Sir i am too having the same problem.. ill follow your ur instructions and post the report..... thanks.....
gviswa18 0 Newbie Poster
gviswa18 0 Newbie Poster
sir pls update that link to sdfix....... it is broken
gviswa18 0 Newbie Poster
sir this is the report.txt file......
pls read this...........
SDFix: Version 1.116
Run by Administrator on Wed 12/05/2007 at 07:14 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: D:\DOCUME~1\ADMINI~1\Desktop\SDFix\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
D:\WINDOWS\system\svchost.exe - Deleted
D:\WINDOWS\system32\setting.ini - Deleted
Removing Temp Files...
ADS Check:
D:\WINDOWS
No streams found.
D:\WINDOWS\system32
No streams found.
D:\WINDOWS\system32\svchost.exe
No streams found.
D:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-05 19:21:56
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="D:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"D:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="D:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"D:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"="D:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe:*:Enabled:javaw"
"D:\\Program Files\\BitLord\\BitLord.exe"="D:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"D:\\Program Files\\Google\\Google Talk\\googletalk.exe"="D:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"D:\\Program Files\\Orbitdownloader\\orbitdm.exe"="D:\\Program Files\\Orbitdownloader\\orbitdm.exe:*:Enabled:Orbit"
"D:\\Program Files\\Orbitdownloader\\orbitnet.exe"="D:\\Program Files\\Orbitdownloader\\orbitnet.exe:*:Enabled:Orbit"
"D:\\Program Files\\Internet Explorer\\iexplore.exe"="D:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"D:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"="D:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe:*:Disabled:Age of Empires II"
"D:\\Program Files\\Rediff Bol\\RediffMessenger.exe"="D:\\Program Files\\Rediff Bol\\RediffMessenger.exe:*:Enabled:Rediff Bol 8.0 "
"D:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="D:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"D:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="D:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files:
---------------
File Backups: - D:\DOCUME~1\ADMINI~1\Desktop\SDFix\SDFix\backups\backups.zip
Files with Hidden Attributes:
Fri 9 Nov 2007 2,668 A..H. --- "D:\Program Files\SuperGOO\MetaImage.dll"
Sun 27 Apr 2008 106,496 A.SHR --- "D:\WINDOWS\system\_sv_CMD_\_U_.exe"
Wed 28 Nov 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\0d4a7c846fe5e74c3056c3e240c1ffeb\BITB.tmp"
Sat 22 Sep 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\dcfb65ff18fcfdf3d0086d241818e7bc\BIT3B.tmp"
Sat 22 Sep 2007 0 A.SH. --- "D:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 23 Sep 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\080070f6461c8001578e5e4cd4bb024b\download\BITB.tmp"
Finished!
finallly, pls suggest me any good spyware and antivirus?
gviswa18 0 Newbie Poster
Sir thank you very much for ur advice........
Ill post other symptoms i faced before doin ur fix ......
1. when i opened my usb drive.... it did not open saying that user has no permission.....
2. i used folders pane and opened the drive..... i found that there was another folder created within the existing folder using the same name..... but it was not a folder.......it was a exe file with folder icon.....
After the fix
1. I am able to open the drive now. but i am still getting a warning from my spyware doctor anti spyware that a malicious action action has been blocked......
The msg reads
Malicious action blocked
Spyware Doctor has blocked an appln INFO.exe that is trying to access a file.....
Path: D:\windows\system\svchost.exe....
pls help me solve this
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
I have moved your posts to your own thread. Please do not piggy back other members posts in the hijackthis forum :).
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.