Unsolved
This post is more than 5 years old
27 Posts
0
5308
trojan dropper virus- & Video card
I ran a scan on my computer and it found a Trojan Dropper virus. Not all antivirus scans have detected it. But I have absolutley NO IDEA how to remove it. I have an anti-virus from Charter Comm. and I also had several different ones run a scan and only one of them detected the virus. The one from Charter. What can I do to delete it? Also how do I know I need a new video card? All my games work fairly well. But supposedly when we did a test on the Direct X it said It wasn't working.
DELL-Chris M
Community Manager
Community Manager
•
54.4K Posts
0
February 18th, 2005 12:00
(I) Run the Disk Cleanup utility
* Click Start- Run and in the Open box, type cleanmgr
* Click OK
* Use the drop down menu arrow to select the drive you want to clean. Usually C:
* Click OK
* Insert a check on everything
* Click OK
* Click Yes
(II) Run this free virus scan
* Go here:
http://housecall.trendmicro.com/
* Under Scan Your PC, click Scan Now. It's Free!
* Choose United States
* Click Go
* Give it time to download the latest virus data files
* Insert a check to your Local Disk C:
* Insert a check to Autoclean
* Click Scan
* If a virus is found, notify this board
(III) Run this other free virus scan
* Go here:
http://www.symantec.com/securitycheck
* Click GO
* Under Virus Detection, click START
* If a virus is found, notify me
(IV) Run the free Microsoft Malicious Software Removal Tool
* Go here:
http://www.microsoft.com/security/malwareremove/default.mspx
* Click, Skip the details and run the tool
* Click, Check My PC for Infection
* Click Agree
* Click Continue
Midnight Star
4.8K Posts
0
February 21st, 2005 22:00
After you do what Dell-ChrisM suggests, if your still having a problem, post up a HiJackThis log for analysis - and we'll see if something is running on your system that shouldn't be.
-
Mike.
kissesmee
27 Posts
0
February 21st, 2005 23:00
Midnight Star
4.8K Posts
0
February 22nd, 2005 02:00
kissesmee,
HiJackThis is a program that helps us to see what's running, and is started at each bootup on a computer system. That way we can see exactly what running on it, that shouldn't be - like viruses, trojans and spyware.
When it's run, it'll produce a log that you can post, not just here, but anywhere where others are able to analyse it (other HiJackThis forums), and determine what you might need to do, or delete from your system to 'clean' it up.
The reason I suggested it, is, many times, most anti-virus and anti-spyware software will miss something.
-
Mike.
kissesmee
27 Posts
0
February 22nd, 2005 03:00
Your computer is infected with at least one known threat. document.writeln(" " + iFilesScanned + " files scanned, " + iFilesScannedInfected + " file(s) infected on your disk drives.
") 88963 files scanned, 3 file(s) infected on your disk drives.
No viruses were detected in memory.
Your computer is free of known threats. Virus Detection does not check compressed files.
Your computer appears safe for now. For real-time protection from viruses, hackers and privacy threats, upgrade to Norton Internet Security™.
No viruses were detected in memory.
The scan was cancelled before finishing. To restart the scan, click here.
Your computer is free of known threats. Virus Detection does not check compressed files.
Your computer appears safe for now. For real-time protection from viruses, hackers and privacy threats, upgrade to Norton Internet Security™.
Warning! The scan detected a virus that is active in your computer's memory.The scan ended to prevent further infection.
You should shut down your computer immediately and restart it with an antivirus rescue disk or similar tool.
No viruses were detected in memory.
Your computer is infected with at least one known virus or Trojan horse.
Search for the name of the threat(s) listed below on the Symantec Security Response site for removal information.
No viruses were detected in memory.
Your computer is infected with at least one known virus or Trojan horse.
Note: The scan was cancelled before finishing. There may be more infected files on this computer.
Search for the name of the threat(s) listed below on the Symantec Security Response site for removal information.
A scan has not been run. To start Virus Detection, click here.
//Dump the virus list here. var i; for (i=5; i"); document.writeln(arrDetails ); document.writeln(""); } C:\Program Files\Common Files\epjnccce\ejprpellrt\jbehrnnnd.exe is infected with SecurityRisk.Downldr C:\Program Files\Common Files\epjnccce\crcrbnlc\bdejrnhb.exe is infected with SecurityRisk.Downldr C:\Documents and Settings\eileen\Local Settings\Temp\p2psetup.exe is infected with Adware.P2PNetworkingAnother one says: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AEE.A
TROJ_AEE.ADescription:
This Trojan arrives on a system as a .CAB package and is usually installed on a system as an ActiveX object. It attempts to connect to the following Web sites to download executable files into the affected system:
However, as of this writing, these Web sites are already inaccessible.
kissesmee
27 Posts
0
February 22nd, 2005 03:00
This was also part of the first part.
C:\Program Files\Common Files\epjnccce\ejprpellrt\jbehrnnnd.exe is infected with SecurityRisk.Downldr
C:\Program Files\Common Files\epjnccce\crcrbnlc\bdejrnhb.exe is infected with SecurityRisk.Downldr
C:\Documents and Settings\eileen\Local Settings\Temp\p2psetup.exe is infected with Adware.P2PNetworking
Midnight Star
4.8K Posts
0
February 22nd, 2005 03:00
kissesmee,
Do you have any anti-virus programs on your system to help us out?
-
Mike.
kissesmee
27 Posts
0
February 22nd, 2005 03:00
Midnight Star
4.8K Posts
0
February 24th, 2005 15:00
Download, then unzip to " C:\HJT", the newest version of HiJackThis; version 1.99.1. Now, let's do the following:
1. Click " Scan"
2. Click " Save log"
Notepad will pop-up with a copy of your system long, then:
1. " Edit | Select all"
2. " Edit | Copy"
Next, let's " Reply" back to this post, then:
1. Right-click on the message body.
2. Select " Paste"
Then just " Post" the message, and we'll analyze your log shortly, then post back any recommendation(s).
Download mwav.exe from MicroWorld, then:
2. Click " Scan".
3. When it completes, post back the results from the 'Virus log information' pane.
kissesmee
27 Posts
0
February 26th, 2005 02:00
Scan saved at 11:28:40 PM, on 2/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
C:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguiexe.exe
C:\PROGRA~1\MOZILL~1\firefox.exe
C:\DOCUME~1\MARCOS~1\LOCALS~1\Temp\Rar$EX01.062\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [RecoverFromReboot.SS] C:\WINDOWS\Temp\RECOVE~1.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\RunServicesOnce: [washindex] c:\Program Files\Washer\washidx.exe "eileen"
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4430/mcfscan.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Charter High-Speed Security Suite (BackWeb Plug-in - 3528733) - Unknown owner - C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
***I hope this works*** thanks for your help :o)
Midnight Star
4.8K Posts
0
February 26th, 2005 03:00
Let's start off by deleting those files that the previous online scan found, if they're still present, then completing the steps below and posting back the results from the MWAV log.
Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:
folders...
C:\Program Files\Common Files\epjnccce
files...
C:\Documents and Settings\eileen\Local Settings\Temp\p2psetup.exe
-
Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're ' in use', try deleting them from " Safe Mode".
Go to Add/Remove programs and remove(uninstall) the following, if present:
WildTangent
The above could appear anywhere within the entry. Be careful not to remove any personal or system software.
Before we begin, let's move HiJackThis to it's own folder; like c:\HJT. When we're done ' cleaning' off your system, we're going to ' flush' the temporary folders which, with HiJackThis in it's current location, we'll lose both the program and the backups it creates. These backups are important in case we need to restore any 'fixed' entry(s) later.
Also move the " Backups" folder, for HiJackThis, if present.
Run HiJackThis and click " Scan", then check(tick) the following, if present:
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
Now, with all windows closed except HiJackThis, click " Fix checked".
Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:
folders...
C:\Program Files\WildTangent
-
Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're ' in use', try deleting them from " Safe Mode".
Post back a new log, and let me know how everything goes.
-
Mike