Hijackthis...

SNOWHITE · September 03, 2006, 12:53:43 PM

Hi,
Recently there were few infections in my computer so i did scan and deleted some of the infections and put some of them in virus chest, but now i need a comfirmation that the computer is clean, and one friend recomended this forum to me.
Pentium MMX CPU at 200mhz
Two Os W2000 and W98
CCleaner
Ad Aware SE
Ewido Micro scaner
Avast! Home Edition
FW ZoneAlarm free
Run CCleaner
scaned with Ewido found this :
Backdoor.Rbot.aym
[824] E:\WINNT\system32\Performance32.exe
Dropper.Paradrop.a
E:\WINNT\system32\mavgj.exe
Backdoor.Rbot.aym
E:\WINNT\system32\Performance32.exe
scaned with Ad Aware - nothing found
avast! scan :drive E using Thorough scan with archive files found
Trojan Horse Poebot-L in 14 files

SNOWHITE · September 03, 2006, 12:54:50 PM

Hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 2:07:19 PM, on 9/3/2006
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP2 (5.00.2920.0000)

Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\system32\ZoneLabs\vsmon.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\Explorer.EXE
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
E:\WINNT\System32\internat.exe
D:\cd\transparent42\TransparentW.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\WinRAR\WinRAR.exe
E:\temp\Rar$EX0k.p00\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] E:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Startup: TransparentW.lnk = D:\cd\transparent42\TransparentW.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - E:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - E:\WINNT\system32\ZoneLabs\vsmon.exe

SpiritWind · September 03, 2006, 05:48:22 PM

:lol: Hi all :

I am the friend who recommended SNOWHITE come here for an "Evaluation";
we met on the Avast Antivirus Support Forums . She uses "E" Drive & a portion
of "D" Drive, while her brother uses "C" Drive and the other portion of "D" .

SNOWHITE · September 03, 2006, 06:01:45 PM

Hi Spirit,
:Win73: what are you doing?!?

Corrine · September 04, 2006, 06:30:19 PM

Hi, SNOWHITE. Welcome to LandzDown Forum.

Your log looks ok. Are you having any problems since the cleanup?

Note, however, should you ever need to remove anything with HijackThis, it needs to be in a permanent folder, rather than a temporary location as you have it here: E:\temp\Rar$EX0k.p00\HijackThis.exe.

SpiritWind · September 04, 2006, 07:35:47 PM

:lol: Hi Corrine ( & SNOWHITE ) :

I already told SNOWHITE that on the Avast Support Forums ; please give her
more specific advise !? Should SNOWHITE be concerned with her brother's
portion of the computer, since she told me he thinks having even an AV is
an annoyance ?

SNOWHITE · September 04, 2006, 07:55:24 PM

Quote from: Corrine on September 04, 2006, 06:30:19 PM
Hi, SNOWHITE. Welcome to LandzDown Forum.

Your log looks ok. Are you having any problems since the cleanup?

Note, however, should you ever need to remove anything with HijackThis, it needs to be in a permanent folder, rather than a temporary location as you have it here: E:\temp\Rar$EX0k.p00\HijackThis.exe.

Hi Corrine, thanks for the welcome and for your reply!
I thought that I can use Hijackthis from temporary location if i dont want to run the program randomly or to keep it, so i kept it there.If this is problem next time i will save it in a permanent folder and run it from there.Any way thanks :D

Corrine · September 04, 2006, 08:15:35 PM

Its ok as long as you aren't removing anything.

I don't use Avast and would think the folks at that site could best advise. I would *guess* installing it by the Admin account, preferably on the primary drive (C:) would work for all users. But, that kind of thing isn't my forte.