Posts: 130787 Topics: 9284 LOGIN

Favourites

Most popular topics | Computers Hardware&Softwareopen/close

Latest topics | Computers Hardware&Softwareopen/close

 

Searchopen/close

Posts Topics

>> extended Search
 

  POST A NEW TOPIC REPLY  

Home >> Computers Hardware&Software >> Hellllppppppppppppppppppppp

26.02.2007, 19:01 quote

Anonymous

Trojan Horse IRC/BackDoor.SdBot.MYX

How do i get rid of it

Crying or Very sad Crying or Very sad Crying or Very sad Crying or Very sad Crying or Very sad Crying or Very sad Crying or Very sad Crying or Very sad Crying or Very sad Crying or Very sad Crying or Very sad Crying or Very sad

Its in my AVG vault and its sending my PC round the twist, Limewire opens by iteslf even when i deleted it, cant open task manager .... aarrgghhhhhhh

 
Back to Top

26.02.2007, 19:03 quote

Anonymous

maybe try this..

http://housecall.trendmicro.com/

 
Back to Top

26.02.2007, 19:07 quote

Anonymous

Cheers thats running, i captured the trojan tho, its in C:/oo.exe, the trojan is in my AVG vault but PC is goin nuts.

 
Back to Top

26.02.2007, 19:17 quote

francy

run this program and post the logfile here...

http://www.merijn.org/files/hijackthis.zip

 
Back to Top

26.02.2007, 19:19 quote

francy

apparently oo.exe can fill your limewire folders with stuff

http://www.bullguard.com/forum/8/Ooexe-trojan_22214.html

 
Back to Top

26.02.2007, 19:20 quote

Anonymous

Doin that francy ta, it closed all my IE windows by iteslf, so the scan was wiped TV

 
Back to Top

26.02.2007, 19:23 quote

Anonymous

Logfile of HijackThis v1.99.1
Scan saved at 19:19:41, on 26/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\MsMovies\MsMovies.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Keiron\Local Settings\Temporary Internet Files\Content.IE5\IBAJ6PYV\hijackthis[1]\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MsMovies] C:\Program Files\MsMovies\MsMovies.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Keiron\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/eng/boards_2_0_0_30.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117fd.bay117.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162398179312
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/eng/poker_2_0_0_43.cab
O16 - DPF: {A7196C8E-35A5-4FF0-9E46-E28918B5CAF6} (GameDesire Domino) - http://67.15.101.3/g_bin/eng/domino_2_0_0_28.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool Cool - http://67.15.101.3/g_bin/eng/billard8_2_0_0_28.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/eng/snooker_2_0_0_28.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe


I deleted limewire

 
Back to Top

26.02.2007, 19:29 quote

francy

ctrl alt & del and look for C:\Program Files\MsMovies\MsMovies.exe in the processes and stop it...
then look for these entries in hijackthis and tick them and click selected

C:\Program Files\MsMovies\MsMovies.exe
O4 - HKLM\..\Run: [MsMovies] C:\Program Files\MsMovies\MsMovies.exe /auto

if that dosent clear it when you reboot, youll have to turn of system restore and try it again

 
Back to Top

26.02.2007, 19:30 quote

Anonymous

I cant open task manager .. grrrr

 
Back to Top

26.02.2007, 19:32 quote

francy

try running this... http://www.spybotupdates.com/files/spybotsd14.exe

its called spybot:search and destroy from here http://www.safer-networking.org/

 
Back to Top

26.02.2007, 19:34 quote

Anonymous

will do

 
Back to Top

26.02.2007, 19:48 quote

Anonymous

So far its found my MSN patch .. it better find it!

 
Back to Top

26.02.2007, 20:13 quote

Anonymous

Hmm .. it found loads of tracking cookies, deleted them, now I can open TM, and seems to be running ok ... strange

 
Back to Top

26.02.2007, 20:17 quote

Anonymous

Also .. searched HD for "oo.exe" ... no results.

Think its gone?

 
Back to Top

26.02.2007, 20:17 quote

francy

did you fix these 2 with hijackthis

C:\Program Files\MsMovies\MsMovies.exe
O4 - HKLM\..\Run: [MsMovies] C:\Program Files\MsMovies\MsMovies.exe /auto


theres always a chance that itll reappear when you reboot... hope not though Very Happy

 
Back to Top
  POST A NEW TOPIC REPLY  
 
Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum