MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: TROJAN HORSE DOWNLOADER.HOLICA.B
July 14, 2020, 11:22:29 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
July 14, 2020, 11:22:29 AM

Login with username, password and session length
 Featured Sites:
News
Article Writers We are looking for quality, informational articles to add to our Computer Articles
Please contact us if you are interested in submitting some....
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: TROJAN HORSE DOWNLOADER.HOLICA.B  (Read 3018 times)
bilica
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 8


Bookmark and Share

View Profile
« on: November 13, 2004, 03:40:36 AM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version: Windows XP
Problem Application Name & Version: MSN 6.2
Problem Hardware Make & Model:
Error Messages: TROJAN HORSE DOWNLOADER.HOLICA.B



Hi
In first place I am new here, I forgive if I am not using the system in the correct way.  But I am with the following problem: my AVG anti virus keeps saying I have (TROJAN HORSE DOWNLOADER.HOLICA.B) virus when I live the MSN open and come back to the computer minutes later. I ran my avg but the virus can
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: November 13, 2004, 06:55:10 AM »

Hi
Make sure you have already run Adaware, Spybot S & D(check for updates) and  as these will do a preliminary clean first.Some files below may not be present after running the above programs.

Then.....
Turn off your System Restore. http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;310405] See Here.Reinstate it and create an new restore point when your log is cleaned.Close your browser window and Have "Hijack This" fix the following by placing a check in the appropriate boxes and selecting "fix checked".
Folders that have been  highlighted in RED will need to be uninstalled. .Check first as some folders maybe uninstalled via the Add/Remove program. Make sure to have your system set to show hidden files and folders..www.xtra.co.nz/help/0,,4155-1916458,00.html] How To Show Files .Please post a new log when finished...

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\Messenger Plus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\Messenger Plus! 3\MsgPlus.exe" /WinStart
O8 - Extra context menu item: >>> FREE p*rn GALLERIES <<< - javascript:{document.location='http://s*xmaxx.com/freegalleries.htm';}
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
« Last Edit: November 13, 2004, 06:59:59 AM by Pancake » Logged

An Australian Member of

EDDY
bilica
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 8


Bookmark and Share

View Profile
« Reply #2 on: November 14, 2004, 11:09:56 PM »

I did as you told, here is the new log:

Logfile of HijackThis v1.98.2
Scan saved at 20:58:32, on 13/11/2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARQUIV~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Arquivos de programas\Arquivos comuns\EPSON\EBAPI\SAgent2.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\ARQUIV~1\Grisoft\AVG6\avgcc32.exe
C:\Arquivos de programas\Java\j2re1.4.2_01\bin\jusched.exe
C:\Arquivos de programas\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Arquivos de programas\QuickTime\qttask.exe
C:\WINDOWS\SYSTEM32\NTJVV.EXE
C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe
C:\Arquivos de programas\GetRight\getright.exe
C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Arquivos de programas\GetRight\getright.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\ARQUIV~1\DVDREG~1\DVDRegionFree.exe
C:\Arquivos de programas\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\HJT\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_3_16_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_3_16_0.dll
O3 - Toolbar: &R
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #3 on: November 14, 2004, 11:54:46 PM »

Hi


Turn off your System Restore. http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;310405] See Here.Reinstate it and create an new restore point when your log is cleaned.Close your browser window and run hjt in safe mode... http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&src=sec_doc_nam] How To Run Safemode  and have "Hijack This" fix the following by placing a check in the appropriate boxes and selecting "fix checked".
Folders that have been  highlighted in RED will need to be uninstalled. .Check first as some folders maybe uninstalled via the Add/Remove program. Files highlighted in BLACK will need to be removed from your hard drive. Make sure to have your system set to show hidden files and folders..www.xtra.co.nz/help/0,,4155-1916458,00.html] How To Show Files .Please post a new log when finished...

O4 - HKLM\..\Run: [NTJVV] C:\WINDOWS\SYSTEM32\NTJVV.EXE
O4 - HKLM\..\RunServices: [NTJVV] C:\WINDOWS\SYSTEM32\NTJVV.EXE
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\Messenger Plus! 3\MsgPlus.exe" /WinStart
Logged

An Australian Member of

EDDY
bilica
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 8


Bookmark and Share

View Profile
« Reply #4 on: November 15, 2004, 12:28:14 AM »

Ok, this is my log:

Logfile of HijackThis v1.98.2
Scan saved at 22:20:28, on 13/11/2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARQUIV~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Arquivos de programas\Arquivos comuns\EPSON\EBAPI\SAgent2.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\ARQUIV~1\Grisoft\AVG6\avgcc32.exe
C:\Arquivos de programas\Java\j2re1.4.2_01\bin\jusched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Arquivos de programas\QuickTime\qttask.exe
C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe
C:\Arquivos de programas\GetRight\getright.exe
C:\Arquivos de programas\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Arquivos de programas\GetRight\getright.exe
C:\HJT\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_3_16_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_3_16_0.dll
O3 - Toolbar: &R
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #5 on: November 15, 2004, 12:39:59 AM »

Just one more and you should be clear.

O8 - Extra context menu item: >>> FREE p*rn GALLERIES <<< - javascript:{document.location='http://s*xmaxx.com/freegalleries.htm';}
Logged

An Australian Member of

EDDY
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #6 on: November 15, 2004, 12:45:11 AM »

Upgrading to IE6 SP1 will help you better your security.
Logged

An Australian Member of

EDDY
bilica
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 8


Bookmark and Share

View Profile
« Reply #7 on: November 15, 2004, 01:02:54 AM »

Ok, it
Logged

 
bilica
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 8


Bookmark and Share

View Profile
« Reply #8 on: November 17, 2004, 02:41:32 AM »

It has worked, thank you very much. Greetings
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #9 on: November 17, 2004, 07:30:39 AM »

Your welcome
Logged

An Australian Member of

EDDY
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page June 13, 2018, 12:40:28 AM