Someone save me from these viruses

Discussion in 'OT Technology' started by dry3210, Oct 23, 2004.

  1. dry3210

    dry3210 New Member

    Joined:
    May 20, 2004
    Messages:
    777
    Likes Received:
    0
    Location:
    Hatboro, PA
    Every day they download at about 8PM

    Every day I delete them

    They install a folder called Webrebates

    AVG and Ewido find the viruses but don't find whatever it is that is downloading them

    Here is my HiJack log

    Logfile of HijackThis v1.98.2
    Scan saved at 7:58:48 PM, on 10/22/2004
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    D:\PROGRA~1\AVG6\avgserv.exe
    C:\WINDOWS\Explorer.EXE
    D:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    D:\PROGRA~1\AVG6\avgcc32.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Win Comm\WinComm.exe
    C:\Program Files\Win Comm\WinLock.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    D:\Program Files\AIM\aim.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Temp\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [AVG_CC] D:\PROGRA~1\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [Win Comm] C:\Program Files\Win Comm\WinComm.exe
    O4 - HKLM\..\Run: [\\SERVER\EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P39 "\\SERVER\EPSON Stylus Photo R300 Series" /O6 "USB002" /M "Stylus Photo R300"
    O4 - HKLM\..\Run: [Tau Monitor] D:\PROGRA~1\TAUSCA~1.7\taumon.exe
    O4 - HKLM\..\RunOnce: [djtopr1150.exe] "C:\DOCUME~1\Daniel\LOCALS~1\Temp\djtopr1150.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\AIM95_c0\aim.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab


    Thanks
     
  2. mcslaughter

    mcslaughter Unstable

    Joined:
    Oct 19, 2004
    Messages:
    2,266
    Likes Received:
    0
    Location:
    Maryland
    did you get the win sp2? I suggest you get a good anti-virus program like McAfee. Norton only gives you a false sense of security.
     
  3. Keyzs

    Keyzs OT Supporter

    Joined:
    Nov 3, 2003
    Messages:
    814
    Likes Received:
    0
    Location:
    Charlotte, MI
    Lets see where this post is wrong..
    dry3210 is not running Norton nor is it mentioned he is running AVG.
    The log shows that SP2 IS INSTALLED.
    McAfee SUCKS in my opinion.

    Ok the real issues...
    You have TrojanDownloader.Win32.Agent Version Y is my guess. The best removal instructions I have found are at http://www.iamnotageek.com/a/338-p1.php

    With that said, you can also help yourself out by getting rid of Viewpoint in the add and remove programs. And with Hijack delete the 09' and 016's...
     
  4. DAN513

    DAN513 OT Supporter

    Joined:
    Mar 10, 2003
    Messages:
    10,090
    Likes Received:
    2
    Location:
    204

Share This Page