Home > Hijackthis > Hijackthis - (ghost.pif??)

Hijackthis - (ghost.pif??)

To the staff of Avast! Give me some time to analyze it. Paste the following list of filepaths into the Suspicious File Packer window: C:\Ghost.pifD:\Ghost.pif Allow SFP to pack the files. If not, it will reinfect the machine everytime you stick it in. weblink

After the scan a logfile will be saved and opened; copy the contents of that log into your reply. Re: Ghost.pif Worm/Trojan Infection « Reply #13 on: September 22, 2007, 01:30:54 PM » Microsoft ActiveSync 4.0 --> MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}Microsoft Reader for Pocket PC Deckard's System Scanner v20071014.68Run by Owner on 2008- Lowyat.NET forums Advertisement Lowyat.NET Kopitiam Garage Sales Lowyat.NET Rules and Regulations FAQ HelpSearchMembersCalendar Welcome Guest ( Log In | Register ) Kyosuke Newbie Posts: 16 HAH!

If we have ever helped you in the past, please consider helping us. Because i think there is some problems there. As for Kaspersky, did you do the above?Gosh, I did not do it, will do it now, do you want the ComboFix log and HJT log again ?

Thanks v1n0d Jun 27 2007, 10:40 PM Show posts by this member only | Post #2 Math is love, math is life. Keep up the good work =PSpecs:AMD 64 3200+ASUS A8N-SLi1GB RamGeForce 7800GT 256MB DDR3 XP Media Center Edition SP2Avast Home, Spybot, AdAware, TweakNow RegCleaner. To the staff of Avast! After you download it, it will create a shortcut on the Desktop.

Your a llama! FTW! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! antivirus 4.7.1043 [VPS 000775-6] v4.7.1043 (ALWIL Software)[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)""C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager""C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager""C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync

Please tell me which back-up files you can't delete..Please do the following..Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")Copy the Because i didn't realise that i will create that folder to cause it not functioning. To the staff of Avast! To the staff of Avast!

FTW! Keep up the good work =PSpecs:AMD 64 3200+ASUS A8N-SLi1GB RamGeForce 7800GT 256MB DDR3 XP Media Center Edition SP2Avast Home, Spybot, AdAware, TweakNow RegCleaner. Please re-enable javascript to access full functionality. Logged Avast!

Tell me, do you use/know about Ardamax Keylogger program?Just a bit information for you. have a peek at these guys Did you not plug in your pendrive when you ran combofix? By the way, i reformated my computer 3 months ago but i still have backup files that i cant delete. Keep up the good work =PSpecs:AMD 64 3200+ASUS A8N-SLi1GB RamGeForce 7800GT 256MB DDR3 XP Media Center Edition SP2Avast Home, Spybot, AdAware, TweakNow RegCleaner.

FTW! or read our Welcome Guide to learn how to use this site. I dunno how to fix 018 hijackthis part. check over here Tell me about those backup files you can't delete2.

Re: Ghost.pif Worm/Trojan Infection « Reply #11 on: September 22, 2007, 01:29:55 PM » -- Security Center -------------------------------------------------------------AUOptions is scheduled to auto-install.Windows Internal Firewall is enabled.FirstRunDisabled is set.AV: avast! Double click on combofix.exe & follow the prompts.3. Live2007-06-07 06:24:06 -------- d-----w C:\Program Files\MSN Messenger2007-06-02 14:42:03 -------- d-----w C:\Program Files\MessengerDiscovery2007-06-01 07:25:25 -------- d-----w C:\Program Files\Joost2007-06-01 07:09:53 -------- d-----w C:\DOCUME~1\KARHOE~1\APPLIC~1\Joost2007-05-31 09:45:17 -------- d-----w C:\Program Files\Google2007-05-24 09:28:53 -------- d-----w C:\DOCUME~1\KARHOE~1\APPLIC~1\U32007-05-20 06:50:26

Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) -

Fichiers pif? Anyone help me pls to solve the my IE problems?? If you accept cookies from this site, you will only be shown this dialog once!You can press escape or click on the X to close this box. The system clock is unsynchronized.Event Record #/Type7093 / WarningEvent Submitted/Written: 06/01/2008 10:50:58 AMEvent ID/Source: 4226 / TcpipEvent Description:TCP/IP has reached the security limit imposed on the number of concurrent TCP connect

Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! A fresh Deckard System Scanner (after OTMoveIt2 step)Regardsfenzodahl512 0 #6 Betel Posted 03 June 2008 - 01:27 PM Betel Member Topic Starter Member 20 posts 1. Svchost.exe Uses Up All My Cpu Started by twidget96 , May 12 2007 09:15 AM Please log in to reply 1 reply to this topic #1 twidget96 twidget96 Newbie Members 4 this content Your a llama!

Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy Rechercher Inscrivez-vous Merci de votre compréhension. Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. BleepingComputer is being sued by Enigma Software because of a negative post of SpyHunter.

Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} To the staff of Avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetupAzureus --> C:\Program Files\Azureus\Uninstall.exeBig2 --> C:\Program Files\Microsoft ActiveSync\Big2\Uninstall.exe Big2Bowling Master --> C:\Program Files\Microsoft ActiveSync\Bowling Master\Uninstall.exe Bowling MasterBroken Sword: Shadow of the Templars Demo for Pocket PC --> C:\Program We only require a report from it.

Your a llama! Self Protection;c:\windows\system32\drivers\aswSP.sys [16/06/2009 23:44 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16/06/2009 23:44 20560] R2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [30/01/2009 21:24 3471360] R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?] R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service Double-click on dss.exe and follow the prompts.When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of Kyosuke Newbie Posts: 16 HAH!

Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Your a llama! Here's the print for the regedit where I found ghost.pifThis is what happens if I try to double click on my external hard drive.And this is the response I get when FTW!

Nothing seems to be going noticeably wrong so far, but it's really annoying how I can't double click my external hard drives, and the trojan/worm seems to be spreading really quickly jen90, Jul 20, 2007 #3 hhaneh Member Joined: Apr 26, 2006 Messages: 10 Likes Received: 0 Trophy Points: 11 Sorry for late reply, because i join 4 days camp.