Virul or Trojan Problem

**Fiv** · July 8th, 2004, 06:28 PM

I have this problem (wouldnt be here if i didnt).
I believe its a trojan, but may be a virus. It affects internet explorer, It installs a toolbar that was neva there, and every time i open IE thins window advertising Smilies comes up.
If i right click on the tool bar i see "Bone Settings Internet"
everytime i run a trojan scan it removes stuff, and internet explorer goes back to normal, but after restart these things come back. I tried scanning in Safe mode, after about 3 days it comes back, i have tried system restore.
I will provide a list of my start up Programs

I jus did a scan with skybot(someone recommended)
Got pronlems with,
Avenue A.Inc
Alexa Related
CoolWWWsearch.Smallm
Dso Exploit

Start List
Logfile of HijackThis v1.97.7
Scan saved at 7:26:05 PM, on 7/8/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Serv-U\ServUDaemon.exe
C:\WINDOWS\System32\svchost.exe
D:\PCILLIN\Tmntsrv.exe
C:\WINDOWS\System32\MsPMSPSv.exe
D:\PCILLIN\PCCPFW.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\CTHELPER.EXE
D:\PCILLIN\pccguide.exe
D:\PCILLIN\PCCClient.exe
D:\PCILLIN\Pop3trap.exe
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\Serv-U\ServUTray.exe
D:\PCILLIN\WebTrap.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Five\LOCALS~1\Temp\Rar$EX00.125\Hijack This.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\adobe\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {DF0F08ED-9CF4-919F-F782-5C4F27FD1006} - C:\PROGRA~1\DOWNLO~1\openlive.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Bone settings internet - {823D11C6-8A81-920F-0140-9067BD9A1B3E} - C:\PROGRA~1\DOWNLO~1\openlive.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [pccguide.exe] "D:\PCILLIN\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "D:\PCILLIN\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "D:\PCILLIN\Pop3trap.exe"
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ServUTrayIcon] C:\Program Files\Serv-U\ServUTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: GreatSpeed PPPoA Connection.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research (HKLM)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...159.9524768519
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by9fd.bay9.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDD14A63-3784-4809-ADC8-080F18B5152C}: NameServer = 206.48.60.10 69.57.239.201

**NooNoo** · July 9th, 2004, 04:47 AM

You have coolwebsearch or one of it's variants read this sticky thread it will help you remove it. Having done everything recommended, repost your hijack log for checking your clear.

**Officetrolley** · December 30th, 2004, 12:38 PM

messenger plus

Thread: Virul or Trojan Problem

Thread Tools

Display

Virul or Trojan Problem

hmm

Similar Threads

[RESOLVED] Application errors or network problem?

possible trojan

[RESOLVED] Odd, annoying problem.

Video/card monitor problem

[RESOLVED] Anyone can help me with this problem?

Bookmarks

Bookmarks

Posting Permissions