Urgent Help Pse: Trojan Horse Collected 5L

[cymak]

Would greatly and sincerely appreciate urgent assistance please.  Somehow caught the trojan and none of the numerous anti-virus and anti-spyware is able to effect its removal.  The AVG anti-virus constantly prompt and highlight detection of Trojan Horse Collected 5L on c:/MSdirectx.sys file.


Logfile of HijackThis v1.99.1
Scan saved at 8:36:25 PM, on 6/2/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\setup32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\System32\msnpg.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
c:\windows\defrag.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.singnet.com.sg
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,setup32.exe
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft System Checkup] libsysmgr.exe
O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
O4 - HKLM\..\Run: [sixtysix] C:\WINDOWS\sixtypopsix.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Service Drivers] msnpg.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitetkf32.exe
O4 - HKLM\..\RunServices: [Sygate Personal Port] crss.exe
O4 - HKLM\..\RunServices: [Norton Personal Firewall] jah.exe
O4 - HKLM\..\RunServices: [Microsoft System Checkup] libsysmgr.exe
O4 - HKLM\..\RunServices: [Service Drivers] msnpg.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Service Drivers] msnpg.exe
O4 - HKCU\..\Run: [Cspw] C:\Documents and Settings\Mak Chee Yong\Application Data\mmec.exe
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - HKCU\..\RunServices: [Service Drivers] msnpg.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NT login service (ntlogin32) - Unknown owner - C:\WINDOWS\System32\libsysmgr.exe (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\WINDOWS\System32\S24EvMon.exe

[cymak]

Please, anyone out there kindly help.  Thanks !

[colin]

I'm a newcomer to this sort of help forum. Sorry can't help but to let you know I have just the same problem and would appreciate learning of any help that is of use. Using AVG Anti virus as well.

[1badtech]

[quote name=\'cymak\' date=\'Jun 2 2005, 05:35 AM\']Would greatly and sincerely appreciate urgent assistance please.  Somehow caught the trojan and none of the numerous anti-virus and anti-spyware is able to effect its removal.  The AVG anti-virus constantly prompt and highlight detection of Trojan Horse Collected 5L on c:/MSdirectx.sys file.[/quote]

Have you tried adaware antispyware?  Try that and Microsoft's antispyware.  After running those 2 send you hijack log again.

After you get rid of those pesty spywares, don't forget to do a disk cleanup and defrag.  Wouldn't be a bad idea doing these on a regular basis.

[spywareguru]

You should probably scan your system with following antispyware software's.

1. Microsoft antispyware Beta from

http://www.microsoft.com/downloads/search....?displaylang=en


2. GarbageClean from http://www.SecureMyWindows.com - good for cleaning.

[Dudefromoz]

I had the same problem, no matter how many times you deleted msdirectx.sys it would write itself back triggering the antivirus warning (drove me insane). I was running Avast which wouldnt get rid of it, after trying several antivirus programs .....none would clean the infection till I tried Nod32. I downloaded the trial from their site, installed, rebooted and JOY!!! it killed it totally....hope this helps people

[Dudefromoz]

PS....I tried all the spyware proggies incl Microsoft...none helped....Tried killing off all unneeded startups as well, no joy.....Tried cleaners of all types.....no help.....It was one serious pain in the *** to get it out of the system...Thought I was going to have to wipe poota to get rid of it

[Guest]

Many thanks for all the comments and guidance.  I have formatted my hard disk and installed anti-softwares to guard.

Cheers.