Nod 32

**ZeroTolerance** · 08-08-2004, 08:47 PM

anybody knows a good anti virus anit trojan programs that would kill trojans

here is my trojan files. i have 2

only 1 trojan i posted

File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\bi.cab is infected with trojan Win32/TrojanDownloader.Stubby.A. NOD32 cannot clean this infiltration.

**Rip The Jacker** · 08-08-2004, 08:59 PM

Have you tried restarting in safe mode and deleting the files yourself?

**ZeroTolerance** · 08-08-2004, 09:08 PM

Originally posted by Rip The Jacker@8 August 2004 - 21:00
Have you tried restarting in safe mode and deleting the files yourself?

yes

i raned NOD32 in safemode but it didnt delete it. i tried deleteing it my self manually but i couldnt find the file.

**Rip The Jacker** · 08-08-2004, 09:09 PM

Hmm... try using Trojan Remover, see what happens.

**ZeroTolerance** · 08-08-2004, 09:13 PM

Originally posted by Rip The Jacker@8 August 2004 - 21:10
Hmm... try using Trojan Remover, see what happens.

ok

**Rip The Jacker** · 08-08-2004, 09:15 PM

If you can't find the file, all you have to do is go to Start > Run > type in "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\" without the quotes, and click OK, the folder holding the trojan should have opened up.

**peat moss** · 08-08-2004, 09:19 PM

ZeroTolerance, Friend you have some major problems with that puter! Have you tryed
Hijack this ? Run program then post here. Some kind soul will help.

http://www.siena.edu/antivirus/Spyware/hijackthis.htm

**ZeroTolerance** · 08-08-2004, 09:24 PM

Originally posted by Rip The Jacker@8 August 2004 - 21:16
If you can't find the file, all you have to do is go to Start > Run > type in "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\" without the quotes, and click OK, the folder holding the trojan should have opened up.

wouldnt that activate the trojan?

**ZeroTolerance** · 08-08-2004, 09:27 PM

Originally posted by peat moss@8 August 2004 - 21:20
ZeroTolerance, Friend you have some major problems with that puter! Have you tryed
Hijack this ? Run program then post here. Some kind soul will help.

http://www.siena.edu/antivirus/Spyware/hijackthis.htm

ogfile of HijackThis v1.98.0
Scan saved at 4:30:50 PM, on 8/8/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\Documents and Settings\Owner\Desktop\trayit\trayit!.exe
C:\Program Files\Kazaa Lite K++\KazaaLite.kpp
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trojan Remover\jyi1.exe
C:\Program Files\Trojan Remover\jyi1.exe
C:\Documents and Settings\Owner\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Messenger\ycomp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Messenger\ycomp.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Startup: TrayIt!.lnk = C:\Documents and Settings\Owner\Desktop\trayit\trayit!.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (file missing)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

**Rip The Jacker** · 08-08-2004, 09:32 PM

Originally posted by ZeroTolerance+8 August 2004 - 13:25--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (ZeroTolerance @ 8 August 2004 - 13:25)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin-Rip The Jacker@8 August 2004 - 21:16
If you can't find the file, all you have to do is go to Start > Run > type in "C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\" without the quotes, and click OK, the folder holding the trojan should have opened up.

wouldnt that activate the trojan? [/b][/quote]
No. Just make sure you leave out the "bi.cab" part at the end.

Do this at Start > Run:
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\
This will open the folder, then look for the "bi.cab" file and delete it.

Don't do this:
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\bi.cab
That will open the file.

I have to go to work, good luck.

Thread: Nod 32

Thread Tools

Bookmarks

Bookmarks

Posting Permissions