• Welcome to Free PC Help, a free PC Help forum to get help with your computer problems.

    Free PC Help is a community that offers free computer help and support for all users, all ages, worldwide.

    In order to start asking questions or contribute on someone else's post you will first need to register. Don't worry - it's quick and easy and once you have registered you will have instant access to the entire forum.

    If you do decide to join the forums you will not have the option to send Private Messages [ PMs ] or add a Signature until you have made 5 posts or more. This is an attempt to try to stop Spammers using the PM system or adding links to their Signature.

My HijackThis Log

Goku

FPCH Long Term Member
Joined
Jun 6, 2008
Location
India
Well, it seems that I have got infected. Yesterday, during my scheduled scan in Avira, it found a Trojan but was unable to remove it for some reason. I tried again on boot but Avira was still unable to remove it.

The file shows in the log too. I cannot download anything unless its a *.zip file so please post any recommended removal tools as attachments. I would find a tool myself but I am unable to search for anything for now.

-----------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:23:16 PM, on 6/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\Downloads\Avira AntiVir Removal Tool 3.0.1.16.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Downloads\HijackThis 2.0.2 (Executable).exe

O2 - BHO: (no name) - {53C5DF30-5878-4596-8498-D4B59957776B} - C:\WINDOWS\system32\fccdecDw.dll
O2 - BHO: (no name) - {BE7E4CE1-8CBA-44A6-956F-462A667D3286} - C:\WINDOWS\system32\urqQiFWP.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BMcf834d5e] Rundll32.exe "C:\WINDOWS\system32\nrirnwiw.dll",s
O20 - Winlogon Notify: urqQiFWP - C:\WINDOWS\SYSTEM32\urqQiFWP.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

--
End of file - 1785 bytes

--------------------------------------------------------------------------

Let me know if it can be cured or not as I am already due for a format. Also, as far as possible, please try and recommend some procedures which are not so CPU extensive as I have very low System Specifications. Thanks for any help that might be given. :)

-- Goku
 

maynardvdm

FPCH Long Term Member
Joined
Feb 7, 2007
Location
South Africa
Have you run the scans in the malware sticky?

It looks like a Vundo infection, but i'll let Seth handle this one.
 
Last edited:
W

Wolfeymole

Are you sure that's the full log Goku, there doesn't seem to be hardly any programs listed?
 

Goku

FPCH Long Term Member
Joined
Jun 6, 2008
Location
India
Have you run the scans in the malware sticky?

It looks like a Vundo infection, but i'll let Seth handle this one.
Unfortunately, I can't download anything Maynard and therefore I am not in a state to run Malwarebytes or SUPERAntiSpyware. Can you just verify if a simpler tool will be able to remove it or better yet, if a format will remove it. As I said, I am already due for a format and therefore shall do it if needed. :)

-- Goku
 

Goku

FPCH Long Term Member
Joined
Jun 6, 2008
Location
India
Are you sure that's the full log Goku, there doesn't seem to be hardly any programs listed?
Yes Wolfey, that is the complete log and that too in Normal mode. As I said, I have very low System Specifications and cannot afford to run many programs. I will be happy enough to run more when I have a computer with higher specifications. :)

-- Goku
 

Goku

FPCH Long Term Member
Joined
Jun 6, 2008
Location
India
Exactly what are the specs Goku?
Intel Pentium III 551 MHz Processor,
128 MB RAM,
Microsoft Windows XP Professional, Version 2002, Service Pack 3,
18.6 GB Hard Drive.

I know its not much but I am striving hard for a new computer and should be able to get a new one in some time. :)

-- Goku
 
W

Wolfeymole

XP will take it's toll on those specs Goku I have to agree but you should still be able to obtain the programs listed in the Malware sticky.

I would refrain from making partitions also Goku.
 

RandyL

Administrator
Joined
Jan 22, 2003
Location
USA, Nebraska
PC Experience
Very Experienced
In addition to my last post I have two more questions.

What was the name of the trojan Antivir found?

Can you just not save downloaded files if they are not zip?

I'm asking because I want to know if you can download, run and install the eset files as they don't need to be saved but can be run from the download itself. Note the ActiveX component.

If you can do that as well as download SAS and Malwarebytes and the updates on another computer then burn to disk you should be able to install all three programs. For that matter can you Run the SAS and Malwarebytes downloads instead of saving?
 

Goku

FPCH Long Term Member
Joined
Jun 6, 2008
Location
India
Sorry for the inconvenience all as I just did a reformat and am back. Completed all within an hour with all the drivers. The machine is running smoothly now. Here is a new log which I believe is cleaner than the last one. :)

---------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:59:52 PM, on 6/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Downloads\HijackThis 2.0.2 (Executable).exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

--
End of file - 1321 bytes

-------------------------------------------------------------------------------------

Sorry for putting you on your heels. By the way, Randy, I could not save any file because after I would click on Save, the file would disappear and no matter how many times I downloaded it, the Trojan would always delete it. Anyways, as I said, a reformat solved it. Thank you all for your help. :)

-- Goku
 

Goku

FPCH Long Term Member
Joined
Jun 6, 2008
Location
India
This thread appears to be solved and is now closed

If you are the original poster of this thread and need it re-opened, then please PM (Private Message) an Administrator or Moderator

-- Goku
 
Top Bottom