I need some help with hijackthis

What do you guys think of this:

Logfile of HijackThis v1.97.7
Scan saved at 5:32:04 PM, on 12/15/2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashserv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINNT\system32\musirc4.72.exe
C:\aim.exe
D:\HijackThis.exe

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM..\Run: [LoadQM] loadqm.exe
O4 - HKLM..\Run: [Windows MeTaLRoCk service] metalrock.exe
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM..\Run: [MusIRC (irc.musirc.com) client] musirc4.72.exe
O4 - HKLM..\Run: [Services] C:\aim.exe
O4 - HKLM..\RunServices: [Windows MeTaLRoCk service] metalrock.exe
O4 - HKLM..\RunServices: [MusIRC (irc.musirc.com) client] musirc4.72.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37966.6811458333
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.rav.ro/scan/ravonline.cab

what is metalrock.exe?
I see nothing obvious that could be spyware but wait for out hijackthis expert raman to awnser

I think you are infected by some Malware. Let Hijackthis fix this:
O4 - HKLM..\Run: [LoadQM] loadqm.exe
O4 - HKLM..\Run: [Windows MeTaLRoCk service] metalrock.exe
O4 - HKLM..\Run: [MusIRC (irc.musirc.com) client] musirc4.72.exe
O4 - HKLM..\Run: [Services] C:\aim.exe
O4 - HKLM..\RunServices: [Windows MeTaLRoCk service] metalrock.exe
O4 - HKLM..\RunServices: [MusIRC (irc.musirc.com) client] musirc4.72.exe

Like MacLover2000 already said, it seems to be a worm(Randex variant?).
Test the files after a restart here: http://www.kaspersky.com/remoteviruschk.html and if they are infected, delete them, or send them to virus@asw.cz, so Avast can include them.
To make MacLover2000 a bit happy, :wink: did RAV not find them?
Please post a new log after all this.

To make MacLover2000 a bit happy, did RAV not find them?
oh that WOULD brighten my day :D :D :D ;D

als test with trend http://housecall.trendmicro.com

hey raman,
i am new at this, do you want me to delete these:
O4 - HKLM..\Run: [LoadQM] loadqm.exe
O4 - HKLM..\Run: [Windows MeTaLRoCk service] metalrock.exe
O4 - HKLM..\Run: [MusIRC (irc.musirc.com) client] musirc4.72.exe
O4 - HKLM..\Run: [Services] C:\aim.exe
O4 - HKLM..\RunServices: [Windows MeTaLRoCk service] metalrock.exe
O4 - HKLM..\RunServices: [MusIRC (irc.musirc.com) client] musirc4.72.exe

and then go to http://www.kaspersky.com/remoteviruschk.html ??

there is a box beside them put a check in them and have the program “fix” them

Here is the newest log, does it look alright??

Logfile of HijackThis v1.97.7
Scan saved at 3:18:05 PM, on 12/16/2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashserv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
D:\HijackThis.exe

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37966.6811458333
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.rav.ro/scan/ravonline.cab

looks clean to me I see you have used housecall :smiley:

yeah, thanks for telling me about housecall and thanks raman for telling what to fix.

p.s. i might be getting a new computer for x-mas do you really prefer mac’s over pc’s and what are the pros and cons of each?

Check the smss.exe file; it’s a backdoor
i would like too advise for this one!!

No that file is a System(2000/XP) process, if it is startet from %windir%/system32!

p.s. i might be getting a new computer for x-mas do you really prefer mac's over pc's and what are the pros and cons of each?
Cons: PC's can run more programs than macs can PC's are cheaper PC's are More commonly used

Pros:
1)Viruses are rare
2)round pixels are better for video editing
3)Programs can run on less resorces (ex James bond game can run on 750mhz windows and 450 mhz mac)
4)Apple actually SUPPORTS their OS as Microsoft takes ages to awnser :cry:
5)Less security holes in the OS

IF you want a desktop from mac try an eMac.

and if you want windows you can buy virtual PC and have the choice on boot to run windows 2000 or Mac OS

ML,

Of course the old MAC v PC debate has been going on since time began and I would’nt want to comment 8) :wink:

I would however, taken from a recent experience, add to your item No.4 that MS don’t know what their talking about when they do answer :-\ and that’s from an old PC/unix fan. :slight_smile:

W.

good addition :wink:

thanks for the help on the mac vs. pc.

Also how do you keep those things from coming back, because musirc4.72.exe came back?

someone check this but some trojans Dyfuca for example download things and install them also some spyware do the same.
check with spy bot or adaware for spyware and trend or kaspersky for the trojan