Custom Search
Join the PC homebuilding revolution! Read the all-new, FREE 200-page online guide: How to Build Your Own PC!
NOTE: Using robot software to mass-download the site degrades the server and is prohibited. See here for more.
Find The PC Guide helpful? Please consider a donation to The PC Guide Tip Jar. Visa/MC/Paypal accepted.
Results 1 to 3 of 3

Thread: Are we clean

  1. #1
    Join Date
    Jul 2001
    Location
    Wyncote, PA, USA
    Posts
    10,294

    Are we clean

    Client crashed a hard drive. While installing A/V and getting updates, got the Blaster worm. Got rid of it, but I though I'd better post an HJT and see what you guys think, It looks clean to me
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    This item concents me: C:\WINNT\system32\wuauclt.exe
    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\SOUNDMAN.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINNT\system32\wuauclt.exe
    C:\DATA\download\HijackThis.exe

    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINNT\SiSUSBrg.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: PA Manager.lnk = C:\Program Files\Dentrix\PAMgr.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...135.4669444444
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DA35DA11-53FC-48DB-90F0-9A60E1BCF3EE}: NameServer = 209.116.241.10 216.99.225.31

  2. #2
    Join Date
    Feb 2002
    Location
    Somerset, England
    Posts
    2,762
    As the header of your log is missing, i cannot be certain which version of Windoze you are running, but it looks like XP.
    If that is the case then the file you mention is probably the Cult-B trojan.

    See here for details and how to remove.

    Apart from that it's a clean log, but the OS may need updating.
    be wary of strong drink - it may make you shoot at tax collectors, and miss!

  3. #3
    Join Date
    Jul 2001
    Location
    Wyncote, PA, USA
    Posts
    10,294
    I thought I grabbed the entire file, in any case its' Win2K SP4 with IE6 up to date. There are still a few patches left to install. I guess I'll kill that file and go from there.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •