SpyWare Program: TrojanSPM/LX
| Author |
Message |
F. Fischer
Joined: 17 Jun 2006
Posts: 2
|
 Post subject: SpyWare Program: TrojanSPM/LX |
 |
|
Hallo NG,
i´m new here and from Germany. Last days i'm getting a virus warning
Attention!Virus Detected
>
> Common Name: TrojanSPM/LX
> Threat Level: 5
> Damage Level: 5
> Distribution level: 4/5
> Die Effect Platforms
> First Dectected on: Sat May 27 11:27:15 UTC+02000 2006
> Effects: It allows to get into the affected comouter. Steals and
> deletes privat data. Has to be cleaned as fast!
>
> To claen up detected virus you need to download one of the latest
> security updates. Choose a produkt and click " Download" to protected
>
> Produkt: WinAntiVirus
> AntiVirusGold
> VirusBlasr
I tried EWIDO in safe mode and got a file name, which is infected but: the file is not deleteable.
A0031316.EXE
Every time i'm starting my internet browser, i'm getting this virus message. I'm using the Kaspersky Antivirus System and i tried to contact them. They told me, that this file is a spy program but it is a legal version and that's the reason, why anti-spysoftware could not delete ist. They told me to contact your homepage to get a solution.
I hope, you can help me.
Many Thanks
F. Fischer |
|
Sat Jun 17, 2006 7:45 am
 |
|
 |
GTO
Joined: 15 Nov 2005
Posts: 1519
|
| Post subject: |
|
|
|
|
Sat Jun 17, 2006 11:17 am
|
|
|
F. Fischer
Joined: 17 Jun 2006
Posts: 2
|
| Post subject: |
|
|
Hello,
here is the LOG File
Logfile of HijackThis v1.99.1
Scan saved at 11:39:10, on 19.06.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe
C:\Programme\ewido anti-malware\ewidoctrl.exe
C:\Programme\ewido anti-malware\ewidoguard.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Ahead\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Outlook Express\msimn.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [T-Online Dialerschutz-Software] "C:\Programme\T-Online\Dialerschutz-Software\Defender.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: windata 7 Zahlungserinnerung.lnk = ?
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Dialerschutz Dienst (DFSVC) - Unknown owner - C:\Programme\T-Online\Dialerschutz-Software\DFInject.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido anti-malware\ewidoguard.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Programme\Ahead\InCD\InCDsrv.exe
Many Thanks.
F. Fischer |
|
Mon Jun 19, 2006 10:01 am
|
|
|
GTO
Joined: 15 Nov 2005
Posts: 1519
|
| Post subject: |
|
|
Hi, F. Fischer.
Please follow these steps:
1. Download the smitRem tool and unpack its files to a chosen folder.
2. Use HijackThis to fix the following entries:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp
3. Now restart your system in Safe Mode. This step is very important!
4. Once in Safe Mode, run the smitRem tool by executing the RunThis.bat file.
5. After you get done, restart your computer, run new HijackThis scan and post a fresh log here. |
|
Tue Jun 20, 2006 7:18 am
|
|
|
thechanmanxd
Joined: 27 Jun 2006
Posts: 7
|
| Post subject: Hi |
|
|
Hi, thechanmanxd.
Please create your own topic in the HijackThis log analysis section and post your HijackThis log there.
[DELETED BY THE ADMINISTRATOR] |
|
Tue Jun 27, 2006 1:59 am
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
Recommended software:
Spyware Doctor
 (91/100)
Spyware Doctor is a very powerful, but yet highly user-friendly spyware remover, made by PC Tools, reputable computer security experts. This product provides effective and easy-to-manage...
SUPERAntiSpyware
 (89/100)
SUPERAntiSpyware is a powerful, highly effective spyware remover introducing advanced parasite detection and removal features along with reliable real-time protection. The program is not...
CounterSpy
 (85/100)
CounterSpy is a powerful spyware remover based on revolutionary hybrid engine, which incorporates traditional anti-spyware and advanced antivirus engines. Such combination allows CounterSpy...
Malwarebytes Anti Malware
 (75/100)
There are loads of malware removers on the net today and most of them are lightweight applications, which usually means they’re fast and don’t have many features. One such...
Windows Defender
(75/100)
Windows Defender is a free anti-spyware program made by the leading software company to add native spyware protection to its most popular product - the Microsoft Windows operating...
Encyclopedia of parasites:
|
