| Home | Forums | Reviews | Articles | Register |
 |
| Thread Tools | Rate Thread |
|
Guest
Posts: n/a
|
|
|
|
||
|
|
| |
|
Guest
Posts: n/a
|
"Jan Il" <(E-Mail Removed)> wrote in
news:FnSsb.372$6G3.253@fed1read06: > Hi PackRat! > > "PackRat2112" <(E-Mail Removed)> wrote in message > news:Xns94327C0813E08noneyobizcom@63.223.5.254... > > I can't help with your log, but you might also try posting > your log at this site. They are experienced with many of > the scan programs, including HijackThis, and they can also > read your log and advise you how to get rid of your problem > files, some of which you may not be aware are unnecessary > or can be damaging to your system. > > http://tomcoyote.org/forums/index.php?showforum=27 > > You can post as a guest, or register as a member, it's > free. ;-)) > > Good luck. > Jan  > >> A friend of mine has encountered the be.delf trojan and I >> can't figure out how to remove this pesk. >> >> she xp pro on an old pentium 333. >> >> I ran avg the system, it finds it in some obscure place, I >> delete it. >> >> then I ran ad-aware 6.0 and it found 541 (wow) entries, >> delete that mess, ran it again, it found 13 entries, (none >> seemingly that have anything to do with "delf"), deleted >> those. >> >> then I ran spider bite. I didn't see anything I restarted >> the system. >> >> ran ad-aware again, it found 2 entries, (none seemingly >> that have anything to do with "delf"), delete. >> >> ran spybot and it stop running about half way though the >> process. <ctrl-alt-del> end prog. >> tried again... same thing. >> >> looking around in here I saw something about "HijackThis" >> having to do with a different "delf" variety, and they >> said to the .log details and maybe some one could figure >> out what to delete and hopefully the whole process of >> getting rid of this, cause I haven't a clue. >> >> So, here's the log info. (I know it's quite long but what >> I say) >> >> could some help me with this, please. >> >> tia. >> >> >> >> Logfile of HijackThis v1.97.6 >> Scan saved at 11:48:34 AM, on 11/13/2003 >> Platform: Windows XP (WinNT 5.01.2600) >> MSIE: Internet Explorer v6.00 (6.00.2600.0000) >> >> Running processes: >> C:\WINDOWS\System32\smss.exe >> C:\WINDOWS\system32\winlogon.exe >> C:\WINDOWS\system32\services.exe >> C:\WINDOWS\system32\lsass.exe >> C:\WINDOWS\system32\svchost.exe >> C:\WINDOWS\System32\svchost.exe >> C:\WINDOWS\system32\spoolsv.exe >> C:\PROGRA~1\Grisoft\AVG6\avgserv.exe >> C:\WINDOWS\System32\svchost.exe >> C:\WINDOWS\Explorer.EXE >> C:\Program Files\Microsoft Hardware\Mouse\point32.exe >> C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe >> C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe >> C:\Program Files\QuickTime\qttask.exe >> C:\WINDOWS\System32\SearchUpdate33.exe >> C:\Program Files\Common Files\slmss\slmss.exe >> C:\WINDOWS\mwsvm.exe >> C:\WINDOWS\System32\IEDriver\IEDriver.exe >> C:\PROGRA~1\AWS\WEATHE~1\WEATHER.EXE >> C:\Program Files\Messenger\msmsgs.exe >> C:\Program Files\Alset\HelpExpress\ME\HXDL.EXE >> C:\Program Files\EarthLink TotalAccess\TaskPanl.exe >> C:\PROGRA~1\HEWLET~1\hpis\common\MOTIVE~1.EXE >> C:\Documents and Settings\ME\Desktop\HijackThis.exe >> >> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search >> Bar = file://C:\WINDOWS\System32\sb.htm >> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search >> Page = >> http://rd.yahoo.com/customize/ymsgr/...sp/*http://www >> .yaho o.com >> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start >> Page = >> http://rd.yahoo.com/customize/ymsgr/...*http://my.yah >> oo.co m >> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search >> Bar = >> http://rd.yahoo.com/customize/ymsgr/...sb/*http://www >> .yaho o.com/ext/search/search.html >> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search >> Page = >> http://rd.yahoo.com/customize/ymsgr/...sp/*http://www >> .yaho o.com >> R1 - HKLM\Software\Microsoft\Internet >> Explorer\Main,Default_Page_URL = >> http://rd.yahoo.com/customize/ymsgr/...*http://my.yah >> oo.co m >> R1 - HKLM\Software\Microsoft\Internet >> Explorer\Main,Default_Search_URL = >> http://rd.yahoo.com/customize/ymsgr/...su/*http://www >> .yaho o.com >> R0 - HKLM\Software\Microsoft\Internet >> Explorer\Search,CustomizeSearch = >> R1 - HKCU\Software\Microsoft\Internet >> Explorer\SearchURL,(Default) = >> http://rd.yahoo.com/customize/ymsgr/...su/*http://www >> .yaho o.com >> R1 - >> HKCU\Software\Microsoft\Windows\CurrentVersion\Internet >> Settings,ProxyOverride = 127.0.0.1 >> R0 - HKCU\Software\Microsoft\Internet >> Explorer\Toolbar,LinksFolderName = >> R1 - HKLM\Software\Microsoft\Internet >> Explorer\Main,SearchAssistant = >> http://www.websearch.com/ie.aspx?tb_id=50003 >> R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D- >> 3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll >> F2 - REG:system.ini: >> UserInit=C:\WINDOWS\System32\Userinit.exe O2 - BHO: (no >> name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - >> C:\Program Files\Adobe\Acrobat >> 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: EarthLink >> Popup Blocker - {4B5F2E08-6F39-479a-B547- B2026E4C7EDF} - >> C:\Program Files\EarthLink TotalAccess\PnEL.dll O2 - BHO: >> DefaultSearch.SeekSeek - {5074851C-F67A-488E-A9C9- >> C244573F4068} - C:\WINDOWS\ieasst.dll O2 - BHO: (no name) >> - {719D6C8D-73C4-4372-847F-4A5C9FC50CD6} - >> C:\WINDOWS\System32\h32c3msp.dll O2 - BHO: (no name) - >> {8952A998-1E7E-4716-B23D-3DBE03910972} - >> C:\PROGRA~1\Toolbar\toolbar.dll O2 - BHO: SearchSquire3 - >> {907CA0E5-CE84-11D6-9508-02608CDD2846} - >> C:\WINDOWS\System32\SEARCH~1.DLL O2 - BHO: (no name) - >> {98DE779A-2364-4293-AB71-2B97C61C4640} - >> C:\PROGRA~1\FREEDO~1\fdahlp.dll O2 - BHO: (no name) - >> {AA58ED58-01DD-4d91-8333-CF10577473F7} - >> c:\windows\googletoolbar_en_2.0.95-big.dll O3 - Toolbar: >> FDA Bar - {9595C62C-76C6-49A6-9BDA-3253DD7A34FF} - >> C:\Program Files\Free Downloads Accelerator\fdabar.dll >> O3 - Toolbar: &Radio - >> {8E718888-423F-11D2-876E-00A0C9082467} - >> C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - >> {2318C2B1-4965-11d4-9B18-009027A5CD4F} - >> c:\windows\googletoolbar_en_2.0.95-big.dll O3 - Toolbar: >> Pop-Up Blocker - {D7F30B62-8269-41AF-9539- B2697FA7D77E} - >> C:\Program Files\EarthLink TotalAccess\PnEL.dll O3 - >> Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F- >> 29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll O4 - >> HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: >> [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP >> O4 - HKLM\..\Run: [PP5300usb] c:\paprport\FBDirect.exe >> O4 - HKLM\..\Run: [HPDJ Taskbar Utility] >> C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe >> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program >> Files\QuickTime\qttask.exe" -atboottime >> O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe >> O4 - HKLM\..\Run: [SearchSquire33] >> C:\WINDOWS\System32\SearchUpdate33.exe >> O4 - HKLM\..\Run: [slmss] C:\Program Files\Common >> Files\slmss\slmss.exe >> O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe >> O4 - HKLM\..\Run: [absr] C:\WINDOWS\mwsvm.exe >> O4 - HKLM\..\Run: [KernelFaultCheck] >> %systemroot%\system32\dumprep 0 -k >> O4 - HKLM\..\Run: [IEDriver] >> C:\WINDOWS\System32\IEDriver\IEDriver.exe >> O4 - HKLM\..\RunServices: [ZipGenius Clean] >> C:\WINDOWS\zg.exe - clean >> O4 - HKCU\..\Run: [Weather] >> C:\PROGRA~1\AWS\WEATHE~1\WEATHER.EXE 1 >> O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN >> Messenger\MsnMsgr.Exe" /background >> O4 - HKCU\..\Run: [MSMSGS] "C:\Program >> Files\Messenger\msmsgs.exe" /background >> O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program >> Files\Yahoo!\Messenger\ypager.exe -quiet >> O4 - HKCU\..\Run: [HXDL.EXE] C:\Program >> Files\Alset\HelpExpress\ME\HXDL.EXE -from="HXIUL.EXE" - >> to="HXIUL.EXE" >> O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program >> Files\EarthLink TotalAccess\TaskPanl.exe" -winstart >> O4 - Global Startup: hp instant support.lnk = C:\Program >> Files\Hewlett-Packard\hpis\bin\matcli.exe >> O6 - HKCU\Software\Policies\Microsoft\Internet >> Explorer\Control Panel present >> O8 - Extra context menu item: &Google Search - >> res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmsearch.h >> tml O8 - Extra context menu item: Backward &Links - >> res://c:\windows\GoogleToolbar_en_2.0.95- >> big.dll/cmbacklinks.html >> O8 - Extra context menu item: Cac&hed Snapshot of Page - >> res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmcache.ht >> ml O8 - Extra context menu item: Download with Free >> Downloads Accelerator - C:\Program Files\Free Downloads >> Accelerator\fdaie.htm >> O8 - Extra context menu item: Si&milar Pages - >> res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmsimilar. >> html O8 - Extra context menu item: Translate Page - >> res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmtrans.ht >> ml O9 - Extra button: Messenger (HKLM) >> O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) >> O9 - Extra button: Instant Messenger (SM) (HKLM) >> O9 - Extra button: Messenger (HKLM) >> O9 - Extra 'Tools' menuitem: Messenger (HKLM) >> O12 - Plugin for .spop: C:\Program Files\Internet >> Explorer\Plugins\NPDocBox.dll >> O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} >> (Shockwave ActiveX Control) - >> http://download.macromedia.com/pub/s...cabs/director/ >> sw.ca b >> O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} - >> http://raven.veloz.com/pub/download/oodlz_wrd.cab >> O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - >> http://dst.trafficsyndicate.com/Dnl/T_50003/btiein.cab >> O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} >> (YInstStarter Class) - >> http://download.yahoo.com/dl/installs/yinst0309.cab O16 - >> DPF: {41F17733-B041-4099-A042-B518BB6A408C} - >> http://a1540.g.akamai.net/7/1540/52/...qtinstall.info >> .appl e.com/borris/us/win/QuickTimeInstaller.exe >> O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} >> (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab >> O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE >> Class) - >> http://207.188.7.150/12ae7d9a5671253...zip/RdxIE601.c >> ab O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} >> (CWDL_DownLoadControl Class) - >> http://www.callwave.com/include/cab/CWDL_DownLoad.CAB >> O16 - DPF: {907CA0E5-CE84-11D6-9508-02608CDD2846} (Squire >> Class) - http://update.searchsquire.com/SearchSquire33.CAB >> O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - >> http://wdownload.weatherbug.com/mini...lers/AWS/minib >> ugins taller.cab >> O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} >> (Shockwave Flash Object) - >> http://download.macromedia.com/pub/s...cabs/flash/swf >> lash. cab >> O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} >> (McFreeScan Class) - >> http://download.mcafee.com/molbin/iss-loc/vso/en- >> us/tools/mcfscan/1,5,0,4288/mcfscan.cab >> >> >> >> >> -- >> "One likes to believe in the freedom >> Of music. But glittering prizes >> And endless compromises shatter >> The illusion of integrity" >> - Neil Peart >> > > > Thanx Jan, i'll check it out. :-) -- "One likes to believe in the freedom Of music. But glittering prizes And endless compromises shatter The illusion of integrity" - Neil Peart |
|
|
|
|
|||
|
Guest
Posts: n/a
|
Hi PackRat!
"PackRat2112" <(E-Mail Removed)> wrote in message news:Xns94327C0813E08noneyobizcom@63.223.5.254... I can't help with your log, but you might also try posting your log at this site. They are experienced with many of the scan programs, including HijackThis, and they can also read your log and advise you how to get rid of your problem files, some of which you may not be aware are unnecessary or can be damaging to your system. http://tomcoyote.org/forums/index.php?showforum=27 You can post as a guest, or register as a member, it's free. ;-)) Good luck. Jan > A friend of mine has encountered the be.delf trojan and I can't > figure out how to remove this pesk. > > she xp pro on an old pentium 333. > > I ran avg the system, it finds it in some obscure place, I > delete it. > > then I ran ad-aware 6.0 and it found 541 (wow) entries, delete > that mess, ran it again, it found 13 entries, (none seemingly > that have anything to do with "delf"), deleted those. > > then I ran spider bite. I didn't see anything I restarted the > system. > > ran ad-aware again, it found 2 entries, (none seemingly that > have anything to do with "delf"), delete. > > ran spybot and it stop running about half way though the > process. <ctrl-alt-del> end prog. > tried again... same thing. > > looking around in here I saw something about "HijackThis" having > to do with a different "delf" variety, and they said to the .log > details and maybe some one could figure out what to delete and > hopefully the whole process of getting rid of this, cause I > haven't a clue. > > So, here's the log info. (I know it's quite long but what I > say) > > could some help me with this, please. > > tia. > > > > Logfile of HijackThis v1.97.6 > Scan saved at 11:48:34 AM, on 11/13/2003 > Platform: Windows XP (WinNT 5.01.2600) > MSIE: Internet Explorer v6.00 (6.00.2600.0000) > > Running processes: > C:\WINDOWS\System32\smss.exe > C:\WINDOWS\system32\winlogon.exe > C:\WINDOWS\system32\services.exe > C:\WINDOWS\system32\lsass.exe > C:\WINDOWS\system32\svchost.exe > C:\WINDOWS\System32\svchost.exe > C:\WINDOWS\system32\spoolsv.exe > C:\PROGRA~1\Grisoft\AVG6\avgserv.exe > C:\WINDOWS\System32\svchost.exe > C:\WINDOWS\Explorer.EXE > C:\Program Files\Microsoft Hardware\Mouse\point32.exe > C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe > C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe > C:\Program Files\QuickTime\qttask.exe > C:\WINDOWS\System32\SearchUpdate33.exe > C:\Program Files\Common Files\slmss\slmss.exe > C:\WINDOWS\mwsvm.exe > C:\WINDOWS\System32\IEDriver\IEDriver.exe > C:\PROGRA~1\AWS\WEATHE~1\WEATHER.EXE > C:\Program Files\Messenger\msmsgs.exe > C:\Program Files\Alset\HelpExpress\ME\HXDL.EXE > C:\Program Files\EarthLink TotalAccess\TaskPanl.exe > C:\PROGRA~1\HEWLET~1\hpis\common\MOTIVE~1.EXE > C:\Documents and Settings\ME\Desktop\HijackThis.exe > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = > file://C:\WINDOWS\System32\sb.htm > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page > = > http://rd.yahoo.com/customize/ymsgr/...ttp://www.yaho > o.com > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = > http://rd.yahoo.com/customize/ymsgr/...://my.yahoo.co > m > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = > http://rd.yahoo.com/customize/ymsgr/...ttp://www.yaho > o.com/ext/search/search.html > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page > = > http://rd.yahoo.com/customize/ymsgr/...ttp://www.yaho > o.com > R1 - HKLM\Software\Microsoft\Internet > Explorer\Main,Default_Page_URL = > http://rd.yahoo.com/customize/ymsgr/...://my.yahoo.co > m > R1 - HKLM\Software\Microsoft\Internet > Explorer\Main,Default_Search_URL = > http://rd.yahoo.com/customize/ymsgr/...ttp://www.yaho > o.com > R0 - HKLM\Software\Microsoft\Internet > Explorer\Search,CustomizeSearch = > R1 - HKCU\Software\Microsoft\Internet > Explorer\SearchURL,(Default) = > http://rd.yahoo.com/customize/ymsgr/...ttp://www.yaho > o.com > R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet > Settings,ProxyOverride = 127.0.0.1 > R0 - HKCU\Software\Microsoft\Internet > Explorer\Toolbar,LinksFolderName = > R1 - HKLM\Software\Microsoft\Internet > Explorer\Main,SearchAssistant = > http://www.websearch.com/ie.aspx?tb_id=50003 > R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D- > 3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll > F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe > O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - > C:\Program Files\Adobe\Acrobat > 5.0\Reader\ActiveX\AcroIEHelper.ocx > O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547- > B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll > O2 - BHO: DefaultSearch.SeekSeek - {5074851C-F67A-488E-A9C9- > C244573F4068} - C:\WINDOWS\ieasst.dll > O2 - BHO: (no name) - {719D6C8D-73C4-4372-847F-4A5C9FC50CD6} - > C:\WINDOWS\System32\h32c3msp.dll > O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - > C:\PROGRA~1\Toolbar\toolbar.dll > O2 - BHO: SearchSquire3 - {907CA0E5-CE84-11D6-9508-02608CDD2846} > - C:\WINDOWS\System32\SEARCH~1.DLL > O2 - BHO: (no name) - {98DE779A-2364-4293-AB71-2B97C61C4640} - > C:\PROGRA~1\FREEDO~1\fdahlp.dll > O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - > c:\windows\googletoolbar_en_2.0.95-big.dll > O3 - Toolbar: FDA Bar - {9595C62C-76C6-49A6-9BDA-3253DD7A34FF} - > C:\Program Files\Free Downloads Accelerator\fdabar.dll > O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - > C:\WINDOWS\System32\msdxm.ocx > O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - > c:\windows\googletoolbar_en_2.0.95-big.dll > O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539- > B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll > O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F- > 29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll > O4 - HKLM\..\Run: [POINTER] point32.exe > O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe > /STARTUP > O4 - HKLM\..\Run: [PP5300usb] c:\paprport\FBDirect.exe > O4 - HKLM\..\Run: [HPDJ Taskbar Utility] > C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe > O4 - HKLM\..\Run: [QuickTime Task] "C:\Program > Files\QuickTime\qttask.exe" -atboottime > O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe > O4 - HKLM\..\Run: [SearchSquire33] > C:\WINDOWS\System32\SearchUpdate33.exe > O4 - HKLM\..\Run: [slmss] C:\Program Files\Common > Files\slmss\slmss.exe > O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe > O4 - HKLM\..\Run: [absr] C:\WINDOWS\mwsvm.exe > O4 - HKLM\..\Run: [KernelFaultCheck] > %systemroot%\system32\dumprep 0 -k > O4 - HKLM\..\Run: [IEDriver] > C:\WINDOWS\System32\IEDriver\IEDriver.exe > O4 - HKLM\..\RunServices: [ZipGenius Clean] C:\WINDOWS\zg.exe - > clean > O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\WEATHER.EXE > 1 > O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN > Messenger\MsnMsgr.Exe" /background > O4 - HKCU\..\Run: [MSMSGS] "C:\Program > Files\Messenger\msmsgs.exe" /background > O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program > Files\Yahoo!\Messenger\ypager.exe -quiet > O4 - HKCU\..\Run: [HXDL.EXE] C:\Program > Files\Alset\HelpExpress\ME\HXDL.EXE -from="HXIUL.EXE" - > to="HXIUL.EXE" > O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink > TotalAccess\TaskPanl.exe" -winstart > O4 - Global Startup: hp instant support.lnk = C:\Program > Files\Hewlett-Packard\hpis\bin\matcli.exe > O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control > Panel present > O8 - Extra context menu item: &Google Search - > res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmsearch.html > O8 - Extra context menu item: Backward &Links - > res://c:\windows\GoogleToolbar_en_2.0.95- > big.dll/cmbacklinks.html > O8 - Extra context menu item: Cac&hed Snapshot of Page - > res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmcache.html > O8 - Extra context menu item: Download with Free Downloads > Accelerator - C:\Program Files\Free Downloads > Accelerator\fdaie.htm > O8 - Extra context menu item: Si&milar Pages - > res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmsimilar.html > O8 - Extra context menu item: Translate Page - > res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmtrans.html > O9 - Extra button: Messenger (HKLM) > O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) > O9 - Extra button: Instant Messenger (SM) (HKLM) > O9 - Extra button: Messenger (HKLM) > O9 - Extra 'Tools' menuitem: Messenger (HKLM) > O12 - Plugin for .spop: C:\Program Files\Internet > Explorer\Plugins\NPDocBox.dll > O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave > ActiveX Control) - > http://download.macromedia.com/pub/s...director/sw.ca > b > O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} - > http://raven.veloz.com/pub/download/oodlz_wrd.cab > O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - > http://dst.trafficsyndicate.com/Dnl/T_50003/btiein.cab > O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter > Class) - http://download.yahoo.com/dl/installs/yinst0309.cab > O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - > http://a1540.g.akamai.net/7/1540/52/...tall.info.appl > e.com/borris/us/win/QuickTimeInstaller.exe > O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay > Class) - http://www.gamehouse.com/ghdlctl.cab > O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) > - http://207.188.7.150/12ae7d9a5671253...p/RdxIE601.cab > O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} > (CWDL_DownLoadControl Class) - > http://www.callwave.com/include/cab/CWDL_DownLoad.CAB > O16 - DPF: {907CA0E5-CE84-11D6-9508-02608CDD2846} (Squire Class) > - http://update.searchsquire.com/SearchSquire33.CAB > O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - > http://wdownload.weatherbug.com/mini...AWS/minibugins > taller.cab > O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave > Flash Object) - > http://download.macromedia.com/pub/s.../flash/swflash. > cab > O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan > Class) - http://download.mcafee.com/molbin/iss-loc/vso/en- > us/tools/mcfscan/1,5,0,4288/mcfscan.cab > > > > > -- > "One likes to believe in the freedom > Of music. But glittering prizes > And endless compromises shatter > The illusion of integrity" > - Neil Peart > |
|
|
|
|
|||
|
Guest
Posts: n/a
|
|
|
|
|
||
|
Guest
Posts: n/a
|
On Thu, 13 Nov 2003 20:00:09 GMT, PackRat2112 <(E-Mail Removed)> wrote
in alt.comp.anti-virus: >A friend of mine has incountered the be.delf trojan and i can't >figure out how to remove this pesk. > >she xp pro on an old pentium 333. Ouch. It's not apparently relevant here, but WHY would she choose to run (if you call it running) the most insecure OS ever to come out of Redmond on a machine that can't handle it? >i ran avg the the system, it finds it in some obscure place, i >delete it. WHAT obscure place? It matters, a lot. Look in the log for the exact location. >then i ran ad-aware 6.0 and it found 541 (wow) Wow is right, I think that's the most I've ever heard of. So I take it your friend likes to install lots of free software? >entries, delete >that mess, ran it again, it found 13 entries, (none seemingly >that have anything to do with "delf"), deleted those. > >then i ran spider bite. i didn't see anything i restarted the >system. > >ran ad-aware again, it found 2 entries, (none seemingly that >have anything to do with "delf"), delete. Try updating Ad-Aware again. It should be finding the LOP that's hanging Spybot, by now. >ran spybot and it stop running about half way though the >process. <ctrl-alt-del> end prog. >tried again... same thing. Spybot S&D gets hung on the LOP spyware. As far as I know a simple update should solve that. There are still several chunks of spyware here and one of them may be using delf as its downloader or AVG *may* be misidentifying it. >C:\WINDOWS\System32\SearchUpdate33.exe >C:\Program Files\Common Files\slmss\slmss.exe >C:\WINDOWS\mwsvm.exe >C:\WINDOWS\System32\IEDriver\IEDriver.exe I never saw that last one before, but IE in normal use doesn't need a "driver". Unless it has to do with that Google toolbar I see, she doesn't want it. >C:\PROGRA~1\AWS\WEATHE~1\WEATHER.EXE Is or at least WAS also considered spyware but I think most people who have it want it. Carol |
|
|
|
|
|||
|
|
| |
|
| Thread Tools | |
| Rate This Thread | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| trojan horse delf.jkh | tony cooper | Anti-Virus | 9 | 27th Apr 2009 03:10 AM |
| Trojan-Clicker.Win32.Delf.qt | Desert Rat | Anti-Virus | 1 | 5th Oct 2006 09:53 PM |
| Trojan horse Dropper.Delf.3.BE. | OM | Anti-Virus | 2 | 21st Dec 2004 12:18 AM |
| Trojan Horse BackDoor.delf | PeteXX | Anti-Virus | 9 | 24th Oct 2004 03:23 PM |
| trojan horse dropper.delf.3.l | =?Utf-8?B?R3JhaGFt?= | Windows XP General | 3 | 7th Oct 2004 11:22 PM |
