TechSpot

separate issue,HJT log help,please!

By holdenyosarian
Mar 23, 2007
  1. I thought I'd already posted my HJT log/questions here previously, but apparantly they either weren't received, or were removed under the assumption that I was "double posting". In the event that the latter happens to be the case, just want to clarify--they're unrelated.

    Could someone explain the following lines of the log (function/origin)--log posted thereafter:

    O23 - Service: D - Unknown owner - C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\D.exe (file missing)
    O23 - Service: FRNNCGO - Unknown owner - C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\FRNNCGO.exe (file missing)
    O23 - Service: IX - Unknown owner - C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\IX.exe (file missing)

    Also, there are file in temp folders which won't delete, and while they seem to either appear/disappear or change names, they always begin with "~D..."
    (currently,~DFABF2,~DFC764,~DFE682). There's also one called "Perflibdata_..." it seems to appear with different numbers at the end, i.e. "Perflibdata_30", but it won't delete. What are these?

    Following is the HJT log--please offer any suggestions re non-vital fixes, as well.

    Thanks!

    ...will running AVG anti-virus and Zonelabs sec suite (anti-virus) simultaneously cause any problems re virus detection?
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your system is badly infected. You`re also running an outdated version of HijackThis.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the AVG Antirootkit scan.

    Regards Howard :)

    This thread is for the use of holdenyosarian only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. holdenyosarian

    holdenyosarian TS Rookie Topic Starter

    please help....advice

    I'm sorry, but I must ask...how is my system badly infected?
    Does this mean that everything I've done recently has been logged by "pirates"...i.e. all my personal information, banking, etc.?
    Should I take immediate evasive action--change statements, inform all contacts, take some measures to protect any financial information,etc.?
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your system is infected by the W32/Mytob-GH Trojan as well as several other unidentified trojans/worms.

    You should take immediate evasive action and contact your financial institutions. You personal details, may already have been stolen.

    Disconnect from the net and reformat the system. Do not reconnect to the net until you have reinstalled Windows and installed your firewall software. Trying to clean your system cannot guarantee it`s safety.

    Regards Howard :)

    This thread is for the use of holdenyosarian only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...