MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Trojan horse Generic.GM
June 06, 2020, 06:05:59 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
June 06, 2020, 06:05:59 PM

Login with username, password and session length
 Featured Sites:
News
New  New Poll on our main page!
"My experience with Vista..."
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Trojan horse Generic.GM  (Read 902 times)
daja
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 1


Bookmark and Share

View Profile
« on: March 15, 2006, 11:24:52 PM »

I need help with a trojan horse as i cant get rid of it.I Did a search on the file it was in and tried to delete it but did'nt work aswel as using AVG virus checker  it keeps coming back it is called Trojan horse Generic.GM and seems to be in this file c:\windows\system32\rdriv.sys Please I need help!


Logfile of HijackThis v1.99.1
Scan saved at 11:29:54 PM, on 3/15/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\COPERN~1\COPERN~1.EXE
C:\Documents and Settings\darko\My Documents\Programi\HijackThis.exe
C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Program Files\Copernic Agent\Web\SearchBar.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [mouse] mouse.exe
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\RunServices: [mouse] mouse.exe
O4 - HKLM\..\RunServices: [Windows Task Manager] taskmngr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O16 - DPF: Autodesk MapGuide Viewer, Java Edition - http://www.autodesk.com/us/mapguide/viewers/English/Distribution/ie_win/mgjava.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Local Security Authority System Service (Local Security Authority System) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Procedure Call (RPC) Service (RpcSssvc) - Unknown owner - C:\WINDOWS\System32\RpcSs.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: March 16, 2006, 01:09:21 AM »

Hi and Welcome
It may help to print out or copy this page as you will be working in Safe Mode.. Make sure to work through the fixes in the exact order its listed..





SHOW HIDDEN FILES AND FOLDERS.
To show hidden files instructions (WinXP)
Doubleclick My Computer | Tools | Folder Options | View tab
Select Show Hidden Files and Folders
Uncheck Hide extensions for known file types
Uncheck Hide protected operating system files (Recommended)
Select Apply to All Folders | Yes | Apply | OK
 ------------------------------------------------------------------

Files highlighted in BLACK  will need to be removed from your hard drive.



  ------------------------------------------------------------------


Please start by going into SAFE MODE.  During reboot, tap the F8 key. Select Safe Mode and then run "Hijack This"
 ------------------------------------------------------------------


               
Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press  and Close HJT.

O4 - HKLM\..\Run: [mouse] mouse.exe
O4 - HKLM\..\RunServices: [mouse] mouse.exe
O4 - HKLM\..\RunServices: [Windows Task Manager] taskmngr.exe
O23 - Service: Local Security Authority System Service (Local Security Authority System) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)

------------------------------------------------------------------

Open Windows Explorer and delete the following highlighted  file/s
 
C:\WINDOWS\System32\taskmngr.exe <== watch out!! Don't delete taskmgr.exe!! Watch the spelling!!
C:\WINDOWS\System32\mouse.exe
C:\WINDOWS\lsass.exe    <======= watch out!! dont delete C:\Windows\System32\lsass
 -------------------------------------------------------------------

Reboot, run a full scan here with Ewido .

When finished please  post a new log......
Logged

An Australian Member of

EDDY
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page February 17, 2020, 03:15:43 PM