TechSpot

HighJackThis log and info

By ADTeagu
Dec 24, 2004
  1. Currently, this messed up computer is supposed to be the server for the LAN at home.

    I'm getting a rasautou.exe prompt asking to connect to various sites. It is on a DSL system that uses dial-up for back-up which appears to be more of a floodgate than anything else at the momment.

    I'm aware of the nvsc32.exe virus on the computer, yet don't know how to fix it, yet I'm pretty sure that it came through with DyFuCa, and DyFuCa.Internet.Optimizer. I'm pretty sure that there are at least 2-3 viruses on this computer including nvsc32.exe.

    If there is anything else that you need to know, tell me, and please help me putting the server back into commission.

    As for the log file, it is attached
     
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    To get rid of this trojan nvsc32.exe follow the instructions in this link:
    http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_WOOTBOT.ED

    After that, go to my post and do exactly what it says.
    http://www.techspot.com/vb/topic17297.html

    Only then, run HJT on its own in safe mode and let it "fix": (some might be gone already)

    C:\WINDOWS\System32\nvsc32.exe
    C:\WINDOWS\System32\hllcxpa.exe
    C:\Program Files\Admilli Service\AdmilliServ.exe
    C:\Program Files\Admilli Service\AdmilliKeep.exe
    C:\WINDOWS\System32\rasautou.exe

    O4 - HKLM\..\Run: [HLL Data Parameter] hllcxpa.exe
    O4 - HKLM\..\Run: [q] C:\documents and settings\stephen teague\local settings\temp\q.exe
    O4 - HKLM\..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exe
    O4 - HKLM\..\RunServices: [HLL Data Parameter] hllcxpa.exe
    O4 - HKLM\..\RunServices: [NvCplScan] nvsc32.exe
    O4 - HKLM\..\RunOnce: [NvCplScan] nvsc32.exe
    O4 - HKCU\..\Run: [HLL Data Parameter] hllcxpa.exe
    O4 - HKCU\..\Run: [NvCplScan] nvsc32.exe
    O4 - HKCU\..\RunServices: [HLL Data Parameter] hllcxpa.exe
    O4 - HKCU\..\RunOnce: [NvCplScan] nvsc32.exe
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ClickYesToContinue/ie/bridge-c46.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1100828903609
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing)

    Delete all those files that were "fixed",
    incl. this lot: C:\Program Files\Admilli Service\
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...