Download.Trojan: Hijackthis Log

  1. 16-01-2006  #1
    Dominic Greco
    Dominic Greco is offline Newbie

    Download.Trojan: Hijackthis Log

    Good evening,
    I have (yet another) virus on my computer. NAV reports it as a variant of the Download.Trojan virus. But it doesn't get more specific than that.

    After turning on my computer, and when I attempt to use my browser (IE) for the first time, a NAV dialog box pops and tells me it detected a virus and has quarantined it. However, it keeps happening. I've noticed a degradation in performance and my email program (MS Outlook) will not retrieve email from my mail server.

    Using Control Panel, I've deleted all offline content, as well as any cookies (just to be sure). I've also run the latest versions of Spybot (which found nothing) and Adaware (which found two occurrences of spyware).

    Here is my Hijack this log:
    ---------------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 9:40:00 PM, on 1/15/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINNT\system32\nvsvc32.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\tcpsvcs.exe
    C:\WINNT\System32\snmp.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\RunDll32.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe
    C:\WINNT\system32\RUNDLL32.EXE
    C:\WINNT\system32\mshta.exe
    D:\install\HiJackthis\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.netscape.com/index2.psp
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.hta
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: start.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1129850646845
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/...npseatools.cab
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

  3. 16-01-2006  #2
    VopThis
    VopThis is offline Senior Member (Canada)
    Run the following two scans:


    Please download, install, update and scan your system with the free (trial) version of Ewido trojan scanner:
    1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    2. When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
    3. From the main ewido screen, click on update in the left menu, then click the Start update button.
    4. After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
    5. If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
    6. When the scan finishes, click on "Save Report". This will create a text file. Please then paste the contents of the text file to this thread.


    REBOOT.


    Please do an online scan with Kaspersky WebScanner

    Click on Kaspersky Online Scanner

    You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make sure that the following are selected:
      • Scan using the following Anti-Virus database:
        - Extended (if available otherwise Standard)
      • Scan Options:
        - Scan Archives
        - Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      • Select My Computer
    • This program will start and scan your system.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
      • Now click on the Save as Text button:
    • Save the file to your desktop.
    • Copy and paste that information in your next post.
  4. 17-01-2006  #3
    Dominic Greco
    Dominic Greco is offline Newbie
    Thanks for the help! I believe Ewido found the virus and eliminated it. However, I still will do as you suggested and run Kaspersky Online Scanner

    -------------------------------------
    Here is the report from Ewido:

    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 8:58:24 PM, 1/16/2006
    + Report-Checksum: 1EBB0D29

    + Scan result:

    HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup


    ::Report End

    --------------------------
    Here is the elog file for Kaspersky Online Scanner

    -------------------------------------------------------------------------------
    KASPERSKY ON-LINE SCANNER REPORT
    Tuesday, January 17, 2006 01:47:29
    Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
    Kaspersky On-line Scanner version: 5.0.67.0
    Kaspersky Anti-Virus database last update: 17/01/2006
    Kaspersky Anti-Virus database records: 161114
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: standard
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\

    Scan Statistics:
    Total number of scanned objects: 48457
    Number of viruses found: 1
    Number of infected objects: 72
    Number of suspicious objects: 0
    Duration of the scan process: 2629 sec

    Infected Object Name - Virus Name
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\06D06BCF.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\073761D7.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\14C66BFB.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1BC82634.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1C81590D.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1DF163CC.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1E5759D4.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1EBD4FDB.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\207F7559.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\251F3054.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\275D6DA4.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\27713EF3.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28C87779.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28D84967.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28DB7364.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28DF1D60.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\28E2475D.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\29061535.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\29093F31.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\29475CED.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\295404DF.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\295E02D4.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\333C5B03.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\35DE47D9.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\36443DE0.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\39A25611.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3B3E004C.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3B4B283E.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3BCA0DB2.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3BD735A3.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3BE13398.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3BEE5B8A.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3BF8597F.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3C050171.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3C0F7F66.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3C1C2758.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3C294F49.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3CAF08B6.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3F990311.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\46E13536.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\499066F1.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4A700C36.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4B0071B0.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4D6535DE.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\51700197.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\51742B93.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\539F0D30.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\56004835.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\56F60583.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\571A535B.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\57317942.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\57384D3B.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\573B7737.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\573E2134.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\611754F6.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\61910433.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\61F77A3B.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\624A370D.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\625D7042.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6D747D04.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6FB073D2.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\77803CF6.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\78384CF3.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\7DA573FE.exe Infected: Trojan-Downloader.Win32.Small.ccm
    C:\WINNT\system32\ldr299.dll Infected: Trojan-Downloader.Win32.Small.ccm
    C:\WINNT\system32\ldr601.dll Infected: Trojan-Downloader.Win32.Small.ccm
    C:\WINNT\system32\ldr742.dll Infected: Trojan-Downloader.Win32.Small.ccm
    C:\WINNT\system32\ldr766.dll Infected: Trojan-Downloader.Win32.Small.ccm
    C:\WINNT\system32\ldr804.dll Infected: Trojan-Downloader.Win32.Small.ccm
    C:\WINNT\system32\ldr870.dll Infected: Trojan-Downloader.Win32.Small.ccm
    C:\WINNT\system32\ldr874.dll Infected: Trojan-Downloader.Win32.Small.ccm
    C:\WINNT\system32\ldr924.dll Infected: Trojan-Downloader.Win32.Small.ccm

    Scan process completed.
    Last edited by Dominic Greco; 17-01-2006 at 09:01 AM. Reason: added log file
  5. 18-01-2006  #4
    VopThis
    VopThis is offline Senior Member (Canada)
    Save 20% on AVG Internet Security 2012 Suite!
    Suggest that you clean out the NAV quarantine area.


    Be mindful that some tools like NAV find the viruses created by a Trojan but do not attempt to deal with the Trojan itself or any related EXECUTABLE files.


    Delete the following files in SAFE MODE, if still present:

    Try using exact search TEXT: C:\WINNT\system32\ldr*.DLL in case new variations may have also been created.


    Infected: Trojan-Downloader.Win32.Small.ccm

    C:\WINNT\system32\ldr299.dll
    C:\WINNT\system32\ldr601.dll
    C:\WINNT\system32\ldr742.dll
    C:\WINNT\system32\ldr766.dll
    C:\WINNT\system32\ldr804.dll
    C:\WINNT\system32\ldr870.dll
    C:\WINNT\system32\ldr874.dll
    C:\WINNT\system32\ldr924.dll



    REBOOT.

    Verify that Kaspersky is now running clean.

    Post a new HJT log and indicate how your PC is now behaving
+ Reply to Thread
« something not right. Help needed (RESOLVED) | DrWatson Postmortem Debugger »