Downloader Jk

[Toolman35]

I think I have a Trojan on my pc. I have been lucky for quite a while now I have never had a virus or trojan. I bought internet security from nortan and tried to install it but before it gets installed it tells me that the "instopts.dat" file is missing.
Now if I am loading this from a Cd-rom why isn't the file on this cd?? This is a home built pc and I do have the free version of Zone Alarm on here. I think this virus came up top be "downloader jk" I used an online "PandaSoft" to find it. Although it says it removed it I still having problems. I have run spybot,adware6, hijackthis,cwshredder. Hijackthis comes up with alot of junk but it keeps coming back.
I would appreciate any help.
I guess through all this i really need to know about that install file missing,
Thanks, But any othrer info is appreciated
Thanks

[glc]

You are going to have problems installing NIS when you already have a firewall installed and running - and if you have a resident antivirus running, this can also get in the way of program installs. If you really want Norton, uninstall ZA first, 2 firewalls running can get kinda ugly. I'd personally stick with ZA 4.5.

Please post your HJT log.

[Toolman35]

Thats good idea. But do I have to update my ZA before I can get this trojan off my pc? Pandasoft says the trojan was disinfected but upon reboot all start pages goes back and registry is changed.

[kev7555]

Not to get in the way here but (waiting for flames as I have read many symantec haters here) I have had good luck with Norton.

The 2004 program runs a virus scan before installing to check for files that may interfere with the installation. Then, once you have installed the program it is up and running so you can update from symantec and check for all the latest threats.

If you use intelligent updater instead of live update, you can get the latest definitions daily (or anytime) in order to stay ahead of the weekly updates.

Just my two cents...

-Kev

[glc]

I'm not complaining about Norton Antivirus - I'm complaining about Norton Internet Security, different animal.

I do NOT recommend you update Zone Alarm to version 5.0 yet. There are some serious issues. If you need the latest 4.5 release, see my sticky thread at the top of this forum.

Post a HijackThis log, please.

[Toolman35]

Ok Glc here it is. I had to locate it I have it located on another forum......logfile of HijackThis v1.97.7
Scan saved at 9:41:27 PM, on 6/24/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2919.6304)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SDKFX32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\IOLO\COMMON\TASK AGENT\TASK_AGENT.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZAPRO.EXE
C:\PROGRAM FILES\DESKTOP WEATHER\DESKTOPWEATHER_1281152.EXE
C:\WINDOWS\ATLUU.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\JAVAJE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\JAVAJE.EXE
C:\WINDOWS\IEJV.EXE
C:\WINDOWS\IEJV.EXE
C:\WINDOWS\NTNF32.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\IEJV.EXE
C:\WINDOWS\SYSTEM\IENS32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\JAVAJE.EXE
C:\WINDOWS\SYSTEM\ADDVO.EXE
C:\WINDOWS\JAVAJE.EXE
C:\WINDOWS\SYSTEM\D3UD32.EXE
C:\WINDOWS\JAVAJE.EXE
C:\WINDOWS\ATLCW32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\IEJV.EXE
C:\WINDOWS\SYSTEM\MFCWN32.EXE
C:\WINDOWS\IEJV.EXE
C:\WINDOWS\SDKOJ32.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\fmiju.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://fmiju.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://fmiju.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\fmiju.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://fmiju.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\fmiju.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {0D77B60B-F9B8-DEB6-F8BC-A4507B4AA22E} - C:\WINDOWS\APPWB.DLL (file missing)
O2 - BHO: (no name) - {16A67573-5153-0344-B04A-BF8F43B5057F} - C:\WINDOWS\SDKRT.DLL (file missing)
O2 - BHO: (no name) - {9ABD55B8-A2CA-BE23-F848-21D286EF33B7} - C:\WINDOWS\IEZH32.DLL (file missing)
O2 - BHO: (no name) - {5B7ADD47-FA22-4593-093B-06286C989931} - C:\WINDOWS\SYSTEM\IPAA.DLL (file missing)
O2 - BHO: (no name) - {A39532FF-4A6C-D2B8-33EC-0AF5DB34793A} - C:\WINDOWS\MFCWM.DLL (file missing)
O2 - BHO: (no name) - {2343DBFF-F46E-3EA1-1BB0-A3DCB6B9A645} - C:\WINDOWS\SYSTEM\CRPW32.DLL (file missing)
O2 - BHO: (no name) - {A742322B-5141-64FD-4A50-24EEAE702790} - C:\WINDOWS\SYSTEM\ADDQU32.DLL (file missing)
O2 - BHO: (no name) - {93746255-B5DE-D30D-5090-EA932B2CE594} - C:\WINDOWS\APPGT32.DLL
O2 - BHO: (no name) - {EFBCDB13-FC80-D515-37FE-99B36B4D57F0} - C:\WINDOWS\SYSTEM\MFCBH32.DLL (file missing)
O2 - BHO: (no name) - {D08959AE-2CE7-8EB6-A6B0-EDBC6572FE18} - C:\WINDOWS\SYSTEM\IEAV32.DLL (file missing)
O2 - BHO: (no name) - {5735E683-CD34-5961-3A6F-D24FC5A02C88} - C:\WINDOWS\NTMV.DLL (file missing)
O2 - BHO: (no name) - {C266F854-DEAC-B9CC-2125-49FEDCDC42B2} - C:\WINDOWS\WINUJ.DLL (file missing)
O2 - BHO: (no name) - {E9056821-E93F-5C07-397E-4CAF2636D6F7} - C:\WINDOWS\NETRK.DLL (file missing)
O2 - BHO: (no name) - {41DF763B-CA20-678D-8571-C8B12341C5C3} - C:\WINDOWS\SYSTEM\APPDF.DLL (file missing)
O2 - BHO: (no name) - {6F235F27-0E1D-FEE2-4C60-2B6EB902B546} - C:\WINDOWS\SYSTEM\CRLF32.DLL (file missing)
O2 - BHO: (no name) - {BD589876-8AE4-0DD6-E714-F514B316BA80} - C:\WINDOWS\SYSTEM\JAVASF32.DLL (file missing)
O2 - BHO: (no name) - {1A49CC18-5AF9-8169-4B1A-F4A5DA220BC3} - C:\WINDOWS\SYSTEM\SDKKW.DLL (file missing)
O2 - BHO: (no name) - {2DB1C7E6-C436-401E-0374-ECF3202CF49B} - C:\WINDOWS\APPHQ.DLL (file missing)
O2 - BHO: (no name) - {86736BF9-6537-4FA6-04A3-1ADBD4CC6A59} - C:\WINDOWS\WINYJ.DLL (file missing)
O2 - BHO: (no name) - {5B249B58-B6A2-3960-E29C-A41A0A8EB86A} - C:\WINDOWS\SYSTEM\MSFR.DLL (file missing)
O2 - BHO: (no name) - {1680C9F9-C963-3F25-F481-EBF1DF741AE8} - C:\WINDOWS\NETVE32.DLL (file missing)
O2 - BHO: (no name) - {30816C95-3971-5FEF-57A9-9359290C1482} - C:\WINDOWS\SYSTEM\SYSJU.DLL (file missing)
O2 - BHO: (no name) - {0535D827-C720-21E5-477C-8138E19B5ADD} - C:\WINDOWS\SYSTEM\NTEO32.DLL (file missing)
O2 - BHO: (no name) - {D53BE37F-3A2E-270B-1A0A-66FD4B4BEE2F} - C:\WINDOWS\SYSGE32.DLL (file missing)
O2 - BHO: (no name) - {2793398C-63BA-9933-FF75-7C0CDD7AC593} - C:\WINDOWS\NETUL32.DLL (file missing)
O2 - BHO: (no name) - {2D3AC373-4AEE-FCA5-C5B8-2002AAED2A7F} - C:\WINDOWS\SYSTEM\SDKIJ.DLL (file missing)
O2 - BHO: (no name) - {4571E64C-49B6-A143-2CF3-78C94E0C0E5A} - C:\WINDOWS\SYSAB.DLL (file missing)
O2 - BHO: (no name) - {81C4026E-2E5E-88DC-7B26-44B223181EC2} - C:\WINDOWS\NTQU32.DLL (file missing)
O2 - BHO: (no name) - {50877FF3-1ADB-964A-CAE6-9A7D517719F0} - C:\WINDOWS\IPCK32.DLL (file missing)
O2 - BHO: (no name) - {908C94A7-18BA-B64A-8430-A47DE5203985} - C:\WINDOWS\IELR32.DLL (file missing)
O2 - BHO: (no name) - {5FF6A832-AA1A-6E3C-B35A-D7932B0283C0} - C:\WINDOWS\SYSTEM\JAVAMT32.DLL (file missing)
O2 - BHO: (no name) - {B08B1F52-4C7F-BCBC-77F0-74E151E7FD1E} - C:\WINDOWS\MFCRT32.DLL (file missing)
O2 - BHO: (no name) - {A8F17FED-B2E3-2815-E912-143F0CC418D2} - C:\WINDOWS\CRCB32.DLL (file missing)
O2 - BHO: (no name) - {68C766A7-C995-ECF1-5899-0097E2EE118F} - C:\WINDOWS\ATLXW32.DLL (file missing)
O2 - BHO: (no name) - {7C08138E-9B5A-D316-6A78-D3D1F21DF550} - C:\WINDOWS\NETJO.DLL (file missing)
O2 - BHO: (no name) - {A668E8A7-011A-5959-8B8F-178B04D4D508} - C:\WINDOWS\SYSTEM\APPZZ.DLL (file missing)
O2 - BHO: (no name) - {A9A038BF-52B4-5E38-F009-55DEF1EC172F} - C:\WINDOWS\SYSTEM\MFCUS32.DLL (file missing)
O2 - BHO: (no name) - {4E13D08B-8C7F-2D80-572A-D6E907D83EB5} - C:\WINDOWS\D3FZ32.DLL (file missing)
O2 - BHO: (no name) - {C88013BA-3513-9B4C-2B49-D54368D01189} - C:\WINDOWS\SYSTEM\ADDYY.DLL (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SDKFX32.EXE] C:\WINDOWS\SYSTEM\SDKFX32.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [ATLUU.EXE] C:\WINDOWS\ATLUU.EXE
O4 - HKLM\..\RunServices: [JAVAJE.EXE] C:\WINDOWS\JAVAJE.EXE
O4 - HKLM\..\RunServices: [IEJV.EXE] C:\WINDOWS\IEJV.EXE
O4 - HKLM\..\RunServices: [NTNF32.EXE] C:\WINDOWS\NTNF32.EXE
O4 - HKLM\..\RunServices: [IENS32.EXE] C:\WINDOWS\SYSTEM\IENS32.EXE
O4 - HKLM\..\RunServices: [ADDVO.EXE] C:\WINDOWS\SYSTEM\ADDVO.EXE
O4 - HKLM\..\RunServices: [D3UD32.EXE] C:\WINDOWS\SYSTEM\D3UD32.EXE
O4 - HKLM\..\RunServices: [ATLCW32.EXE] C:\WINDOWS\ATLCW32.EXE
O4 - HKLM\..\RunServices: [MFCWN32.EXE] C:\WINDOWS\SYSTEM\MFCWN32.EXE
O4 - HKLM\..\RunServices: [SDKOJ32.EXE] C:\WINDOWS\SDKOJ32.EXE
O4 - HKCU\..\Run: [iolo Task Agent] C:\Program Files\iolo\Common\Task Agent\task_agent.exe
O4 - Startup: desktop weather.lnk = C:\Program Files\desktop weather\desktopweather_1281152.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.c...8162.7426967593
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: WebConnect Pro 6.2.10 - https://secureconnect.csx.com:3443/WebConnectDU.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab

. I hope I can get someone to tell me exactley what to get rid of.


I have even gone to my system mechanic program and restored from backup on the registry but I still having probs. Any help would be great
Thanks

I can delete this stuff from hijack this. Then after closing the box and running it again it is more full than before?????


Last edited by Toolman35 on 06-25-2004 at 02:50 AM

The good news I followed some advice I read here about doing ALL THIS in safe mode. It seems to have worked for me. I sure wish I would read more when these things happen.
Thanks for the help.

[Toolman35]

GLC...
Is ZA firewall also a antivirus program. I have had a computer for a while but just never have felt a great need for a firewall. This was the first virus I have had in 10 yrs.(at least that I have known of). I just thought I would buy Norton internet security with antivirus and get it all. After I bought it I have found out I am having great trouble installing it. It seems that I am missing the "instopts.dat" file. I went to take it back but wallyworld wouldn't take it back.
Anyway things seem to be back to normal with this pc. just done everything from safe mode and that seemed to have done it. As always in the past PC Mechanic has come through.
Thanks all.
Tim