Trojan.clicker.delf.ir What Can I Do?

cotro84
cotro84
edited January 2008 in Malware talk

I'v been starting to get a virus alert showing up by bitdefender called Trojan.Clicker.Delf.IR


The Virus Name: Trojan.Clicker.Delf.IR


Path: C:\WINDOWS\system32\alrsvcn.dll


Access to file has been denied


it can't be cancelled


I did a control with HijackThis:


Logfile of Trend Micro HijackThis v2.0.2


Scan saved at 12.57.18, on 21/01/2008


Platform: Windows XP SP2 (WinNT 5.01.2600)


MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Boot mode: Normal


Running processes:


E:\WINDOWS\System32\smss.exe


E:\WINDOWS\system32\winlogon.exe


E:\WINDOWS\system32\services.exe


E:\WINDOWS\system32\lsass.exe


E:\WINDOWS\system32\ibmpmsvc.exe


E:\WINDOWS\System32\Ati2evxx.exe


E:\WINDOWS\system32\svchost.exe


E:\WINDOWS\System32\svchost.exe


E:\WINDOWS\system32\spoolsv.exe


E:\WINDOWS\system32\drivers\CDAC11BA.EXE


E:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe


E:\Programmi\File comuni\Softwin\BitDefender Update Service\livesrv.exe


E:\WINDOWS\system32\Ati2evxx.exe


E:\WINDOWS\system32\tp4mon.exe


E:\Programmi\Softwin\BitDefender10\bdmcon.exe


E:\Programmi\Softwin\BitDefender10\bdagent.exe


E:\Programmi\Java\jre1.6.0_03\bin\jusched.exe


E:\WINDOWS\system32\qttask.exe


E:\WINDOWS\system32\ctfmon.exe


E:\Programmi\Messenger\msmsgs.exe


E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_SICN03.EXE


E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_SICN03.EXE


E:\WINDOWS\explorer.exe


E:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe


E:\Programmi\Softwin\BitDefender10\vsserv.exe


E:\Programmi\Softwin\BitDefender10\bdlite.exe


E:\Programmi\Internet Explorer\iexplore.exe


E:\Programmi\Trend Micro\HijackThis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti


O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll


O2 - BHO: (no name) - {06C20F85-B1D8-4870-8AD2-2C12B4673CD8} - e:\windows\system32\alrsvcn.dll


O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programmi\Java\jre1.6.0_03\bin\ssv.dll


O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe


O4 - HKLM\..\Run: [bDMCon] "E:\Programmi\Softwin\BitDefender10\bdmcon.exe" /reg


O4 - HKLM\..\Run: [bDAgent] "E:\Programmi\Softwin\BitDefender10\bdagent.exe"


O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\system32\NeroCheck.exe


O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"


O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"


O4 - HKLM\..\Run: [QuickTime Task] E:\WINDOWS\system32\qttask.exe


O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe


O4 - HKCU\..\Run: [MSMSGS] "E:\Programmi\Messenger\msmsgs.exe" /background


O4 - HKCU\..\Run: [amva] E:\WINDOWS\system32\amvo.exe


O4 - HKLM\..\Policies\Explorer\Run: [7X29C2X78Y] E:\WINDOWS\syss_.exe


O4 - HKLM\..\Policies\Explorer\Run: [service] E:\WINDOWS\lsas32.exe


O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')


O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')


O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')


O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')


O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = E:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE


O4 - Global Startup: Microsoft Office.lnk = E:\Programmi\Microsoft Office\Office\OSA9.EXE


O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programmi\Java\jre1.6.0_03\bin\ssv.dll


O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programmi\Java\jre1.6.0_03\bin\ssv.dll


O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmi\Messenger\msmsgs.exe


O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmi\Messenger\msmsgs.exe


O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab


O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-966670b8aad160b6.spaces.live.co...ad/MsnPUpld.cab


O20 - Winlogon Notify: tt - E:\WINDOWS\


O20 - Winlogon Notify: zplkisfb - E:\WINDOWS\SYSTEM32\alrsvcn.dll


O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\System32\Ati2evxx.exe


O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - E:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe


O23 - Service: C-DillaCdaC11BA - Macrovision - E:\WINDOWS\system32\drivers\CDAC11BA.EXE


O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - E:\WINDOWS\system32\ibmpmsvc.exe


O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - E:\Programmi\File comuni\Softwin\BitDefender Update Service\livesrv.exe


O23 - Service: MATLAB Server (matlabserver) - Unknown owner - E:\Programmi\MATLAB7\webserver\bin\win32\matlabserver.exe


O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - E:\Programmi\Softwin\BitDefender10\vsserv.exe


O23 - Service: BitDefender Communicator (XCOMM) - Softwin - E:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe


--


End of file - 5241 bytes


Pease help me


excuse but this is the first time that i use this forum


excuse for my english (i'm italian)

Comments

  • kyron
    kyron

    (sorry for delay)


    cotro84, please give me


    e:\windows\system32\alrsvcn.dll


    E:\WINDOWS\system32\amvo.exe


    E:\WINDOWS\syss_.exe


    E:\WINDOWS\lsas32.exe

All Time Leaders

Categories

Defenders of the month