Hard and intelligent enemy
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Hard and intelligent enemy

  1. #1
    Junior Member
    Join Date
    Jul 2004
    Posts
    6

    Hard and intelligent enemy

    Hello again friends.
    Following your advice, here is my hijack log file.
    This "element" (worm, spyware, I don't know) shows some kind of "intelligence". It's difficult to detect and difficult to eliminate. Sometimes it is activates when I run msconfig or regedit.
    Thanks again

    Logfile of HijackThis v1.97.7
    Scan saved at 18:48:41, on 15/07/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...183.1872916667

  2. #2
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,840
    I dont see any malware in that log. Maybe i'm missing something. Show us the log before the clean up

  3. #3
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    how do u know that events trigger that malware? it starts execute, show a screen, what?
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hola!

    Try this:

    1. Boot into safe mode and run SpyBot S&D and your AV software.
    2. Run this: http://www.pandasoftware.com/activescan/
    or you can use Trend Micro's "Housecall"


    3. http://digilander.libero.it/zancart

    Download "Winsonar" and let it run in the background.............it should alert you when the "bad guys" start up............then you can track them down.

    Good luck

  5. #5
    Junior Member
    Join Date
    Jun 2004
    Posts
    17
    Nihil,

    i have never heard of this "Winsonar" before... is it a resource hog???

    Sounds like almost like an Virus protection appliocation... good stuff or what??

    Thanks for the info....

  6. #6
    I just downloaded and installed Winosar myself today, and it's not hogging resources at all.

  7. #7
    Junior Member
    Join Date
    Jun 2004
    Posts
    17
    I'm at work right now and really don't want to implement it on one of the computers here yet till I try it out on one of my machines...

    I dowloaded it just to go through the installtion and then cancelled setup. I notice it does offer an option to run at startup...

    Always looking for good free techie apps to throw on my cd for customer repair/preventive situations...

    You guys like it that much???

  8. #8
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi jefulger,

    It is not a resource hog, and doesn't seem to clash with anything else.

    It is something like a checksumming application for files.............a checksummer analyses files, calculates a control value, and warns you if this changes, for whatever reason.

    Winsonar looks at applications that are supposed to start, and known applications. Every so often it compares what is actually running with what should be running and warns you of new/unknown applications. It has a safe list and an unknown/unsafe list which you maintain. It has a range of analytical tools for such as things that start out of the registry, a port scanner and so on.

    As it only runs periodically and only checks running processes, it uses very little resource.

    Worth having a look at, if only out of curiosity.

    Cheers

  9. #9
    Junior Member
    Join Date
    Jul 2004
    Posts
    6
    Thanks again to all of you. In response to cacosapo, sometimes (only sometimes) when I have ran msconfig or regedit, the computer goes crazy (some windows begin to open and close, and I lose control for several seconds). It looks like this "element" is autoprotecting itself.

  10. #10
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hola! juan luis,

    That is why I suggest that you run your antivirus and malware scanners in "safe mode", more and more malware seems to be able to defend itself these days In safe mode you have a reasonable chance that it will not be loaded.

    Hopefully, Winsonar will help you identify the malware, or it will be detected by your scanners running in safe mode.

    Cheers

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •