trojan problem -_-V

Discussion in 'Computer Software and Operating Systems' started by Youkai, Sep 27, 2008.

Sep 27, 2008

trojan problem -_-V by Youkai at 11:51 PM (986 Views / 0 Likes) 6 replies

  1. Youkai
    OP

    Member Youkai Demon

    Joined:
    Jul 1, 2004
    Messages:
    1,987
    Location:
    Germany , NRW
    Country:
    Germany
    Well dunno where i got it but i have an annoying virus since today ...

    When i use google all the links go to some pages that start with go.google

    i found some forum posts about this and some advices that all did not help.

    i deleted some stuff with hijackthis and made virus scan with antivir

    and even the 3 years outdated version of adaware (XD) didn't solve the problem ...

    any idea what to do next ?

    P.S. Spybot Search & Destroy didn't find anything as well
     
  2. AeroHex

    Banned AeroHex Banned

    Joined:
    Sep 8, 2008
    Messages:
    498
    Country:
    Australia
  3. Youkai
    OP

    Member Youkai Demon

    Joined:
    Jul 1, 2004
    Messages:
    1,987
    Location:
    Germany , NRW
    Country:
    Germany
    Well i already did delete hijackthis again ...

    well now after reinstallation i see those lines about those go. pages are back again ...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 03:07:14, on 28.09.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programme\DAEMON Tools Lite\daemon.exe
    C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Dokumente und Einstellungen\XYoukaiX\Desktop\RapidSharePlus.exe
    C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe
    C:\Programme\Internet Explorer\iexplore.exe
    C:\Programme\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
    C:\Programme\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {493F974E-FEAE-459E-B770-D9262474EB97} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Microsoft Windows Sound] svuhost.exe
    O4 - HKLM\..\RunServices: [Microsoft Windows Sound] svuhost.exe
    O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe

    --
    End of file - 5228 bytes



    P.S. that link won't work ...
     
  4. Dack

    Member Dack GBAtemp Advanced Fan

    Joined:
    Aug 26, 2007
    Messages:
    603
    Location:
    UK
    Country:
    United Kingdom
    Try the malwarebyte program - it does tend to pick up bits other viruses/malware scanners miss.

    http://www.malwarebytes.org/

    As it's redirecting your searches etc. it's got more malware than trojan effects.
     
  5. Jockel

    Member Jockel Tagging yourself? This shit ain't NeoGAF.

    Joined:
    Apr 14, 2008
    Messages:
    345
    Location:
    Germany
    Country:
    Germany
    Try Linux [​IMG]
     
  6. AeroHex

    Banned AeroHex Banned

    Joined:
    Sep 8, 2008
    Messages:
    498
    Country:
    Australia
    hum try Google the things you suspect

    disconnect your computer for the net run safe mode scan everything kill the bad crap and reboot
     
  7. kobykaan

    Member kobykaan GBAtemp Addict

    Joined:
    Aug 27, 2007
    Messages:
    2,994
    Country:
    United Kingdom
    do you mean the GO microsoft pages??

    here's how to get rid of them using HIJACK this and editing the registry ..

     

Share This Page