tarakan.chm

???
hello,

i have two problems

  1. When i click on a link in a site , the new site is now very small
  2. in C i find tarakan.chm, jbond.chm,lovexx.chm …

here is my hijackthis log
thanks

Logfile of HijackThis v1.98.0
Scan saved at 1:21:28, on 4/08/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashserv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\GSICON.EXE
C:\WINNT\system32\dslagent.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\WINNT\system32\DeltTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Outlook Express\msimn.exe
C:\wincmd\WINCMD32.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\user\My Documents\downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.be/
N2 - Netscape 6: user_pref(“browser.search.defaultengine”, “http://www.google.com/”); (C:\Documents and Settings\user\Application Data\Mozilla\Profiles\default\8t98up3l.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM..\Run: [DeltTray] DeltTray.exe
O4 - HKLM..\Run: [Zone Labs Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O17 - HKLM\System\CCS\Services\Tcpip..{9962A0AC-EF43-4EB3-9165-39CF990EA3F1}: NameServer = 195.238.2.22 195.238.2.21

Hi,

  • please read the link “VirusRemoval” below in my sig
  • test your suspicious files with OnlineScanners from KAV, RAV & Trend;
    also scan these files (just for safety, imho they should be legit…):
    C:\WINNT\system32\DeltTray.exe
    C:\wincmd\WINCMD32.EXE
    → and report results for each…

  • running Ad-Aware & SPYBOT probably can’t hurt either… :wink:

  • you can also scan the whole PC with RAV & Trend…

  • is your avast uptodate ?

:wink:

DeltTray.exe = This is the driver for the M-Audio Delta 1010 recording system (e.g. Midiman)
WINCMD32.EXE = one of the best filemanager applications in the world. http://www.grisoft.com Not only manages files, but also (un)pack them, split/combine them, ftp and muc much more

The HijackThis log is clean. Nothing harmfull there. Remove the chm files. Their names are very suspicious ;), since .chm normally are help files.

And what do you mean with “the new site is very small”? Is the window not opening full size or is the text on the site small?

Thx Artras…

:slight_smile:

hello,

thanx for the help

concerning resizing … it’s the window that’s not opening full, it
only opens 5 cm … ???

WHY ???

hi,

found another virus

win 95 matyas
win 32 kuang2

best regards

Do a search in these forums for both these, you will find many hits.

Most relate to the users previous use of the on-line scanner for Panda anti virus PAV.

Depending on the location of these files they could be a false positive, because PAV doesn’t encrypt its virus pattern file that it downloads to use as a reference. Unfortunately many ASV programs find these patterns and falsely identify them.

Let us know the location you find any virus, because that also helps us to help you.