Thread Rating:
02-21-2006, 03:05 AM
<META http-equiv=Content-Language content=en-us>
Heres is some of your problems.
1. PacerDMedia.Installer
pcs_0031.exe)
Type: Trojan
A Trojan that silently installs other programs without consent.
Category: Trojan Downloader
A Trojan that silently installs other programs without consent.
Threat level: High
Programs that might collect your personal information and negatively affect your
privacy or damage your computer, for example, by collecting information or
changing settings, typically without your knowledge or consent.
Author: PACERD, LTD
Description: PacerDMedia.Installer is a Trojan Downloader that contacts a remote
webserver to download various adware and trojan files.
2. 0006_regular.cab (This is
some type of virus of spyware as well) Its bad so get rid of it. Installed
through an activex handler.
3. autodisc.exe (This is trojan virus with backdoor
capabilities to your computer. Meaning most likely your computer is serving
files to a IRC community)
W32/Spybot-CB attempts to move itself to
AUTODISC.EXE in the Windows
System folder and creates entries in the registry at the following
locations to run
itself on system logon:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\
Windows Data Server = AUTODISC.EXE
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Windows Data Server = AUTODISC.EXE
W32/Spybot-CB also attempts to copy itself
to the startup folder of attached
network drives and can be used to record the keystrokes on the
compromised
machine, effectively acting as a keylogger. This worm can also be
used to initiate SYNFlood attacks.
W32/Spybot-CB remains resident, running in
the background as a service
process and listening for commands from remote users via IRC
channels.
W32/Spybot-CB attempts to terminate various
programs including the
following:
W32/Spybot-CB is a network worm with backdoor
Trojan functionality.
Please re-scan your computer with hijackthis again and remove
any entry from your log that I have highlighted in purple.
Logfile of HijackThis v1.99.1
Scan saved at 9:38:36 PM, on 2/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\autodisc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software
Updater.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\DOCUME~1\Wright\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Bar = file://C:\WINDOWS\system32\Searchx.htm
R3 - Default URLSearchHook is missing
O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} -
C:\Program Files\iMesh\iMesh5\iMeshBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator
7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security
2005\pccguide.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [9afed6a8e4a0] C:\WINDOWS\system32\autodisc.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak
EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK
Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} -
C:\PROGRA~1\ICQ\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} -
C:\PROGRA~1\ICQ\ICQ.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -
C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -
C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} -
http://www.pacimedia.com/install/pcs_0031.exe
O16 - DPF:
{7C559105-9ECF-42B8-B3F7-832E75EDD959} - http://www.tbcode.com/ist/softwares/v4.0...egular.cab
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak
Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro
Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro
Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. -
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. -
[url="file:///C:/PROGRA~1/TRENDM~1/INTERN~1/tmproxy.exe"]
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[/url]
Once you remove these. Do another scan and post the new log file and well see
if we got rid of them.
If hijack doesnt remove all of them we will have to manually remove them from
the registry.
Heres is some of your problems.
1. PacerDMedia.Installer
pcs_0031.exe)
Type: Trojan
A Trojan that silently installs other programs without consent.
Category: Trojan Downloader
A Trojan that silently installs other programs without consent.
Threat level: High
Programs that might collect your personal information and negatively affect your
privacy or damage your computer, for example, by collecting information or
changing settings, typically without your knowledge or consent.
Author: PACERD, LTD
Description: PacerDMedia.Installer is a Trojan Downloader that contacts a remote
webserver to download various adware and trojan files.
2. 0006_regular.cab (This is
some type of virus of spyware as well) Its bad so get rid of it. Installed
through an activex handler.
3. autodisc.exe (This is trojan virus with backdoor
capabilities to your computer. Meaning most likely your computer is serving
files to a IRC community)
W32/Spybot-CB attempts to move itself to
AUTODISC.EXE in the Windows
System folder and creates entries in the registry at the following
locations to run
itself on system logon:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\
Windows Data Server = AUTODISC.EXE
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Windows Data Server = AUTODISC.EXE
W32/Spybot-CB also attempts to copy itself
to the startup folder of attached
network drives and can be used to record the keystrokes on the
compromised
machine, effectively acting as a keylogger. This worm can also be
used to initiate SYNFlood attacks.
W32/Spybot-CB remains resident, running in
the background as a service
process and listening for commands from remote users via IRC
channels.
W32/Spybot-CB attempts to terminate various
programs including the
following:
W32/Spybot-CB is a network worm with backdoor
Trojan functionality.
Please re-scan your computer with hijackthis again and remove
any entry from your log that I have highlighted in purple.
Logfile of HijackThis v1.99.1
Scan saved at 9:38:36 PM, on 2/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\autodisc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software
Updater.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\DOCUME~1\Wright\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Bar = file://C:\WINDOWS\system32\Searchx.htm
R3 - Default URLSearchHook is missing
O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} -
C:\Program Files\iMesh\iMesh5\iMeshBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator
7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security
2005\pccguide.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [9afed6a8e4a0] C:\WINDOWS\system32\autodisc.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak
EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK
Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} -
C:\PROGRA~1\ICQ\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} -
C:\PROGRA~1\ICQ\ICQ.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -
C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -
C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} -
http://www.pacimedia.com/install/pcs_0031.exe
O16 - DPF:
{7C559105-9ECF-42B8-B3F7-832E75EDD959} - http://www.tbcode.com/ist/softwares/v4.0...egular.cab
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak
Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro
Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro
Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. -
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. -
[url="file:///C:/PROGRA~1/TRENDM~1/INTERN~1/tmproxy.exe"]
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[/url]
Once you remove these. Do another scan and post the new log file and well see
if we got rid of them.
If hijack doesnt remove all of them we will have to manually remove them from
the registry.
![[-]](https://bluegrassrivals.com/forum/images/lifestyle/collapse.png)
Messages In This Thread
Computer Freezing and Shutting down... - by alfus21 - 02-20-2006, 07:07 PM
Computer Freezing and Shutting down... - by imported_torQQue - 02-20-2006, 07:51 PM
Computer Freezing and Shutting down... - by alfus21 - 02-20-2006, 08:04 PM
Computer Freezing and Shutting down... - by imported_torQQue - 02-20-2006, 11:25 PM
Computer Freezing and Shutting down... - by imported_torQQue - 02-20-2006, 11:30 PM
Computer Freezing and Shutting down... - by alfus21 - 02-20-2006, 11:42 PM
Computer Freezing and Shutting down... - by imported_torQQue - 02-21-2006, 03:05 AM
Computer Freezing and Shutting down... - by alfus21 - 02-21-2006, 03:47 AM
Computer Freezing and Shutting down... - by imported_torQQue - 02-21-2006, 03:52 AM
Computer Freezing and Shutting down... - by alfus21 - 02-21-2006, 03:56 AM
Computer Freezing and Shutting down... - by imported_torQQue - 02-21-2006, 03:56 AM
Computer Freezing and Shutting down... - by imported_torQQue - 02-21-2006, 03:57 AM
Computer Freezing and Shutting down... - by alfus21 - 02-21-2006, 03:58 AM
Computer Freezing and Shutting down... - by imported_torQQue - 02-21-2006, 04:01 AM
Computer Freezing and Shutting down... - by alfus21 - 02-21-2006, 04:04 AM
Computer Freezing and Shutting down... - by imported_torQQue - 02-21-2006, 04:08 AM
Computer Freezing and Shutting down... - by thetribe - 02-21-2006, 04:12 AM
Computer Freezing and Shutting down... - by alfus21 - 02-21-2006, 04:13 AM
Computer Freezing and Shutting down... - by alfus21 - 02-21-2006, 04:14 AM
Computer Freezing and Shutting down... - by imported_torQQue - 02-21-2006, 04:17 AM
Computer Freezing and Shutting down... - by imported_torQQue - 02-21-2006, 04:17 AM
Computer Freezing and Shutting down... - by thetribe - 02-21-2006, 04:20 AM
Computer Freezing and Shutting down... - by alfus21 - 02-21-2006, 04:25 AM
Computer Freezing and Shutting down... - by imported_torQQue - 02-21-2006, 04:29 AM
Computer Freezing and Shutting down... - by imported_torQQue - 02-21-2006, 04:43 AM
Computer Freezing and Shutting down... - by alfus21 - 02-21-2006, 04:49 AM
Computer Freezing and Shutting down... - by imported_torQQue - 02-21-2006, 04:54 AM
Computer Freezing and Shutting down... - by alfus21 - 02-21-2006, 05:00 AM
Computer Freezing and Shutting down... - by alfus21 - 02-21-2006, 05:07 AM
Computer Freezing and Shutting down... - by imported_torQQue - 02-21-2006, 05:08 AM
Computer Freezing and Shutting down... - by alfus21 - 02-21-2006, 05:12 AM
Computer Freezing and Shutting down... - by Batpuff - 02-21-2006, 12:20 PM
Computer Freezing and Shutting down... - by thetribe - 02-21-2006, 03:26 PM
Computer Freezing and Shutting down... - by alfus21 - 02-21-2006, 06:48 PM
Users browsing this thread: 1 Guest(s)
