt help.
Noticed there was a problem when taskmgr.exe failed to remain open.
Included is my HJT log. Thanks in advance:
Logfile of HijackThis v1.99.1
Scan saved at 12:14:41 AM, on 6/1/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Xoblite\Blackbox.exe
D:\PROGRA~1\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\AVGFRE~1\avgcc.exe
D:\PROGRA~1\AVGFRE~1\avgupsvc.exe
D:\PROGRA~1\AVGFRE~1\avgemc.exe
D:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\System32\msconfig32.exe
d:\program files\valve\steam\steam.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Gaim\gaim.exe
D:\Documents and Settings\eric\Desktop\egsfdgs.exe (hijackthis application, had to be renamed, trojan was blocking hijackthis.exe from being executed)
F2 - REG:system.ini: Shell=D:\Xoblite\Blackbox.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] D:\PROGRA~1\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKLM\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKCU\..\Run: [Steam] "d:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Gaim] D:\Program Files\Gaim\gaim.exe
O4 - HKCU\..\Run: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKCU\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{915052EE-2616-4F61-BCDB-02301327EC4D}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{915052EE-2616-4F61-BCDB-02301327EC4D}: NameServer = 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{915052EE-2616-4F61-BCDB-02301327EC4D}: NameServer = 192.168.2.1
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\AVGFRE~1\avgupsvc.exe
---
nevermind, i think i might have found the file responsible, msconfig32 its definitely the program blocking taskmgr. if you see anything else, please reply with your thoughts.