Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Dec 1st, 2008, 8:44pm
   Mischel Internet Security Forum
   Malware
   Trojans (Moderators: Helena, Gavin_Coe, Magnus)
   Downloader.swizzor.8.BK		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: Downloader.swizzor.8.BK  (Read 903 times)
philbinator
Newbie
*





   


Posts: 2
Downloader.swizzor.8.BK
« on: Jan 3rd, 2007, 11:54pm »		 Quote Quote  Modify Modify
Hi i have this stupid trojan and can't get rid of it!  it's affecting my connection i think.  i've tried avg, adaware, spybot etc...can someone help me please?  here is my hijackthis log file:
 
Logfile of HijackThis v1.99.1
Scan saved at 6:42:42 PM, on 1/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\NoAdware5.0\NoAdware5.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Phil\Desktop\Downloads\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\AnalyzeThis\AnalyzeThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://192.168.1.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [NoAdware5] "C:\Program Files\NoAdware5.0\NoAdware5.exe" :Min:
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
 
 
any help greatly appreciated.  thank you!
 
phil
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5815
Re: Downloader.swizzor.8.BK
« Reply #1 on: Jan 4th, 2007, 12:07am »		 Quote Quote  Modify Modify
Welcome to the forum philbinator    
 
Nothing in HiJackthis log is showing up an infection.  
 
Please do this and see if anything is uncovered.    
 
1.  Download/Install the trial version of TrojanHunter (I assume you do not have TH on your computer).  After you get it installed, open TrojanHunter Scanner:  
 
-  Run LiveUpdate to download the very latest rulesets.  
-  Click on the Options icon on the left sidebar.  Checkmark all the scanning options.  
-  Click on the Scan icon on the left sidebar.  Checkmark the hard drives you would like scanned.  
-  Close TH scanner.  
 
2.  Reboot your computer into SAFE MODE.  
 
3.  In SAFE MODE, run a FULL SCAN with TrojanHunter and let it clean what if finds.  Please save the scan/cleaning log so that you can post it back here.  Look under FILE in the top menu bar to initiate the log save.  
 
4.  Reboot your computer into Normal Mode.  
 
5.  Test your computer for a rootkit by running a scan with F-Secure Blacklight.  The link below guides you to the download page for Blacklight.  Be sure to download Blacklight, not the security suite.    
 
http://www.misec.net/forum/board/FAQ/1164990581  
 
6.  Run a REMOTE SCAN with Bit Defender's online scanner.  The link below guides you to Bit Defender.  You will need to use IE because an ActiveX element has to be installed by Bit Defender.  Be sure to deactivate your normal AV scanner and other realtime security scanners when doing this remote scan.  Let BD delete what it finds.  
 
http://www.misec.net/forum/board/FAQ/1141894786  
 
7.  Please post back here the results of the TH scan, the Bit Defender scan, and the Blacklight scan.  
 
7.  Run a new HiJackthis scan and post it back here.
« Last Edit: Jan 4th, 2007, 12:07am by siliconman01 » IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
philbinator
Newbie
*





   


Posts: 2
Re: Downloader.swizzor.8.BK
« Reply #2 on: Jan 4th, 2007, 4:55am »		 Quote Quote  Modify Modify
all the logs i got are too long to be included in this message.  what shall i do?
 
cheers
phil
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5815
Re: Downloader.swizzor.8.BK
« Reply #3 on: Jan 4th, 2007, 5:27am »		 Quote Quote  Modify Modify
Quote:
all the logs i got are too long to be included in this message.  what shall i do?  

 
Break them up into multiple posts please.
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register