Hi there
AVG informs me that the file C:\WINDOWS\System32\rdsndin.exe
has been infected with the Trojan Horse Clicker.FR was using the trial version of AVG but when that ran out guard was down
Have tried CCleaner, Spybot SD, CWShredder all to no avail....
Symptoms are:
- when 'clicking' on a link i always get redirected to another website
- general slowness with IE
- spybot now takes 20 mins. to scan whereas before scan time was about 5 mins.
- have fixed spyware through SD but it appears theres some ware still lurking in there somewhere
i use Windows 9*cough*8 SE
here is my log:
Logfile of HijackThis v1.99.1
Scan saved at 07:32:08, on 24/08/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOGWAT95.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\USB FLASH DISK UTILITY\UFD UTILITY\UFDMON.EXE
C:\PROGRAM FILES\USB FLASH DISK UTILITY\UFD UTILITY\USBTD.EXE
C:\PROGRAM FILES\THOMSON\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
C:\PROGRAM FILES\SPEEDTOUCH\DR SPEEDTOUCH\DRST.EXE
C:\PROGRAM FILES\OKIDATA\OKI LPR UTILITY\OKILPR.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\1033\MSOFFICE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LogWatch] C:\WINDOWS\LogWat95.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [UFD Monitor] C:\Program Files\USB Flash Disk Utility\UFD Utility\UFDMon.exe
O4 - HKLM\..\Run: [UFD Utility] C:\Program Files\USB Flash Disk Utility\UFD Utility\USBTD.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: OKI LPR Utility.lnk = C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
Id appreciate any help...mainly im wondering whetehr or not this problem can be fixed manually as im on the verge of a reformat.
0
hijack this log for inspection...
Started by psysmith, Aug 24 2005 07:12 AM
2 replies to this topic
#2 OFFLINE
-
- Moderators
-
- 8,874 posts
I hate computers
- Gender:Male
Posted 24 August 2005 - 10:56 AM
I want you to go to the following site and follow the directions exactly. Including the online trend micro scan(Do a full scan).
http://downloads.loc...m/cleaning.html
Also dont worry about ms antispy in this link. It wont work on win 98 everything else should though.
http://downloads.loc...m/cleaning.html
Also dont worry about ms antispy in this link. It wont work on win 98 everything else should though.
#3 OFFLINE
-
- Members
-
- 2 posts
Newbie
Posted 24 August 2005 - 07:00 PM
yea i tried that stuff...as recommended by the sticky instructions on this forum....although my computer was behaving as if malware was installed in fact it was the trojan files that were causing the problems.
AVG had picked up some indication of this so i gave a program called 'trojanremover' a run - which was a jolly good effort but ineffective....
now, i was advised on installing antvirguard found at antivir.deand all problems were solved!!!
(go for the 'classic' version - its free)
i had to uninstall AVG but this is no big deal considering the german might that would proceed....
it took 30 mins to scan my C drive in ALL its entirety and found 5 trojan files (completely undetected and unresolved by AVG) and fixed them all....now everythings back to normal and ive got a solid anitvirus program backing everything up.
vorsprung durch technik and all that.....
thanks.
AVG had picked up some indication of this so i gave a program called 'trojanremover' a run - which was a jolly good effort but ineffective....
now, i was advised on installing antvirguard found at antivir.deand all problems were solved!!!
(go for the 'classic' version - its free)i had to uninstall AVG but this is no big deal considering the german might that would proceed....
it took 30 mins to scan my C drive in ALL its entirety and found 5 trojan files (completely undetected and unresolved by AVG) and fixed them all....now everythings back to normal and ive got a solid anitvirus program backing everything up.
vorsprung durch technik and all that.....
thanks.
