trojan horse

  stourry 18:59 13 Dec 2004

system showing a trojan horse.
running win xp prowith sp1 avg anti virus free edition also zone alarm free edition have closed restore and done virus run with avg but trojan still there can anyone help, must say tried trend nicro free system scan but connection closes possibly due to trojan
thanks in advance

  Jeffers22 19:19 13 Dec 2004

Post a HijackThis log and one of the experts will advise.

  stourry 19:28 13 Dec 2004

where do i post this is it here on this forum

  Pangie 19:35 13 Dec 2004

double click my computer,right click C: drive and run AVG. i hag same problem and this is how i sortrd the prob.gud luck

  Jeffers22 19:43 13 Dec 2004

download HijackThis, save it to it's own folder in Program Files (you will have to create it). run it and then copy and past the log into a post to this forum. If you can double space the lines that will help. You may have to post it in two parts due to the 800 word limit on posts. Download it from click here

  stourry 13:59 15 Dec 2004

jeffers 22 first log file
Logfile of HijackThis v1.99.0
Scan saved at 13:50:11, on 15/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ray\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\afujf.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\afujf.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\afujf.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\afujf.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\afujf.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\afujf.dll/sp.html#28129
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {C29B2852-3733-DE06-C399-8E0A964E2124} - C:\WINDOWS\system32\d3vj32.dll
sorry about spacing

  stourry 14:00 15 Dec 2004

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *
O15 - Trusted Zone: *
O15 - Trusted Zone: * (HKLM)
O15 - Trusted Zone: * (HKLM)
O15 - Trusted IP range:
O15 - Trusted IP range: (HKLM)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - click here
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InCD File System Service - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
again sorry about spacing

  stourry 14:04 15 Dec 2004

sorrya bout delay in getting back but have tried as you say also tried in safe mode but always comes back you will see have posted a report and perhaps this may get sortred. This is very persistant even using trial of avg professional it finds tham delets them and they return
but thanks gain everone for the help and advice

  GANDALF <|:-)> 14:35 15 Dec 2004

You need to turn off system restore, scan,reboot and then turn sys restore back on. This is why trojans, worms etc keep re-appearing.


  stourry 18:32 15 Dec 2004

gandalf <|:-)>
have tried all above and still getting trojan
dont know what else to do
thanks for advice

  Dorsai 18:36 15 Dec 2004

Have you tried any of the following?

spybot click here

adaware click here

a squared. click here

I have no idea if they will help, but they are worth a try.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

AMD Radeon Adrenalin release date, new features, compatible graphics cards

Indie publisher Canongate’s top 10 book covers of 2017

New iMac Pro release date, UK price & specs rumours

Tablettes Amazon Fire : quel modèle choisir ?