Author Topic: Trojon horse found by AVG today (Read 493 times)

Mr Bell · « **on:** August 11, 2007, 08:07:47 AM »

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:03:40 AM, on 8/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\mIRC\mirc.exe
C:\Documents and Settings\Chris Miears\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eightballclan.branzone.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183157948081
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,20/mcgdmgr.cab
O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggerne...oaderSigned.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

--
End of file - 3449 bytes

guestolo · « **Reply #1 on:** August 12, 2007, 03:27:38 AM »

Which folder is AVG detecting this in?

Mr Bell · « **Reply #2 on:** August 12, 2007, 08:08:42 AM »

Well, I have two listed in the Virus vault. They could be one and the same. This could also be mIRC.

There not listed by folder. I put them in the Virus vault and they are listed as follows.

DHTMLAccess.dll C\WINDOWS\SYSTEM32\ Trojan horse Downloader Wintim.2r

Object name A0045320.dll C\System Volume Infomation\_restore{DA4194ED-67E0-4222
Trojan horse Downloader. Wintrim 2R

Mr Bell · « **Reply #3 on:** August 12, 2007, 10:10:35 AM »

Also Firefox will not open.

Mr Bell · « **Reply #4 on:** August 13, 2007, 07:02:50 PM »

Mr Bell · « **Reply #5 on:** August 21, 2007, 02:06:46 PM »

Bump. Hope everything is ok? Maybe your on vacation is all.

Mr Bell · « **Reply #6 on:** August 25, 2007, 06:06:23 AM »

Hello?

guestolo · « **Reply #7 on:** August 25, 2007, 08:23:45 AM »

Please supply a startuplist from Hijackthis
Open Hijackthis>>Open Misc tools section
Beside 'Generate a Staruplist'
Check the following
List all minor sections(full)
and
List empty sections(complete)

Afterwards click the button Generate a Staruplist
Click Yes to the prompt
A text file will open
Copy>>Paste back here the whole contents

TheTechGuide Forum

News:

Author Topic: Trojon horse found by AVG today (Read 493 times)

Mr Bell

Trojon horse found by AVG today

guestolo

Trojon horse found by AVG today

Mr Bell

Trojon horse found by AVG today

Mr Bell

Trojon horse found by AVG today

Mr Bell

Trojon horse found by AVG today

Mr Bell

Trojon horse found by AVG today

Mr Bell

Trojon horse found by AVG today

guestolo

Trojon horse found by AVG today