Trojan.generic.2898141 In Archive, Can't Delete :(

Amor
Amor
in Bitdefender 2009 products

Hi Guys,


Please find below the active threats after the BD deep scan. I had turned on the show all hidden files, hidden files extension option on before the scan.


Remaining issues: Object Name Threat Name Final Status


[system]=]C:\Documents and Settings\Amor\Cookies\amor@msnportal.112.2o7[1].txt Cookie.2o7 Delete Failed (file was in an archive)


[system]=]C:\Documents and Settings\Amor\Cookies\amor@clicks.adengage[2].txt Cookie.Engage Delete Failed (file was in an archive)


[system]=]\\.\70.103.101.103\aekgoprn.dll [1048] (memory dump) Trojan.Generic.2898141 Delete Failed (file was in an archive)


[system]=]\\.\70.103.101.103\aekgoprn.dll [1048] (full dump) Trojan.Generic.2898141 Delete Failed (file was in an archive)


tried finding the above threats in the cookies folder( still not sure, if those two are a threat?), but can't locate them, the rest two - the Main threat - Trojan generic, have no clue where to find 'em , Plz help!!


Many thanks in advance, look forward to your swift and kind help :)

Comments

  • Amor
    Amor

    The Hijack This log


    -------------------------------------------------


    Logfile of Trend Micro HijackThis v2.0.2


    Scan saved at 10:29:19 AM, on 12/28/2009


    Platform: Windows XP SP3 (WinNT 5.01.2600)


    MSIE: Internet Explorer v8.00 (8.00.6001.18702)


    Boot mode: Normal


    Running processes:


    C:\WINDOWS\System32\smss.exe


    C:\WINDOWS\system32\winlogon.exe


    C:\WINDOWS\system32\services.exe


    C:\WINDOWS\system32\lsass.exe


    C:\WINDOWS\system32\svchost.exe


    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe


    D:\Program Files\BitDefender 2009\vsserv.exe


    C:\WINDOWS\System32\svchost.exe


    C:\WINDOWS\Explorer.EXE


    C:\WINDOWS\system32\spoolsv.exe


    C:\WINDOWS\system32\carpserv.exe


    D:\Program Files\BitDefender 2009\bdagent.exe


    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe


    C:\WINDOWS\system32\ctfmon.exe


    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe


    D:\Program Files\Google Calendar Sync\GoogleCalendarSync.exe


    D:\Program Files\Hotspot Shield\bin\openvpnas.exe


    D:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe


    D:\Program Files\BitDefender 2009\seccenter.exe


    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE


    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE


    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE


    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE


    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE


    C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE


    C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE


    C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE


    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE


    C:\WINDOWS\system32\wuauclt.exe


    D:\Program Files\HijackThis.exe


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.themoscowtimes.com/


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896


    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll


    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll


    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll


    O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - D:\Program Files\Hotspot Shield\hssie\HssIE.dll


    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - D:\Program Files\BitDefender 2009\IEToolbar.dll


    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll


    O4 - HKLM\..\Run: [CARPService] carpserv.exe


    O4 - HKLM\..\Run: [bDAgent] "D:\Program Files\BitDefender 2009\bdagent.exe"


    O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "D:\Program Files\BitDefender 2009\IEShow.exe"


    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"


    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe


    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"


    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')


    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')


    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')


    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')


    O4 - Startup: Launch Internet Explorer Browser.lnk = C:\Program Files\Internet Explorer\iexplore.exe


    O4 - Startup: Mozilla Firefox.lnk = D:\Program Files\firefox.exe


    O4 - Startup: STREAM.lnk = ?


    O4 - Global Startup: Google Calendar Sync.lnk = D:\Program Files\Google Calendar Sync\GoogleCalendarSync.exe


    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000


    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_5F1A57F0B9B89E2E.dll/cmsidewiki.html


    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll


    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll


    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL


    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1260938856913


    O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://vexcast.com/download/vexcast.cab


    O17 - HKLM\System\CCS\Services\Tcpip\..\{2029C8D4-C8B7-46FA-96BA-AB6D6105020F}: NameServer = 212.188.4.10,195.34.32.116


    O17 - HKLM\System\CCS\Services\Tcpip\..\{2B07F3AE-0325-46DD-89ED-73200BA7D76F}: NameServer = 195.34.32.116 212.188.4.10


    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll


    O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe


    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe


    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe


    O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - D:\Program Files\Hotspot Shield\bin\openvpnas.exe


    O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - D:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe


    O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - D:\Program Files\Hotspot Shield\bin\HssTrayService.EXE


    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe


    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - D:\Program Files\BitDefender 2009\vsserv.exe


    --


    End of file - 7069 bytes

  • alexcrist
    alexcrist

    Hello Amor,


    The HijackThis log doesn't show anything suspicious. The only thing that bothers me is why you have both Internet Explorer and Mozilla Firefox set as Startup items. Also, why is firefox.exe located directly in Program Files, and not in a dedicated subfolder? Were these 2 items set in Startup by you, or were they added by some other software (maybe a malware?).


    As for your main problem, please read this article: http://kb.bitdefender.com/KB490


    Create the 2 logs, upload them on a file sharing server of your choice (like www.sendspace.com) and post here the download links.


    Cris.

All Time Leaders

Categories

Defenders of the month