Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:54:54 PM, on 3/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\crypserv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iPass\iPassConnect\iPCAgent.exe
c:\sots\KMService.exe
C:\Program Files\Marimba\Castanet Tuner\Tuner.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\progra~1\Metlife\MediaManager\Media...
c:\MetLife\MetTask\METTASK.EXE
C:\Lotus\Notes\ntmulti.exe
C:\WINNT\system32\Prot_srv.exe
C:\WINNT\system32\pstartSr.exe
c:\winnt\system32\rcmdsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Servi...
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watch...
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.E...
C:\WINNT\system32\hkcmd.exe
C:\WINNT\system32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINNT\system32\igfxsrvc.exe
C:\WINNT\stsystra.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\sots\detectVPN.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Pinpoint Global\Media Room\MediaRoomClientApp.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch...
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Websense\WDC\WsUIMgr.exe
C:\WINNT\system32\braviax.exe
C:\WINNT\system32\ctfmon.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemo...
C:\Program Files\METLIFE\LSMS3\lsms3.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\iPass\iPassConnect\downloader\ipcc...
C:\Program Files\Marimba\Castanet Tuner\lib\minituner.exe
C:\Program Files\Network Associates\VirusScan\SCAN32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://imetlife.metlife.com/sitemindera...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://exwintp019.metlife.com/login.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Metropolitan Life
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCA...
O3 - Toolbar: %26amp;Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINNT\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [SET_PLAYER] regedit /s c:\systemp\mp3\mp3assoc.reg
O4 - HKLM\..\Run: [RoamingUser] "C:\Program Files\Marimba\Castanet Tuner\tuner.exe" -start http://as_risccast00:5282/ENT/Castanet/R... 1
O4 - HKLM\..\Run: [McAfeeUpdaterUI] C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE /STANDALONE
O4 - HKLM\..\Run: [DetectVPN] c:\sots\detectVPN.exe
O4 - HKLM\..\Run: [LSMS3] C:\Program Files\MetLife\LSMS3\LSMS.BAT
O4 - HKLM\..\Run: [LSMS] C:\Program Files\MetLife\LSMS3\OldLSM.BAT
O4 - HKLM\..\Run: [MediaRoomApp] C:\Program Files\Pinpoint Global\Media Room\MediaRoomClientApp.exe
O4 - HKLM\..\Run: [AWMON] C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.e... /custom +prefs:"C:\PROGRA~1\Lavasoft\AD-AWA~1\aw...
O4 - HKLM\..\Run: [Pointsec Tray] C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe
O4 - HKLM\..\Run: [sp2cfg] C:\WINNT\system32\mrmbtemp\xpsp2\wkix32.... C:\WINNT\system32\mrmbtemp\xpsp2\popup.k... /i
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WsUiMgr] C:\Program Files\Websense\WDC\WsUIMgr.exe
O4 - HKLM\..\Run: [braviax] C:\WINNT\system32\braviax.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\Googl...
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon....
O4 - HKCU\..\Run: [braviax] C:\WINNT\system32\braviax.exe
O4 - Global Startup: ADAWARE.LNK = C:\WINNT\runonce.bat
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CENSUSNT.LNK = C:\METLIFE\dlm\censusnt.bat
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NTCONECT.LNK = C:\Security\NtConect.exe
O4 - Global Startup: systray.exe
O6 - HKCU\Software\Policies\Microsoft\Interne... Explorer\Restrictions present
O8 - Extra context menu item: %26amp;Search - http://edits.mywebsearch.com/toolbaredit...
O8 - Extra context menu item: E%26amp;xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCE...
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://exwintp019.metlife...
O15 - Trusted Zone: *.metlife.com
O15 - Trusted Zone: *.metlife.com (HKLM)
O16 - DPF: {10B05D6E-5BFB-11D4-8920-00C04F57BB26} (KMReader Class) - https://imetlife.metlife.com/sitemindera...
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache...
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUp...
O17 - HKLM\System\CCS\Services\Tcpip\Parameter... Domain = metlife.com
O17 - HKLM\Software\..\Telephony: DomainName = metlife.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameter... Domain = metlife.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameter... Domain = metlife.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameter... Domain = metlife.com
O18 - Protocol hijack: flowto - {C7101FB0-28FB-11D5-883A-204C4F4F5021}
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\program files\symantec\pcanywhere\awhost32.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINNT\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect\iPassConnectEng...
O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe
O23 - Service: KMService - Unknown owner - c:\sots\KMService.exe
O23 - Service: Marimba - BMC Software, Inc. - C:\Program Files\Marimba\Castanet Tuner\Tuner.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: MediaManager - Unknown owner - c:\progra~1\Metlife\MediaManager\MediaMa...
O23 - Service: MetLife® Task List (MetLifeTaskList) - MetLife® - c:\MetLife\MetTask\METTASK.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Lotus\Notes\ntmulti.exe
O23 - Service: Pointsec - Unknown owner - C:\WINNT\system32\Prot_srv.exe
O23 - Service: Pointsec Service Start (Pointsec_start) - Unknown owner - C:\WINNT\system32\pstartSr.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Servi...
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watch...
O23 - Service: Websense Desktop Client (WebsenseDesktopClient) - Websense - C:\Program Files\Websense\WDC\WDC.exe
--
End of file - 10095 bytes
Help! I have a trojan virus which shows a red circle with a white x in it. getting "download" alerts. help!
This one is your problem%26lt;%26gt;C:\WINNT\system32\braviax.exe %26gt; this is the only problem i can see.
http://forums.majorgeeks.com/showthread....
Superantispyware have it in their definitions so
should remove.This is free for personal use.
http://www.fileresearchcenter.com/B/BRAV...
Download from link below and would be advisable
to scan in safe mode if it does not remove in
normal mode.If still there after that you will have
to turn off system restore%26lt;%26gt;scan again%26lt;%26gt;reboot
and if gone turn system restore back on.This will
create a new restore point without the braviax.exe.
Reply:I'm not sure about entries on hijackthis log, but i've noticed braviax.exe so you definitely need braviax removal: http://www.2-spyware.com/remove-braviax....
Reply:Install Kaspersky antivirus 7 trial version from www.kaspersky.com, update it and make a full scan of your computer, it will find all viruses that AVG or any other a-virus software missed and delete them. besides that it will get your operating system to good working conditions
believe me
Reply:I suggest you do the following to find this so you can get rid of it;
Update and use your own antivirus or download one of the antivirus tools below and along with the spyware doctor and update them and restart your computer in safe mode ( tap F-8) during startup, then scan with the antivirus and the spyware doctor while in safe mode, this should find it so you can remove it; Please note that you should only run one antivirus on your computer at one time,
Avira Antivirus free (Recommended)
http://www.free-av.com/antivirus/allinon...
PC Tools free antivirus, free, Note; only run one antivirus at a time;
http://www.pctools.com/free-antivirus/
Kaspersky free antivirus; Note, you should only run one antivirus at a time;
http://usa.kaspersky.com/products_servic...
This is a free antivirus tool called avg free, Note; You should only run one antivirus at a time;
http://free.grisoft.com/doc/downloads-pr...
The free edition of spyware doctor, The best for removing spyware, adware and malware and it finds backdoor trojans and its free, ( Recommened)
http://www.download.com/Spyware-Doctor-S...
SG
Reply:Step 1: Make sure that you have an up to date antivirus program. If you don't, install AVG. You should only have one antivirus program. (If you need to uninstall your antivirus, use RevoUninstaller)
Step 2: Visit the Google Pack website, and use it to download Spyware Doctor.
Step 3: Download and install ThreatFire.
Step 4: Make sure to use Mozilla's Firefox from here on out. Also, install the Adblock Plus add-on for it.
Step 5: Make sure that you have a firewall program on your computer. If you don't, install Comodo.
This is just a quick summary of what you should do. For other recommended programs, and their optimal settings, visit my guide on the matter. http://prometechus.blogspot.com/2007/09/... FEEL FREE TO IM ME IF YOU HAVE ANY QUESTIONS.
I also noticed that you're running an outdated version of Internet Explorer. I would suggest that you visit the Microsoft Update website, click on the Custom button, and download all the available updates, including IE7. The scans that the IE installer does may help make this process easier.
Reply:Everyone is correct. However, cleaning a virus is sometimes very hard. If you manage to erradicate the virus from your machine I suggest to install a technology to wipe out any infection at boot time.
Deep Freeze and ReturnIL are two softwares that protect your computer from trojans, malwares, etc.
You computer will still get infected by viruses and other trojans when you browse to P2P sites or others. However, as soon as you reboot your PC it will revert to its original locked state wiping out all the changes made to the OS, so you will have a clean PC every time you boot.
Now I don't have antivirus software on my machine. I still have Firewall to make sure I can block inbound/outbound traffic while infected (to be able to detect the anomalies so I can reboot and clean the pc and to protect from any file transfer of confidential info stored in my pc).
Also, if you don't get Deep Freeze or Returnil you can get Sandboxie to create a virtual sandbox in Internet Explorer that isolate your computer from your bad browsing habits. However, this does not protects you from software installs that you download, that would be the job of Deep Freeze or Returnil
Hope this helps everyone.
Reply:update your antivirus software
scan your pc in safe mode
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment