-
July 15th, 2004, 05:51 PM
#1
Junior Member
Hard and intelligent enemy
Hello again friends.
Following your advice, here is my hijack log file.
This "element" (worm, spyware, I don't know) shows some kind of "intelligence". It's difficult to detect and difficult to eliminate. Sometimes it is activates when I run msconfig or regedit.
Thanks again
Logfile of HijackThis v1.97.7
Scan saved at 18:48:41, on 15/07/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = VĂ*nculos
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...183.1872916667
-
July 15th, 2004, 05:58 PM
#2
I dont see any malware in that log. Maybe i'm missing something. Show us the log before the clean up
-
July 15th, 2004, 06:24 PM
#3
how do u know that events trigger that malware? it starts execute, show a screen, what?
Meu sĂtio
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt. If I die before I wake, I pray the Lord my soul to brake.
-
July 15th, 2004, 06:37 PM
#4
Hola!
Try this:
1. Boot into safe mode and run SpyBot S&D and your AV software.
2. Run this: http://www.pandasoftware.com/activescan/
or you can use Trend Micro's "Housecall"
3. http://digilander.libero.it/zancart
Download "Winsonar" and let it run in the background.............it should alert you when the "bad guys" start up............then you can track them down.
Good luck
-
July 15th, 2004, 07:25 PM
#5
Junior Member
Nihil,
i have never heard of this "Winsonar" before... is it a resource hog???
Sounds like almost like an Virus protection appliocation... good stuff or what??
Thanks for the info....
-
July 15th, 2004, 07:29 PM
#6
I just downloaded and installed Winosar myself today, and it's not hogging resources at all.
-
July 15th, 2004, 07:36 PM
#7
Junior Member
I'm at work right now and really don't want to implement it on one of the computers here yet till I try it out on one of my machines...
I dowloaded it just to go through the installtion and then cancelled setup. I notice it does offer an option to run at startup...
Always looking for good free techie apps to throw on my cd for customer repair/preventive situations...
You guys like it that much???
-
July 15th, 2004, 07:47 PM
#8
Hi jefulger,
It is not a resource hog, and doesn't seem to clash with anything else.
It is something like a checksumming application for files.............a checksummer analyses files, calculates a control value, and warns you if this changes, for whatever reason.
Winsonar looks at applications that are supposed to start, and known applications. Every so often it compares what is actually running with what should be running and warns you of new/unknown applications. It has a safe list and an unknown/unsafe list which you maintain. It has a range of analytical tools for such as things that start out of the registry, a port scanner and so on.
As it only runs periodically and only checks running processes, it uses very little resource.
Worth having a look at, if only out of curiosity.
Cheers
-
July 15th, 2004, 08:32 PM
#9
Junior Member
Thanks again to all of you. In response to cacosapo, sometimes (only sometimes) when I have ran msconfig or regedit, the computer goes crazy (some windows begin to open and close, and I lose control for several seconds). It looks like this "element" is autoprotecting itself.
-
July 15th, 2004, 08:56 PM
#10
Hola! juan luis,
That is why I suggest that you run your antivirus and malware scanners in "safe mode", more and more malware seems to be able to defend itself these days In safe mode you have a reasonable chance that it will not be loaded.
Hopefully, Winsonar will help you identify the malware, or it will be detected by your scanners running in safe mode.
Cheers
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|