|
|||||||
 |
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread | Display Modes |
04-10-2011, 03:54 PM
|
#1 |
|
Member (3 bit)
Join Date: Apr 2011
Posts: 7
|
csrss.exe conhost.exe dwm.exe virus
Hi, I think the 3 things i posted above are infected with a trojan because I have C:\Users\Sammy\AppData\Roaming\Microsoft\conhost.exe and it will not let me delete it. Everytime i go on google and try to click on the link i get redirected and kaspersky says something like this:
"4/10/2011 3:50:24 PM CSRSS.EXE Denied: zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNpX%2BP9h%2BI0sDkX9Piwo2L2GUr0%2BbGscfRsX%2BaIwr51gW1f447D rXf0eU2S%2BsSodOFuTLiv0agD9WRN6I3FqHT9a07m%2FMKiA%2FFpSufuxq00sD0OpLjRqAO3bVKv975Xlm5G (analysis using the database of suspicious URLs) zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNpX%2BP9h%2BI0sDkX9Piwo2L2GUr0%2BbGscfRsX%2BaIwr51gW1f447D rXf0eU2S%2BsSodOFuTLiv0agD9WRN6I3FqHT9a07m%2FMKiA%2FFpSufuxq00sD0OpLjRqAO3bVKv975Xlm5G URL found in the database" But i still get redircted. Here is the Hijackthis log when i scan: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 3:52:58 PM, on 4/10/2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16722) Boot mode: Normal Running processes: C:\Users\Sammy\AppData\Local\Temp\csrss.exe C:\Users\Sammy\AppData\Roaming\Microsoft\conhost.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Sammy\AppData\Roaming\dwm.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = RuneScape - MMORPG - The No.1 Free Online Multiplayer Game R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:54606 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll R3 - URLSearchHook: Runescape Toolbar - {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\Runescape\tbRune.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (file missing) O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Runescape Toolbar - {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\Runescape\tbRune.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\SysWow64\Msdxm6.ocx O3 - Toolbar: Runescape Toolbar - {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\Runescape\tbRune.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" O4 - HKLM\..\Run: [conhost] C:\Users\Sammy\AppData\Roaming\Microsoft\conhost.exe O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQgBXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA 4ADYARwA"&"inst=NwA3AC0ANAAyADUANQAxADkANgAwADcALQBGAFAAOQArADYALQBCAEEAUgA5AEcAKwAxAC0AVABCADkAKwAyAC0ARgBMACs AOQAtAFgATwAzADYAKwAxAC0ARgA5AE0ANwBDACsANQAtAEYAOQBNADEAMABCACsAMQA"&"prod=90"&"ver=9.0.894 O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [conhost] C:\Users\Sammy\AppData\Roaming\Microsoft\conhost.exe O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab...i_4.1.71.0.cab O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequireme...eqlab_srlx.cab O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirements...qlabdetect.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab...el_4.3.1.0.cab O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://service.futuremark.com/gom/receiver/tc/FMSI.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\nlssrv32.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe O23 - Service: FireDaemon Service: SuPPPPPPPPPP (SuPPPPPPPPPP) - Unknown owner - C:\Program Files (x86)\FireDaemon\FireDaemon.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12089 bytes I really need help so anyone that can help please give me any info that you have. Last edited by 0621sammy; 04-10-2011 at 04:52 PM. |
|
|
|
04-10-2011, 04:36 PM
|
#2 |
|
Forum Administrator
Staff
Premium Member
Join Date: May 2000
Location: Joplin MO
Posts: 41,163
|
What have you scanned with besides Kaspersky?
|
|
|
|
|
04-10-2011, 04:39 PM
|
#3 |
|
Member (3 bit)
Join Date: Apr 2011
Posts: 7
|
I have scanned with AVG it didn't find anything. I scanned with Malwarebytes' Anti-Malware it found a few things and I thought it disenfected them but then when I ran the scan again it found them again. I also scanned with Spybot - Search & Destroy it found some stuff but im still having the problem.
|
|
|
|
|
04-10-2011, 04:43 PM
|
#4 |
|
Member (3 bit)
Join Date: Apr 2011
Posts: 7
|
Oh and another problem im having is when im trying to download stuff like just now i tried to download TDSSKiller.exe and it gives me some error that says "c:\users\sammy\appdata\local\microsoft\windows\temporary internet files\content.ie5\QRZ4N3ZE\tdsskiller[1].exe is not a valid win32 application"
|
|
|
|
|
04-10-2011, 04:57 PM
|
#5 |
|
Member (3 bit)
Join Date: Apr 2011
Posts: 7
|
I just ran Malwarebytes' Anti-Malware again heres what it shows and I have tried to fix these 2 trojans on Malwarebytes' Anti-Malware but they just keep coming back right away I don't know how to get rid of the for good.
Malwarebytes' Anti-Malware 1.43 Database version: 3462 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 4/10/2011 4:55:01 PM mbam-log-2011-04-10 (16-55-01).txt Scan type: Quick Scan Objects scanned: 90671 Time elapsed: 3 minute(s), 36 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: C:\Users\Sammy\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Users\Sammy\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully. |
|
|
|
|
04-10-2011, 05:00 PM
|
#6 |
|
Member (3 bit)
Join Date: Apr 2011
Posts: 7
|
Is the thread glitching or is just me? Because my first post is not showing.
|
|
|
|
|
04-10-2011, 08:03 PM
|
#7 |
|
Kickin' it
Join Date: Jan 2002
Location: USA
Posts: 7,724
 |
Somehow it ended up in the spam filter. I fixed it.
__________________
Fold for PCMech: Team 13761 |
|
|
|
|
04-10-2011, 10:44 PM
|
#8 |
|
Forum Administrator
Staff
Premium Member
Join Date: May 2000
Location: Joplin MO
Posts: 41,163
|
You are not using the current version of Malwarebytes.
Use something like CCleaner to delete all the temp files and clear browser caches. Then do your scans. |
|
|
|
|
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Linear Mode
