|
|||||||
New to SitePoint Forums? Register here for free!
|
 |
|
|
Thread Tools | Display Modes |
Jan 8, 2005, 19:16
|
#1 |
|
SitePoint Member
Join Date: Jan 2005
Location: uk
Posts: 1
|
backorifice.b
well hopefully spmebody will be able to help me as im at m ywits end.
i found various so exploits, ran adaware se which didnt originally pick it up, then i ran spybot with the update which picked up backorifice.b i booted in safe mode ran spybot which picked up the dso. i manually deleted the 1004s in the internet zones in the registry and replaced them with a heximal value 0. then ran spybot again. when it picke dup the dso there was an error message in german i think roughly translated it said error cannot be deleted as another program is using it. i have allso used spyware guard, hijackthis all to no avail, ive evn had to uninstall norton firewall as if i leave it on and connect to the internet i keep getting the windows virtual memory is too low, and in the task manager my cpu is at 100% and anything upto 150 processes running usually containing 50 or 60 rundll32.exe allso here is my startup list if it helps StartupList report, 30/12/2004, 21:20:49 StartupList version: 1.52 Started from : C:\Documents and Settings\Peter\Desktop\startuplist\StartupList.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\WINDOWS\system32\ZoneLabs\isafe.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\WINDOWS\system32\Fast.exe C:\WINDOWS\system32\taskswitch.exe C:\WINDOWS\system32\fast.exe C:\WINDOWS\system32\rmctrl.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe C:\Program Files\VoyagerTest\fts.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Admilli Service\AdmilliServ.exe C:\Program Files\Admilli Service\AdmilliKeep.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\AOL 9.0\aoltray.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\Program Files\Common Files\AOL\aoltpspd.exe C:\WINDOWS\explorer.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\AOL 9.0\waol.exe C:\Program Files\AOL 9.0\shellmon.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\Peter\Desktop\hijackthis\HijackThis.exe C:\Documents and Settings\Peter\Desktop\startuplist\StartupList.exe -------------------------------------------------- Listing of startup folders: Shell folders Common Startup: [C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup] Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run CoolSwitch = C:\WINDOWS\system32\taskswitch.exe FastUser = C:\WINDOWS\system32\fast.exe NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe RemoteControl = C:\WINDOWS\system32\rmctrl.exe AOLDialer = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime crw.exe = C:\documents and settings\peter\local settings\temp\crw.exe AOL Spyware Protection = "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" DSLSTATEXE = C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon DSLAGENTEXE = C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe %FP%Friendly fts.exe = "C:\Program Files\VoyagerTest\fts.exe" Zone Labs Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" Admilli Service = C:\Program Files\Admilli Service\AdmilliServ.exe DownloadAccelerator = C:\PROGRA~1\DAP\DAP.EXE /STARTUP SpeedOptimizer = C:\PROGRA~1\SPEEDO~1\SPO.EXE -s SurfBuddy = rundll32 "C:\Program Files\SurfBuddy\sbuddy.dll",run -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce SpybotSnD = "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe PopUpStopperProfessional = "C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE" LDM = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe SpybotSD TeaTimer = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe SurfBuddy = rundll32 "C:\Program Files\SurfBuddy\sbuddy.dll",run -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F} (no name) - C:\PROGRA~1\FlashFXP\IEFlash.dll - {E5A1691B-D188-4419-AD02-90002030B8EE} -------------------------------------------------- Enumerating Download Program Files: [{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}] InProcServer32 = C:\WINDOWS\Downloaded Program Files\AdmilliServX.dll CODEBASE = http://static.windupdates.com/cab/Cl...ridge-c124.cab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\macromed\flash\Flash.ocx CODEBASE = http://download.macromedia.com/pub/s...sh/swflash.cab -------------------------------------------------- Enumerating Winsock LSP files: Protocol #1: imslsp.dll (file MISSING) Protocol #2: imslsp.dll (file MISSING) Protocol #3: imslsp.dll (file MISSING) Protocol #4: C:\WINDOWS\system32\ZoneLabs\vetredir.dll Protocol #5: C:\WINDOWS\system32\ZoneLabs\vetredir.dll Protocol #6: C:\WINDOWS\system32\ZoneLabs\vetredir.dll Protocol #26: C:\WINDOWS\system32\ZoneLabs\vetredir.dll Protocol #27: imslsp.dll (file MISSING) -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\system32\stobject.dll -------------------------------------------------- End of report, 7,623 bytes Report generated in 2.343 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only thanks and i hope someone can help. |
|
|
|
| Bookmarks |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
|
All times are GMT -7. The time now is 22:30.