Would like to understand the possible correlation between Active Backdoors & my Trojan-Dropper.Win32.Paradrop.a found in C:/Windows/System32/atiptaxx.exe.
I was given a link to interpret my own HJT log!
I wasn’t asking Avast to interpret it, for I didn’t know you did that! I just wanted some insight into the relationship beteween Actice Backdoors & my guest in Windows/System32 after reading “whocares” article!
Hi I have just had a look at your log and I notice that you have selective start-up under MSConfig. This may be hiding some unusual visitors however the rest of your log was clean apart from the one item I could find little info about One Button.
The Ati2mdxx.exe file is a legitimate ATI file in the right place so it may well be a false positive. You could check this by uploading the file to Jotti for analysis http://virusscan.jotti.org/
What I’m trying to find out is whether or not my system has been compromised to the point of needing to reformat because of having found a trojan in Windows/System32.
Apitaxx was the exe part not Api2mdxx & I know they are legitimate. Glad to here it’s clean! (The one button/prolific thing has been a mystery to me too for few months.)
A2 found that particular trojan twice. I spent six hours on a MS paid support call Friday trying to get rid of the Denial Access Error in MSCONFIG to no avail. We clean booted, advanced clean booted, & hardware clean booted–so needless to say I was out of selective service mode. We went inti Binaries>Msconfig & granted all groups permission. The error remains!
“System Configuration
An Access Denial Error was returned while attempting to change a service. You may need to log on as an administrator account to make the specified changes.”
This happens when logged on as an administrator when I press OK or make changes in MSCONFIG. (It wasn’t until I deleted the tojan that I was allowed to use MSCONFIG–after I was able to untick apitaxx from startup & use System Configuration again. (This is why I don’t believe the trojan was a false positive.)
I was thinking about going into the registry today to see if HKEY_LOCAL_MACHINE_SOFTWARE had an Administrator present/available. The MS tech wouldn’t allow me to do this–beginning support guy! I sent my first email a year ago, I’m no tech–MS!!! It was also suggested I use djlizard’s Dial-a-Fix to restore Permissions MS tech said no to this too! The program is Beta & I’m a novice. Whatcha think Essexboy?
Addendum: I’ve just come from Jotti. I’m not sure how you scan file at a time (was looking at TotalVirus scan earlier). Do I send atiptaxx.exe or Ati2mdxx.exe to them & how?!! What/how does one do this? Sorry for my newbishness! Thanks, Essexboy.
No problem Michele if you go to Jotti at the top is a browse button click that and it will open YOUR computer file system. Navigate to the required files and left click then press the submit button. I am currently looking at how to reset your MSconfig permissions
Hi Michele you are no longer running selective start. Does that mean your MSConfig problem is fixed ? Apart from that you are squeeky clean ;D Still can’t find anything concrete on one button apart from an advertising site… If you do not use it it might be worth while initially disabling the start up from within HJT by placing a check mark against and clicking fix. If after a while you find that you do not need it you can uninstall it. I had a look at djlizard’s Dial-a-Fix and could see nothing dangerous about it, as all it does is re-install the default configurations using a windows file…
I went into Normal mode when I realized I hadn’t scanned in it. So after the HJT I’m back in Selective mode (how I untick Startup). The Access Denial Error MSCONFIG is still here!
I’m so happy you have pronounced me clean!
MS is having a higher tier tech phone back. Maybe I should wait & see if he will let me run a third party solution (I have a fear of getting stuck in the middle without knowing a proper selection on my own). MS may actually have a fix. The only thing I found online re this error was in WinITPro forum & you have to be a tech to join. Thought about fabricating a business name with a go ahead & spam me email box in order to communicate!
I remember I eventually figured out the Onebtn/Prolific thing & it was ok, but it escapes me at the moment.
Thank you so much Essexboy for your attention. I appreciate it.