MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Trojan virus
November 13, 2019, 12:23:32 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
November 13, 2019, 12:23:32 AM

Login with username, password and session length
 Featured Sites:
News
New  Looking for cheap hardware and/or software?
Visit our new Online Store where you will be able to purchase from a reputable vendor by country.
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Trojan virus  (Read 1490 times)
nortely
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 21


Bookmark and Share

View Profile
« on: September 26, 2004, 12:43:14 AM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version:windows xp home version SP-2
Problem Application Name & Version:trojan virus download.agent.3.j  found by AVG. It can not be removed. It is in c:\windows\system32\lspak.dll   Can not even get on internet.
Problem Hardware Make & Model:Pentium 4
Error Messages:

This is a friends computer. I tried running various softwares to clean this out. All failed. I see from your search topics that this problem seems to infect different files. I can see running lsp fix, but am not sure what files I would have to remove after reboot. I have downloaded this to a floppy, and have downloaded Hijack this to try to get a log file. Please help me by giving me some direction on what order I need to go in. All help would be greatly appreciated by me, and my friend.

Thanks

Nort

Ps: This is my first post, and I hope I gave you enough info.

Logged

NORT
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: September 26, 2004, 01:04:19 AM »

This can be fixed but there is a good chance it has planted more so get "HijackThis" and do a scan and then post the log here. To help out in the mean time ..

The first thing to do is download and run LSPFix from my list.
....Check 'I know what I'm doing'.
Select 'lspak.dll'.
Click the right-pointing arrow.
Click 'Finished'.
Restart your computer.
Delete the following file: c:\windows\system32\lspak.dll
« Last Edit: September 26, 2004, 01:13:35 AM by Pancake » Logged

An Australian Member of

EDDY
nortely
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 21


Bookmark and Share

View Profile
« Reply #2 on: September 26, 2004, 02:57:08 AM »

I appreciate your fast response. My friend will not be home till late tommorow night. So I will be able to look at it on Monday at the earliest. Sorry I didn't mention this sooner. I have LSP fix, and hijack this on a floppy already. I will take them over on Monday and run them. I will post the log back here as soon as I can.  Thanks again

Nort
Logged

NORT
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #3 on: September 26, 2004, 03:13:29 AM »

Ok ..no rush.
Logged

An Australian Member of

EDDY
nortely
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 21


Bookmark and Share

View Profile
« Reply #4 on: September 27, 2004, 02:48:35 AM »

I ran the lspfix rebooted and went in and delete the lspak.dll file. Then I rebooted again. I ran adaware se and it found three exuvia files. Then a the virus warning popped up again. This time it said it was in the system restore volumes. I turned off system restore and rebooted. Then turned system restore back on. Then I took the hijack this from the floppy and unzipped it to a folder on the desktop. Went in and clicked on hijackthis.exe. It gave me a warning that this should be in it's own program file. I was not sure how to do this. I hit ok and the program popped up. I ran it, and it gave me the following log file. That was as far as I took it. I copied it to floppy and I am sending it with this message. Please tell me what you see, and if I did everything the right way. When I left they were able to access the internet and e-mail. I had them update AVG and run a virus test.
Hope this is what you need.  I will wait for your reply.  Thanks for all your help.
Nort
Logged

NORT
nortely
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 21


Bookmark and Share

View Profile
« Reply #5 on: September 27, 2004, 02:59:08 AM »

Logfile of HijackThis v1.98.2
Scan saved at 8:10:08 PM, on 9/26/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\TrojanHunter 4.0\THGuard.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\duaine\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stellarnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stellarnet.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O8 - Extra context menu item: &Search the Web - C:\WINDOWS\Web\Ers_src.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://dlmainstreetwebcam.gondtc.com//activex/AMC.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lowrance.com/Software/PCSoftware/Install/LCX-15CI/isetup.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?322

Sorry I forgot to put this in for you. No brain sometimes. LOL

Hope this is what you needed.

Nort
Logged

NORT
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #6 on: September 27, 2004, 04:04:43 AM »

Its not to bad.Remove these from the log and if you still have SpyKiller,uninstall it as it tend to spy more than it kills.You should then be ok.

O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O8 - Extra context menu item: &Search the Web - C:\WINDOWS\Web\Ers_src.htm
« Last Edit: September 27, 2004, 04:06:42 AM by Pancake » Logged

An Australian Member of

EDDY
nortely
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 21


Bookmark and Share

View Profile
« Reply #7 on: September 27, 2004, 02:14:18 PM »

Thanks for your help. This has got to be the best support I have ever had. I could have never figured this out alone. Now if I could get my computer issue solved in the windows  os section, my life would be wonderful.
Thank you again Pancake.

Nort
Logged

NORT
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #8 on: September 27, 2004, 11:49:41 PM »

Glad I could help..
Logged

An Australian Member of

EDDY
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #9 on: September 28, 2004, 05:38:26 AM »

It appears your problems are resolved, I'll lock this topic, if you need it reopened, please PM a MOD and supply a link to this thread Smiley
Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page October 03, 2016, 12:01:19 PM