Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Oct 12th, 2008, 12:13am
   Mischel Internet Security Forum
   Malware
   Adware, Browser Hijackers and other Malware (Moderators: Helena, Gavin_Coe, Magnus)
   possible virus/trojan/worm:  Build 2600.xpsp_		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: possible virus/trojan/worm:  Build 2600.xpsp_  (Read 2045 times)
pintree3
Newbie
*



I love YaBB 1G - SP1!

   


Posts: 5
possible virus/trojan/worm:  Build 2600.xpsp_
« on: Oct 7th, 2004, 11:40pm »		 Quote Quote  Modify Modify
HI
 
Right on top of my taskbar--on the right hand side where the icons and clock are there is written: Build 2600.xpsp_sp2_rtm.040803-2158 (service Pack 2).
A search on google produced 3 results:
2 link to porn sites and the other to a password crack site. This tells me that I have one or both of two things: Either a virus/worm of somesort (Then why doesn't google produce more results?) or a cracked version of some software which I am unaware of (Then why doesn't google produce more results?)
This has popped up (possibly coincidentally) since The Windows Update feature popped up telling me to install something that takes care of some worm/trojan that may or may not be on my compueter.
I have WIndows XP home SP2 installed.
Any advice?
 
I have attached my HiJackTHis log (some results omitted due to length)
Logfile of HijackThis v1.98.0
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 
Running processes:
 
C:\WINDOWS\LTSMMSG.exe
 
C:\WINDOWS\System32\sistray.EXE
C:\PROGRA~1\LAUNCH~1\CPLBY25.EXE
C:\Program Files\Siber Systems\AI  
C:\WINDOWS\hh.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login?.src=ym&.v=0&.u=5529t9h0bic uc&.last =&promo=&.intl=us&.bypass=&.partner=&pkg=&stepid=&.done=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBY25.EXE
O4 - HKLM\..\Run: [BOCleanautostart] BOClean.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O17 - HKLM\System\CCS\Services\Tcpip\..\{F84A2DB0-D493-4869-931D-6EFDDB1399C6} : NameServer = 168.95.192.1 168.95.1.1
 
IP Logged
Aaron
Administrator
*****





   


Gender: male
 Posts: 286
Re: possible virus/trojan/worm:  Build 2600.x
« Reply #1 on: Oct 8th, 2004, 3:09am »		 Quote Quote  Modify Modify
"Right on top of my taskbar--on the right hand side where the icons and clock are there is written: Build 2600.xpsp_sp2_rtm.040803-2158 (service Pack 2).
 
<snip>
 
Any advice?"
 
Relax. Wink  It's not anything bad at all.  There's an option that allows you to show your current Windows version on the desktop in the lower-right corner.  You can leave it if you want, or you can turn it off through the registry.  Here's a PDF I just made to explain how to turn that on and off:
 
http://www.nlcomputers.com/mis/windowsversiondesktop.pdf
Moved: http://www.misec.net/papers/windowsversiondesktop.pdf
 
Should direct you on how to turn that on or off.  BTW, you should make a backup of the registry before starting.  Easiest way is to create a system restore point.  To do this, go to
 
Start | All Programs | Accessories | System Tools | System Restore.
 
Choose "Create a restore point" and click the Next button.  Enter the name of your choice on that screen, and click the Create button.  The next screen should indicate that the restore point was created successfully.  It may take a moment while as the restore information is being written before the final screen appears.
 
Let us know if you have any questions. Smiley
 
Aaron
 
(Now I just hope that Magnus likes the PDF style I made? Huh)
« Last Edit: Oct 9th, 2004, 6:07pm by Aaron » IP Logged
Aaron Hulett | Trojan Analyst | Mischel Internet Security
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5668
Re: possible virus/trojan/worm:  Build 2600.xpsp_
« Reply #2 on: Oct 8th, 2004, 3:20am »		 Quote Quote  Modify Modify
Another way is to download Microsoft's TweakUI PowerToy (147 kb) which has a lot of neat tweaker settings for Windows.
 
http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx
 
No registry tampering needed. Wink
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
Aaron
Administrator
*****





   


Gender: male
 Posts: 286
Re: possible virus/trojan/worm:  Build 2600.x
« Reply #3 on: Oct 8th, 2004, 3:30am »		 Quote Quote  Modify Modify
Awh, come on.  Where's the fun in that? Wink
 
TweakUI is the only PowerToy I have installed ATM.  Some fun settings in there.  You'll find the one for the desktop version information under General.  It's the last item in the list, "Show Windows version on desktop."
 
Why I didn't think of using that instead, I'm not sure.  I'll blame it on the fact it's 3:30am.  Thanks siliconman01.
 
Aaron
IP Logged
Aaron Hulett | Trojan Analyst | Mischel Internet Security
Randy_Bell
Global Moderator
*****




TrojanHunter is the Best!

40416585 40416585   randybell_98   atmrover
WWW   Email

Gender: male
 Posts: 2883
Re: possible virus/trojan/worm:  Build 2600.x
« Reply #4 on: Oct 8th, 2004, 6:05am »		 Quote Quote  Modify Modify
on Oct 8th, 2004, 3:09am, Aaron wrote:
(Now I just hope that Magnus likes the PDF style I made? Huh)

I like it!  I downloaded it, read it, and will keep it in my PDF collection!  Wink
IP Logged
pintree3
Newbie
*



I love YaBB 1G - SP1!

   


Posts: 5
Re: possible virus/trojan/worm:  Build 2600.xpsp_
« Reply #5 on: Oct 8th, 2004, 11:26pm »		 Quote Quote  Modify Modify
Yup, just discovered the truth a few hours ago before I got the chance to read your replies. TweakUI was the cause.
Sorry  to have waisted your time and thank you all for helping me.
 
Another question, possibly related, if I may.
Windows, on reboot seems to forget many settings, and if it is TweakUI, which may be the cause of some but certainly not all, for they were there before TwaekUI. An example of what it forgets is the scroll mouse button settings; -both pre and after TweakUI--though I have set both TweakUI and Windows Mouse settings to scroll at five lines at a time. it goes back to the default of one on every reboot.
How can I let it stay at 5?
Other settings it forgets is Sygate PF settings more on this and others later, for I will try to solve them myself for now--except for the mouse problem which I can not.
 
thanks again
IP Logged
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register