also @ TechSpot: Windows logo to get a Metro makeover in Windows 8
Welcome to the TechSpot OpenBoards. Please read the FAQ if you have any questions. Sign up or Login to participate.
Go Back   TechSpot OpenBoards > Software > Software Apps
Reload this Page HighJackThis log and info

Download Now:

HighJackThis log and info
Thread Tools Search this Thread
  #1  
Old 12-24-2004
Newcomer, in training
  
Member since: Dec 2004, 2 posts
HighJackThis log and info
Currently, this messed up computer is supposed to be the server for the LAN at home.

I'm getting a rasautou.exe prompt asking to connect to various sites. It is on a DSL system that uses dial-up for back-up which appears to be more of a floodgate than anything else at the momment.

I'm aware of the nvsc32.exe virus on the computer, yet don't know how to fix it, yet I'm pretty sure that it came through with DyFuCa, and DyFuCa.Internet.Optimizer. I'm pretty sure that there are at least 2-3 viruses on this computer including nvsc32.exe.

If there is anything else that you need to know, tell me, and please help me putting the server back into commission.

As for the log file, it is attached
Attached Files
File Type: txt New Text Document.txt (5.5 KB, 3 views)
  #2  
Old 12-25-2004
TechSpot Evangelist
  
Location: has left the building
Member since: Aug 2003, 8,165 posts
To get rid of this trojan nvsc32.exe follow the instructions in this link:
http://uk.trendmicro-europe.com/ente...ORM_WOOTBOT.ED

After that, go to my post and do exactly what it says.
http://www.techspot.com/vb/topic17297.html

Only then, run HJT on its own in safe mode and let it "fix": (some might be gone already)

C:\WINDOWS\System32\nvsc32.exe
C:\WINDOWS\System32\hllcxpa.exe
C:\Program Files\Admilli Service\AdmilliServ.exe
C:\Program Files\Admilli Service\AdmilliKeep.exe
C:\WINDOWS\System32\rasautou.exe

O4 - HKLM\..\Run: [HLL Data Parameter] hllcxpa.exe
O4 - HKLM\..\Run: [q] C:\documents and settings\stephen teague\local settings\temp\q.exe
O4 - HKLM\..\Run: [Admilli Service] C:\Program Files\Admilli Service\AdmilliServ.exe
O4 - HKLM\..\RunServices: [HLL Data Parameter] hllcxpa.exe
O4 - HKLM\..\RunServices: [NvCplScan] nvsc32.exe
O4 - HKLM\..\RunOnce: [NvCplScan] nvsc32.exe
O4 - HKCU\..\Run: [HLL Data Parameter] hllcxpa.exe
O4 - HKCU\..\Run: [NvCplScan] nvsc32.exe
O4 - HKCU\..\RunServices: [HLL Data Parameter] hllcxpa.exe
O4 - HKCU\..\RunOnce: [NvCplScan] nvsc32.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Cl...bridge-c46.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1100828903609
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing)

Delete all those files that were "fixed",
incl. this lot: C:\Program Files\Admilli Service\
Closed Thread

Similar Topics
Topic Replies Forum
HighJackThis log 4 Virus and Malware Removal
HighJackThis Log 6 Virus and Malware Removal
Highjackthis help 1 Virus and Malware Removal
hello highjackthis? 5 Virus and Malware Removal
Take a look at my Highjackthis log 1 Virus and Malware Removal

Thread Tools Search this Thread
Search this Thread:

Advanced Search
All times are GMT -4. The time now is 04:28 PM.