« previous next »
Pages: [1]

Author Topic: Win32.P2P-Worm.Alcan.a)  (Read 762 times)

Offline kawaguchi

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Win32.P2P-Worm.Alcan.a)
« on: April 11, 2007, 09:08:17 PM »
Ok, so this all started last night.   I was trying to fix my rates in CSS and I found a link that supposedly helped me.   WHen I DL'd it nothing happened and now when i start up my comp it gives me an MS-DOS SCreen and say C\\WINDOWS\system32\regedit.com can not blah blah and it tell me to close or ignore.
 Usually my comp locks up and i have to rs.
 
 
 I then found out that this was created by an undeletable hcksys32.exe and that i have a trojan virus known as Generic32.JDK.   I soon found out that i also have this Win32.P2P-WOrm that is also undeletable.   Can someone please help me
 
 Logfile of Trend Micro HijackThis v2.0.0 (BETA)
 Scan saved at 6:59:20 PM, on 4/11/2007
 Platform: Windows XP SP2 (WinNT 5.01.2600)
 Boot mode: Normal
 
 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\winlogon.exe
 C:\WINDOWS\system32\services.exe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\Ati2evxx.exe
 C:\WINDOWS\system32\svchost.exe
 C:\WINDOWS\System32\svchost.exe
 C:\Program Files\Ahead\InCD\InCDsrv.exe
 C:\WINDOWS\system32\svchost.exe
 C:\WINDOWS\system32\Ati2evxx.exe
 C:\WINDOWS\system32\spoolsv.exe
 C:\WINDOWS\Explorer.EXE
 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
 C:\Program Files\Ahead\InCD\InCD.exe
 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
 C:\Program Files\iTunes\iTunesHelper.exe
 C:\Program Files\QuickTime\qttask.exe
 C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe
 C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
 C:\Program Files\Winamp\winampa.exe
 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
 C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
 C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
 C:\Program Files\TrojanHunter 4.6\THGuard.exe
 C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
 C:\WINDOWS\system32\hck.exe
 C:\WINDOWS\system32\ctfmon.exe
 C:\Program Files\ABIT\ABIT uGuru\OCGuru.exe
 C:\program files\steam\steam.exe
 C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe
 C:\Program Files\3M\PSNLite\PsnLite.exe
 C:\Program Files\WinZip\WZQKPICK.EXE
 C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
 C:\PROGRA~1\3M\PSNLite\PSNGive.exe
 C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
 C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
 C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
 C:\Program Files\Viewpoint\Common\ViewpointService.exe
 C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 C:\Program Files\Octoshape Streaming Services\Administrator\OctoshapeClient.exe
 C:\Program Files\iPod\bin\iPodService.exe
 C:\WINDOWS\System32\svchost.exe
 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
 C:\wIRC\mIRC.exe
 C:\WINDOWS\system32\WgaTray.exe
 C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
 C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
 C:\Documents and Settings\Administrator\Desktop\HiJackThis_v2.exe
 
 R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
 O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarBHO.dll
 O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar1.01.2607.0\en-us\msntb.dll
 O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll
 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
 O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
 O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
 O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
 O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
 O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
 O4 - HKLM\..\Run: [ViewpointPhotosDeviceConnect] C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe
 O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
 O4 - HKLM\..\Run: [GuruClock] C:\Program Files\ABIT\ABIT uGuru\GuruClock.exe
 O4 - HKLM\..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
 O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
 O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
 O4 - HKLM\..\Run: [AtiPTA] C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
 O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
 O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
 O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
 O4 - HKLM\..\Run: [hcksys32.exe] hck.exe
 O4 - HKLM\..\RunServices: [hcksys32.exe] hck.exe
 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
 O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\Administrator\OctoshapeClient.exe" -inv:bootrun
 O4 - HKCU\..\Run: [ABIT OcGuru] C:\Program Files\ABIT\ABIT uGuru\\OCGuru.exe -p
 O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
 O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup
 O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
 O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
 O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
 O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
 O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
 O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
 O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
 O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
 O4 - Global Startup: PowerGrid.lnk = ?
 O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
 O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
 O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
 O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} (CamRegCleanControl Object) - http://www.amustsoft.com/onlineregistrysca...eRegCleaner.cab
 O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
 O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
 O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
 O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
 O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
 O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
 O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
 O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
 O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
 O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
 O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
 O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
 O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 
 --
 End of file - 9577 bytes
 
 I also have AVG Anti-Virus, Ad-Aware SE and Trojan Hunter.   THank you for your help =]
 
 SIncerely,
 Eric
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Win32.P2P-Worm.Alcan.a)
« Reply #1 on: April 18, 2007, 01:59:28 PM »
Sorry for the delay, I've been away on vacation
If you still need a hand with your log, can you repost a fresh hijackthis log and we will go from there
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Win32.P2P-Worm.Alcan.a)
« Reply #2 on: June 09, 2007, 04:34:35 PM »
As the original poster has not returned, I'll lock this topic
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »