TechSpot

netd32 mark in HJT log

By abanerji
Sep 18, 2007
  1. This is regarding a second PC I have ... primarily used by a family member. The details are :-
    XP-pro SP2 (patched), AVG free 7.5.487, AVG anti-spyware 7.5, ZoneAlarm free 6.5.737.000, ProcessGuard free 3.405
    Both AVG programs are updated daily.

    There was a virus attack in 2005, when the protection was only AVG free. With technical help, the system was cleaned then.
    After that, the PC has run ok with no visible sign of anything untoward.

    I have done several system scans with AVG and AVG-AS ... comes clean. Additionally, I use Ccleaner and Spywareblaster (to populate IE's restricted sites).

    I just ran a HJT on this PC for the first time, and submitted at hijackthis.de. There seems some mark of the worm still in these two lines below :-

    O4 - HKLM\..\Run: [Microsoft Network Daemon for Win32] netd32.exe
    O4 - HKLM\..\RunServices: [Microsoft Network Daemon for Win32] netd32.exe

    However, a search of netd32.exe in the C: drive returned nothing.

    I am providing the HJT log here. Shall be grateful to receive advice.

    Thanks
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your system is infected with the RANDEX.F WORM and an unknown trojan of some kind.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the AVG Antirootkit scan.

    Regards Howard :)

    This thread is for the use of abanerji only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. abanerji

    abanerji TS Rookie Topic Starter Posts: 43

    Howard, thank you for the instructions. I am attaching the three files required, viz., fresh HJT, AVG AS, and Combofix logs. Also, AVG antirootkit scan came clean.

    Thanks again
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    All your log files are now clean.

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.


    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of abanerji only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. abanerji

    abanerji TS Rookie Topic Starter Posts: 43

    Thank you, Howard. Big relief for a normal user :D

    Regards,
    Ananda
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...