Trojans galore - Page 2
Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 26

Thread: Trojans galore

  1. #11
    Junior Member
    Join Date
    Apr 2004
    Posts
    6
    Thanks! Apparently that did the trick. There IS one last nagging detail. While runing Ad-Aware it told me that there was a problem cleaning wcpcc.exe and if I wanted to rebot and have it cleaned immediatly afterwards. I said yes, but it wasn´t even detected although it does show up in HijackThis!

    Any ideas if this might still be a problem?

  2. #12
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi,

    Boot into safe mode and run AdAware again..............see if it finds anything?

    Reboot into normal mode and run HijackThis again, and see if it is still running.

    One more tool for you:

    http://www.winpatrol.com

    That should just about give you a complete set

    Good luck
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  3. #13
    Member
    Join Date
    Feb 2004
    Posts
    30
    wcpcc.exe is PurityScan.b you can find removal instructions at the below link.

    http://www.kephyr.com/spywarescanner....b/index.phtml

  4. #14
    Senior Member
    Join Date
    Feb 2002
    Posts
    1,210
    in addition to the above..

    svchost should not be located and run from here..
    C:\Documents and Settings\Nassef\Configuración local\Datos de programa\System\svchost.exe

    there are a few viruses that will mimic that valid process.. I'd check to see the file size/properties of the one you have in the above directory.

    this one is a bad guy too.. put a check mark next to it in hijackthis and have HJT delete
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/09cc024...RdxIE601_es.cab

    this one here is a "blazefind" toolbar/adware leftover.. have hijckthis delete it.
    O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll (file missing)

    http://pestpatrol.com/PestInfo/b/bla...esearchbar.asp
    more info here.


    this one here is an unknown..google doesn't find any references to AgenteADSL_15, AimGestA.dll or AimExDll.exe. There are some references to "KitAIM" .. do you know what it is ? Is it something that's for AIM but in your native language ?

    O4 - HKLM\..\Run: [AgenteADSL_15] C:\Archivos de programa\Telefonica\KitAIM\AimExDll.exe AimGestA.dll 7

    there are a few more things you don't really need to have running and I might of missed something else.. but once you've cleaned up what we've seen so far, then it'd be best to post another log..

    to nihil.. cwshredder is ok for coolwebsearch hijacks but this is not the situation here.. it's not a catch all tool.. although it doesn't hurt to run it once in a while and getting the latest version of it is mandatory as CWS is always changing it's spots.

  5. #15
    Banned
    Join Date
    Nov 2003
    Posts
    1,161
    Suggestion, harden IE, it's just good practice.

  6. #16
    Senior Member
    Join Date
    Feb 2002
    Posts
    1,210
    so !mitationRust.. how exactly would you "harden IE" besides keeping it updated ?

    I posted some of my methods here in the thread linked below.. are there any more that would be helpful ?
    http://www.antionline.com/showthread...hreadid=256621

  7. #17
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi, sumdumguy

    You are quite right, I did not see anything that indicated CWS, but thought I had better mention CWShredder because it will find instances that SpyBot does not, also it is updated very frequently. As you rightly point out, it is an add-on to SpyBot, certainly NOT a replacement!.

    My general advice is to run all AV, Antispy, Anti Ad, anti Trojan software regularly, AFTER updating it.

    O4 - HKLM\..\Run: [AgenteADSL_15] C:\Archivos de programa\Telefonica\KitAIM\AimExDll.exe AimGestA.dll 7
    antichevere appears to be using "Telefonica" (one of the largest Spanish telephone companies) to supply him with an ADSL service, and this is part of their AIM offering? If not, he has a problem!

    Given this, antichevere, I would suggest that you try the online scan from Panda Software, as they are most likely to be up to the minute on local viruses?...............that is AV rather than trojan/spyware/adware advice, but might be worth keeping in mind for the future?

    EDIT: Just had a thought..........check out BitDefender .............they do some free security software for AIM type applications.

    Good luck
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  8. #18
    Senior Member
    Join Date
    Mar 2004
    Posts
    139

    Hi,
    a couple of pennies,
    did a fresh install recently, after I mucked up some network configuration by renaming one of my LAN connections. In the process I still had the DSL hooked up. I also transferred some back-up files onto the fresh install. The moment I ran my AV, it picked up on Win32/nachi* and some infected "svchost.exe" files, according to my AV. I double checked the back-ups and they were clean, so I must have picked them up while I was configuring the firewall and AV. I vaguely remember that I had an active connection *hammer hits head* at some time during the config process.
    All is well now, I think...ran Housecall,Stinger,etc.

    g8tway2u

    edit: it may just have been "svchosts .exe

  9. #19
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    Came in late for tyhis one,

    nihil and sumdumguy have pinned this down.. my 2cents is more a tutorial..

    If you see something.. a running process.. that you are not sure about.. check it out here

    http://www.liutilities.com/products/...rocesslibrary/

    for this one here is the link for svchost:
    http://www.liutilities.com/products/...brary/svchost/

    Mind I did find the link by using google..

    And The Tools mentioned Are very handy to have in you kit.. ie on a CD..

    the tools I keep are:
    AdAware v6
    Spybot S&D and a recent Includes File
    CWShredder
    HiJackThis
    AVG ..(I d/l a fresh copy each month for my tools cd.. but the copy on one of my machines is over a year old)
    A HTML File with Links to a couple of Online AV scanners .
    And a little white pill incase it all goes A.. Up..

    Cheers
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  10. #20
    Senior Member
    Join Date
    Feb 2002
    Posts
    1,210
    yeah nihil.. I'm sorry if my comments about cwshredder sounded "stand-offish".. I certainly meant no offense.. but I think you understood that. I know you know better but it's just that I see SO MANY people suggest it as some sort of cure-all for spyware or even for just any old IE hijacker that comes down the pike.

    You are most likely right about that Telefonica/AIM thing.. but when google doesn't show something in a search, I usually suspect or at least raise my concern level a notch.

    Und3ertak3r.. LOL.. a little white pill ? so.. how is that pill inserted ? my cd carrier doesn't have a space for little pills.. can I just glue a few to my hard drives ?

    honestly.. deciphering hjt logs for me, is just searching google for the strings/files.. there's no magic in it and it's damn time consuming sorting through the crap.. one thing that can be helpful is Tony Klein's BHO Collection list .. that can be found along with other downloadable goodies ... right here.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides