Read on full site | Join TechSpot! (it's free) | Bookmark / Share this


HighJackThis log and info

ADTeagu
12-24-2004, 02:50 PM
Currently, this messed up computer is supposed to be the server for the LAN at home.

I'm getting a rasautou.exe prompt asking to connect to various sites. It is on a DSL system that uses dial-up for back-up which appears to be more of a floodgate than anything else at the momment.

I'm aware of the nvsc32.exe virus on the computer, yet don't know how to fix it, yet I'm pretty sure that it came through with DyFuCa, and DyFuCa.Internet.Optimizer. I'm pretty sure that there are at least 2-3 viruses on this computer including nvsc32.exe.

If there is anything else that you need to know, tell me, and please help me putting the server back into commission.

As for the log file, it is attached
RealBlackStuff
12-25-2004, 05:21 AM
To get rid of this trojan nvsc32.exe follow the instructions in this link:
http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_WOOTBOT.ED

After that, go to my post and do exactly what it says.
http://www.techspot.com/vb/topic17297.html

Only then, run HJT on its own in safe mode and let it "fix": (some might be gone already)

C:\WINDOWS\System32\nvsc32.exe
C:\WINDOWS\System32\hllcxpa.exe
C:\Program Files\Admilli Service\AdmilliServ.exe
C:\Program Files\Admilli Service\AdmilliKeep.exe
C:\WINDOWS\System32\rasautou.exe

O4 - HKLM\..\Run: [HLL Data Parameter] hllcxpa.exe
O4 - HKLM\..\Run: [q] C:\documents and settings\stephen teague\local settings\temp\q.exe
O4 - HKLM\..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exe
O4 - HKLM\..\RunServices: [HLL Data Parameter] hllcxpa.exe
O4 - HKLM\..\RunServices: [NvCplScan] nvsc32.exe
O4 - HKLM\..\RunOnce: [NvCplScan] nvsc32.exe
O4 - HKCU\..\Run: [HLL Data Parameter] hllcxpa.exe
O4 - HKCU\..\Run: [NvCplScan] nvsc32.exe
O4 - HKCU\..\RunServices: [HLL Data Parameter] hllcxpa.exe
O4 - HKCU\..\RunOnce: [NvCplScan] nvsc32.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ClickYesToContinue/ie/bridge-c46.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100828903609
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing)

Delete all those files that were "fixed",
incl. this lot: C:\Program Files\Admilli Service\
Ad
12-25-2004, 05:21 AM
  

Post a reply, see related topics & more

Tip: Download Advanced SystemCare 3 Free - Clean, Repair, Protect & Optimize your PC.



 Top Technology News

TechSpot Blog: Disable Windows automatic check for solutions after a program crashes

Weekend Open Forum: Google Chrome OS and the future of cloud computing

Tech Tip of the Week: Unearth Region-Specific Windows 7 Themes

Sony: PlayStation 3 to be 3D-capable via firmware update

iSuppli: DDR3 to account for over half of DRAM shipments by Q2 2010

Facebook named third most popular video website behind YouTube and Hulu

Patriot introduces new PS-100 SSD series

Sony working on digital store for music, movies, books

More Tech News

  
 Software Downloads

Norton Virus Definitions 2003-07 November 20, 2009

AVG Anti-Virus Updates November 20, 2009

Norton Virus Definitions 2008-09 November 20, 2009

avast! Virus Definitions November 20, 2009

McAfee SuperDAT Update 5808

Kaspersky Anti-Virus Update November 20, 2009

Google SketchUp 7.1.6087

More Downloads



Copyright © 1998-2009 TechSpot.com. TechSpot is a registered trademark. All Rights Reserved.