Home > Hijackthis > Hijackthis - Keylogger Or Trojans?

Hijackthis - Keylogger Or Trojans?

The scan may take some time to finish,so please be patient. It's a little detailed and will take a few minutes to type. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.   Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{903c377b-e501-4a35-a6b2-1e3994711ea1} (Trojan.Vundo) -> Quarantined and deleted successfully. Interests:Golf, Pool (Snooker), Enjoying retirement. his comment is here

Have carried out the rest of your instructions though.   Here is my new Hijackthis log:   Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:16:18, on 07/01/2009 Platform: Windows OriginalFilename : cidaemon.exe #:31 [cidaemon.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1748 ThreadCreationTime : 1-2-2007 1:49:05 AM BasePriority : Idle FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft Windows Operating Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE Firewall is Zone Alarm free and I used that to block any suspicious programs. https://forums.techguy.org/threads/hijackthis-keylogger-or-trojans.916376/

Share this post Link to post Share on other sites Kallous Member Full Member 3 posts Posted January 7, 2009 (edited) · Report post Hi,   Thanks for your help Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! All rights reserved.

All rights reserved. FileDescription : HP CUE Status InternalName : HPQSTS00 LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004 OriginalFilename : HPQSTS00.EXE Comments : HP CUE Status #:49 [hprblog.exe] FilePath : C:\Program Files\HP\Digital Imaging\Product Assistant\bin\ But I was still wondering is there anything about that csrss.exe trojan showing up at all? HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

I also was earlier going through a processes database and was looking up all the processes I had on my computer and found that I had two csrss.exe processes running. HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged https://www.bleepingcomputer.com/forums/t/285131/hijackthis-log-unknown-trojankeylogger/ All rights reserved.

Type : IECache Entry Data : [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:[email protected]/ Expires : 2-18-2008 8:19:54 AM LastSync : Hits:1 UseCount : This is only a short scan. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60b244be-559d-4269-b96e-cd264d828ec9} (Rogue.PCAntispy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{903c377b-e501-4a35-a6b2-1e3994711ea1} (Trojan.Vundo) -> Quarantined and deleted successfully.

Once the short scan has finished, mark the drives that you want to scan. https://forums.whatthetech.com/index.php?showtopic=80072 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. I've run Spybot, Ad aware, AVG anti-spyware and AVG virus scan. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since

Similar Threads - Hijackthis Keylogger trojans Solved HELP! 11b1 and bafa issues. http://filealley.com/hijackthis/hijackthis-what-else-can-i-remove.html Interests:Golf, Pool (Snooker), Enjoying retirement. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff All rights reserved.

Anyways, heres my log: thanks againLogfile of Trend Micro HijackThis v2.0.2Scan saved at 7:46:38 PM, on 6/8/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18226)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\RtHDVCpl.exeC:\Program Files\Hewlett-Packard\On-Screen OSD Several functions may not work. We want to provide a resource for managing smartphone issues, particularly with malware, but with other things as well. http://filealley.com/hijackthis/hijackthis-other-questions.html OriginalFilename : msmsgs.exeMemory scan result:New critical objects: 0Objects found so far: 0Started registry scanRegistry Scan result:New critical objects: 0Objects found so far: 0Started deep registry scanDeep registry scan result:New critical objects:

All rights reserved. OriginalFilename : svchost.exe#:10 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1312 ThreadCreationTime : 1-2-2007 6:41:23 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft Windows Operating System Norton had identified two files relating to the virus.

Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized!

It could help in identifying the trojan and help us find a way to help you get rid of it. Please don't send help request via PM, unless I am already helping you. mbam-log-2008-10-25 (21-25-14).txt   Scan type: Quick Scan Objects scanned: 39899 Time elapsed: 9 minute(s), 2 second(s)   Memory Processes Infected: 0 Memory Modules Infected: 4 Registry Keys Infected: 29 Registry Values C:\WINDOWS\system32\WinHel.dll   Restart the computer normally.   Download Dr.Web CureIt to the desktop: ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe Next, please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2)

Advertisement Recent Posts What's for Dinner...... Several functions may not work. Hijackthis For Trojans And Keylogger Started by kidscrash , Jun 05 2007 08:27 PM This topic is locked No replies to this topic #1 kidscrash kidscrash New Member New Member 5 check over here Neither attempt was successful.

If you have email address at Hotmail, Hotmail.uk, etc etc then you will not get notifications and need to manually check for new replies. Staff Online Now Cookiegal Administrator crjdriver Moderator Advertisement Tech Support Guy Home Forums > Security & Malware Removal > Virus & Other Malware Removal > Home Forums Forums Quick Links Search IE 11 copy/paste problem It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{903c377b-e501-4a35-a6b2-1e3994711ea1} (Trojan.Vundo) -> Quarantined and deleted successfully. All rights reserved. OriginalFilename : services.exe#:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 804 ThreadCreationTime : 1-2-2007 6:41:20 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft Windows Operating System C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.

Location: : S-1-5-21-1614895754-1972579041-725345543-1003\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Logfile of HijackThis v1.99.1 Scan saved at 10:03:42 PM, on 6/5/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe Reboot.   3. OriginalFilename : nvsvc32.exe #:25 [hpzipm12.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1648 ThreadCreationTime : 1-2-2007 1:30:12 AM BasePriority : Normal FileVersion : 9, 0, 0, 0 ProductVersion : 9, 0, 0, 0

Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. And and I'm on Vista. Make sure you do the advanced search options and choose to search Hidden and System files and search for csrss.exeif you find a second one that is not in the location C:\WINDOWS\system32\vgchgz.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. Posted October 23, 2008 · Report post Hello, Welcome to SPYWAREINFO I'm nasdaq and will help you.   If you can please print this topic it will make it easier for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.