Check my logs?

[jimvonhank]

I've had no symptoms, but have noticed suspicious internet access requests.

Thank you people for great tips in this forum. I've done scans according to the thread on "Viruses/Spyware/Malware, preliminary removal instructions"

But I still suspect some creepy activity on my computer by the file c:windows/system32/routing.exe
I did a scan on virustotal.com. Log attached. Should I get rid of it, and how? By using HJT?

Can someone check my log files?
Panda Antiroot kit scan showed nothing wrong.

Sorry if I posted too many logs

grateful guy

 

[Tedster]

https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

 

[jimvonhank]

Yes, I'm very familiar with that thread. It's the one I've been following when scanning for viruses. I was about to post that exact link in my first posting. But you are not allowed to post links in the 3 first posts. So I just wrote the title.

My first question is if routing.exe in C:Windows/system32/ is a trojan or not! According to Kapersky and F-prot it is a trojan (See the logfile "virustotal scan of routing.exe"). But I don't want to buy Kapersky or F-prot just to get rid of it. Is there any other way? Maybe through HiJack This?

My second question is: Are there more suspicious things in my files in my hijackthis log?

Thank you!

 

[Tedster]

you appear to have more than 1 antivirus installed on your machine. only install 1 AV. Then tell me what viri it finds.

 

[jimvonhank]

Thank you for a quick reply!

I fail to see two anti virus systems installed. I run Norman Antivirus. If you are referring to the process c:/programfiles/grisoft/AVG Anti-Spyware 7.5/avgas.exe this is anti SPYWARE, and not AVG Antivirus!

Which is the other antivirus program apart from Norman?

Can i remove routing.exe with HJT, or could my XP get in trouble?

 

[Tedster]

These are the ones I thought. They have an asterix * in front.

Antivirus Version Last Update Result
AhnLab-V3 2007.12.29.10 2007.12.29 -
*AntiVir 7.6.0.46 2007.12.28 -
Authentium 4.93.8 2007.12.29 -
*Avast 4.7.1098.0 2007.12.28 -
*AVG 7.5.0.516 2007.12.28 -
BitDefender 7.2 2007.12.29 -
CAT-QuickHeal 9.00 2007.12.28 -
ClamAV 0.91.2 2007.12.28 -
DrWeb 4.44.0.09170 2007.12.28 -
eSafe 7.0.15.0 2007.12.27 -
eTrust-Vet 31.3.5410 2007.12.29 -
Ewido 4.0 2007.12.28 -
FileAdvisor 1 2007.12.29 -
Fortinet 3.14.0.0 2007.12.28 -
F-Prot 4.4.2.54 2007.12.28 -
*F-Secure 6.70.13030.0 2007.12.28 Trojan-Downloader.Win32.Agent.gwg
Ikarus T3.1.1.15 2007.12.29 -
Kaspersky 7.0.0.125 2007.12.29 Trojan-Downloader.Win32.Agent.gwg
McAfee 5195 2007.12.28 -
Microsoft 1.3109 2007.12.29 -
NOD32v2 2754 2007.12.28 -
Norman 5.80.02 2007.12.28 -
*Panda 9.0.0.4 2007.12.28 -
Prevx1 V2 2007.12.29 Generic.Rootkit
Rising 20.24.42.00 2007.12.28 -
*Sophos 4.24.0 2007.12.28 -
Sunbelt 2.2.907.0 2007.12.28 -
*Symantec 10 2007.12.29 -
TheHacker 6.2.9.174 2007.12.28 -
VBA32 3.12.2.5 2007.12.26 -
VirusBuster 4.3.26:9 2007.12.28 -
Webwasher-Gateway 6.6.2 2007.12.28

It looked like you had several antivirus programs installed.

Try this for removal of trojans: http://www.trojan-win32-removal.com.removal-instructions.com/removeTrojan.html

 

[jimvonhank]

Wrong log!

Ah, I see!

You are looking at a log from a scan done on the website virustotal.com. I scanned one single file called routing.exe on that site. The site uses ALL available antivirus and antispyware systems. So of course it shows a hole bunch of antivirus software. On my computer I've only installed Norman.

Now will you please read my earlier postings in the thread and answer my questions about this file routing.exe? There are 3 or 4 other logs attached. If they are missing, I can post them again.