Hello,
My on-access scanner has been telling me I have this virus for a few weeks now.
Win32:Trojan-gen. {Other}
I’ve run regular scans, boot scans, and safe mode scans and nothing seems to be resolving the problem.
I’ve also had the on-access scanner detect -
Win32:Direbu [Adw]
Here is my HT log…
Logfile of HijackThis v1.99.1
Scan saved at 8:51:23 PM, on 5/27/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
What was the filename, where was it found
example (C:\windows\system32\infected-filename.xxx)?
You would appear to be running two resident scanners at the same time, this can cause conflict and is not recommended.
For an on-line analysis - HiJackThis Log file - On-line Analysis
Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast), if you need any help with any of the analysis let us know.
Most recent detection was -
5/28/2005 11:14:16 AM SYSTEM 516 Sign of “Win32:Trojan-gen. {Other}” has been found in “C:\DOCUME~1\Justin1\LOCALS~1\Temp\THI39DE.tmp\speeryox.dll” file.
I believe I have made some progress, and I may finally have gotten it deleted, but there are still some unknowns in my HT log.
Thanks for the help.
Logfile of HijackThis v1.99.1
Scan saved at 11:33:52 AM, on 5/28/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Have you tried the on-line analysis in the link I gave you?
If so which unknowns in your HJT log?
Have you tried using a google search for the unknown items/entries? - I don’t use w2k so they may be unknown to me and I would use google to check them anyway.
Is there a reason for using multiple resident AVs?
C:\Documents and Settings\All Users\Application Data\avservice.exe -- This seems ok - something to do with Avast?
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE – I believe this is ok - has something to do with my printer/scanner and shows up as an unknown later on in the file…
O4 - HKCU..\Run: [EPSON Stylus CX4600 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 “EPSON Stylus CX4600 Series” /M “Stylus CX4600” /EF “HKCU”
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Unknown owner - C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe (file missing)
Have you tried using a google search for the unknown items/entries? - I don't use w2k so they may be unknown to me and I would use google to check them anyway.
Is there a reason for using multiple resident AVs?
the only other service besides avast I knew was running was McAfee firewall. I don't have it running anymore.
C:\Documents and Settings\All Users\Application Data\avservice.exe -- This seems ok - something to do with Avast?
A google search for avservice.exe will show it is nothing to do with avast, probably a remnant of AVG or as Tech said Anti-Vir.
O4 - Startup: PowerReg Scheduler V3.exe
Use google to search for the filename at the end of the path/string, that should give you an indication of what the program is and if you legitimately installed it, e.g. v3.exe:
[url]http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=V3.exe[/url] the first hit in the search results - [url]http://forum.osnn.net/archive/index.php/t-40746.html[/url] shows it to be adware, so you should fix it in hijackthis.
Sorry if it seems we are not being helpful, we are trying to teach you how to use the tools available to you.
You seem to have remnants of two other AVs, if you aren’t using them, fix the entries in HJT and find the associated files they are calling if they are there delete them.
Everything seems to be taken care of except the pc-cillin file. I’ve tried to re-install the program so I can delete it – it wouldn’t install. I’ve even gone in to program files and deleted the trend micro folder, rebooted, and –
This information should be on Windows Registry.
If you know how to deal with, you can try to save (bakcup) the registry key and then deleting it.
At least, can you search the Registry and post here the registry path for that value.
it seems I was able to get everything stopped using msconfig.
Again, I appreciate your help and time.
Logfile of HijackThis v1.99.1
Scan saved at 10:27:45 AM, on 5/29/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)