Home > Hijackthis Log > Hijackthis Log File Need Help Winlogon.exe And Winnt32.dll Is Infected

Hijackthis Log File Need Help Winlogon.exe And Winnt32.dll Is Infected

Member Posts: 46 Re: Win32:Agent + Win32:Zhelatin + many outgoing smtp connections from svchost.e « Reply #6 on: April 26, 2008, 06:19:16 PM » can anyone help me please? Avast sounded a few warnings of multiple E-mails to the same recipients. but whenever I restart, the virus still do the same activity.is this a new virus? button.The list will be processed and the results will be displayed in the right-hand pane.Highlight everything in the Results window (under the green bar), press CTRL+C or right-click, choose Copy, right-click check over here

SiteAdvisor rates sites on business practices and spam.UPDATE!!! After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:Combofix.txt A new HijackThis log. 0 #7 Noki Posted 23 May 2008 - 09:29 PM C:\WINDOWS\Temp\CE6B.tmp (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{99972d1b-964e-49ec-92f4-1eb39f4810a5} (Trojan.Vundo) -> Quarantined and deleted successfully.

Just make sure that everything related to Panda is removed/uninstalled from add/remove first. Disable System Restore and reenable it after step 3. 2. Under Main choose:Windows Temp Current User Temp All Users Temp Cookies Temporary Internet Files Prefetch Java Cache *The other boxes are optional* Then click the Empty Selected button. All rights reserved.

HKEY_CLASSES_ROOT\CLSID\{2dc488b5-d891-101b-8652-00aa003a5593} (Trojan.Agent) -> Quarantined and deleted successfully. Member Posts: 46 Re: Win32:Agent + Win32:Zhelatin + many outgoing smtp connections from svchost.e « Reply #4 on: April 25, 2008, 10:01:33 PM » here is the hijackthis! Logged " Cognition and speech are directly related to intelligence, lying and fantasy"- S.F. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.

RESTART COMPUTER! 2. It is dangerous and incorrect to assume that because the backdoor Trojan has been removed the computer is now secure. Read So how did I get infected in the first place?: http://www.castlecops.com/postlite7736-.html 6. Also, make sure the Lock desktop items box is unchecked.

C:\WINDOWS\Temp\AE8AB41F91F72503.tmp (Malware.Trace) -> No action taken. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:09:53 μμ, on 30/5/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe I was on the right track.Have a look:Malwarebytes' Anti-Malware 1.11Database version: 702Scan type: Full Scan (C:\|D:\|)Objects scanned: 218185Time elapsed: 1 hour(s), 22 minute(s), 30 second(s)Memory Processes Infected: 0Memory Modules Infected: 1Registry Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast!

Member Posts: 46 Re: Win32:Agent + Win32:Zhelatin + many outgoing smtp connections from svchost.e « Reply #3 on: April 25, 2008, 08:52:22 PM » one more thing, its activity through svchost.exe.in If you wish to proceed, please do the following.Please print out and follow the instructions for using SDFix in BC's self-help tutorial "How to use SDFix".-- When using this tool, you When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. I'm facing the same problem here.there's a win32:trojan-gen virus found by avast (home ed) dated 4/15/08.and I've took action to delete it.but today, 4/25/08 the virus has activity of mass mailing

Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. http://exomatik.net/hijackthis-log/help-with-hijackthis-log-file.php Reverend Jim 1,443 7,923 posts since Aug 2010 Moderator Featured How does "real time collaborative coding" work Last Post 2 Days Ago Hey can anybody explain me how "real time collaborative HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. UPDATE!!! - If you do not have automatic updates enabled then visit http://www.windowsupdate.com regularly.

please anyone who could analyze this, help me.I really thank you in advance.=====================Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:47:36 AM, on 4/26/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer scan completed successfullyhidden files: 0**************************************************************************.------------------------ Other Running Processes ------------------------.C:\Program Files\Ahead\InCD\InCDsrv.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exeC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\SpywareGuard\sgbhp.exe.**************************************************************************.Completion time: 2008-05-23 22:59:35 - machine was rebootedComboFix-quarantined-files.txt 2008-05-24 02:59:28ComboFix2.txt 2008-05-23 03:21:26Pre-Run: 23,656,964,096 bytes freePost-Run: 23,632,916,480 Other, then that... this content Avast gave an immediate warning and I immediately deleted all three .exe files albeit, too late.

Thanks! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! HKEY_CLASSES_ROOT\CLSID\{2dc488b4-d891-101b-8652-00aa003a5593} (Trojan.Agent) -> Quarantined and deleted successfully.

Actually, it's the avast "scan outbound mail" that tipped me off.

DaniWeb IT Discussion Community Join DaniWeb Log In Ask a Question Hardware and Software Programming Digital Media Community Center Hardware and Software Information Security Not Yet Answered Spam Mailer in my Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

Log The following is a list o They should be changed by using a different computer and not the infected one.

This one has me by the hair. would I temporarily allow it access.2. C:\WINDOWS\Temp\98F.tmp (Trojan.Agent) -> Quarantined and deleted successfully. have a peek at these guys They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Click on this link to see a list of programs that should be disabled.

Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:") 7. Site Changelog Community Forum Software by IP.Board Sign In Use Facebook Use Twitter Need an account? Click Yes to do this. 7. Several functions may not work.

Blue Screen-spyware Detected Warning Started by anthonyk , Jun 10 2008 12:20 PM This topic is locked 4 replies to this topic #1 anthonyk anthonyk Junior TEG Forum Member Members 9 Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Stay logged in Sign up now! It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal

evilfantasy Malware Removal Specialist ModeratorGenius Calm like a bombThanked: 487 Experience: Familiar OS: Windows 8 Re: Root kit « Reply #8 on: May 01, 2008, 03:52:49 AM » If removing the Note the space between the X and the U, it needs to be there. and here is the new Hijackthis log file after all of the above.