»
 

Go Back   ResellerRatings Store Ratings > ResellerRatings Forums > Tech Support
Trojan detects but doesnt detect? Trojan detects but doesnt detect?
Register FAQ Social Groups Calendar Search Today's Posts Mark Forums Read

Reply
Page 1 of 2 1 2
 
LinkBack Thread Tools Display Modes
Old 12-31-2003, 07:33 PM   #1 (permalink)
Registered User
 
BustedAvi's Avatar
 
Join Date: Mar 2003
Posts: 90
BustedAvi is on a distinguished road
Trojan detects but doesnt detect?
ok im runnin winxp and sometimes ill get a popup from avg (AVG free edition) saying i have some trojan (i'll update the name soon i closed the wubidw) and it says to run a scan. So i run the scan thinking its gonna find some virus and ill work on getting it out but nooooo, no virus detected.... its some backdoor trojan if i remember right...

Anyways it read this aticle in another forum about this rogram called Hijackthis (read up on it here http://www.spychecker.com/program/hijackthis.html)

These are the results

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Documents and Settings\MattOuellette\Desktop\Programs\HijackThis .exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R3 - URLSearchHook: (no name) - {A045DC85-FC44-45be-8A50-E4F9C62C9A84} - (no file)
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O15 - Trusted Zone: *.akamai.net
O15 - Trusted Zone: http://Download.Windowsupdate.com
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...982.8652893519
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC48B5D5-2933-464D-9ADE-D164FE18D698}: NameServer = 207.236.176.25 206.47.244.78


Can anyone make anytrhing out of that?

Thanks for the help

__________________
CANADA KICKS ASS!
BustedAvi is offline   Reply With Quote
Old 12-31-2003, 07:37 PM   #2 (permalink)
Registered User
 
Join Date: Oct 2001
Posts: 6,533
John Prophet is on a distinguished road
have you run adaware?

run adaware6 www.lavasoft.com

also, you have pm
__________________
"Even a fool is thought to be wise if he is silent"
John Prophet is offline   Reply With Quote
Old 12-31-2003, 07:38 PM   #3 (permalink)
Guest
Guest
 
Posts: n/a
Re: Trojan detects but doesnt detect?
Quote:
Originally posted by BustedAvi

C:\WINDOWS\System32\wuauclt.exe
You're running XP? That's the Windows Automatic Update for Windows Me.

It is a trojan if you're not running Me.

Troj/Cult-B is a backdoor Trojan which allows a remote intruder to access and control the computer via IRC channels.


EDIT - C'mon JP, you coulda done better'n that.
  Reply With Quote
Old 12-31-2003, 07:41 PM   #4 (permalink)
Registered User
 
Join Date: Oct 2001
Posts: 6,533
John Prophet is on a distinguished road
wuauclt.exe is only for ME?? are you sure its not for IE6?

cuz it looks familiar to me, seems Ive seen it in my task manager on 98se, lol.

Seems I saw it the other day when I crashed.

edit---------------

nevermind..the one I am thinking of is

wucrtupd.exe-startup (thats not a troj is it?) lol

edit-----------------

coulda done better??????? running adaware is like the doctor saying "take 2 aspirins and call me in the morning"..that handles like 85% of his patients, lol
__________________
"Even a fool is thought to be wise if he is silent"
Last edited by John Prophet; 12-31-2003 at 07:43 PM.
John Prophet is offline   Reply With Quote
Old 12-31-2003, 09:09 PM   #5 (permalink)
Registered User
 
BustedAvi's Avatar
 
Join Date: Mar 2003
Posts: 90
BustedAvi is on a distinguished road
lmao yes ive ran ad-aware.. nothing comes up... ive got the exact name of it

here: Trojan horse IRC/BackDoor.Sd Bot.LW

is that the cultb one??

ive looked it up and nothing comes up... maybe its just me :S
__________________
CANADA KICKS ASS!
BustedAvi is offline   Reply With Quote
Old 12-31-2003, 09:14 PM   #6 (permalink)
Registered User
 
BustedAvi's Avatar
 
Join Date: Mar 2003
Posts: 90
BustedAvi is on a distinguished road
also on that site with the cultb torjan.. how do i "Locate the HKEY_LOCAL_MACHINE entry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run \
Microsoft auto update = WUAUCLT.EXE" in regedit
__________________
CANADA KICKS ASS!
BustedAvi is offline   Reply With Quote
Old 12-31-2003, 09:20 PM   #7 (permalink)
Registered User
 
Join Date: Oct 2001
Posts: 6,533
John Prophet is on a distinguished road
well one way is just to search for it using f3

or, its just like navigating a windows explorer "tree"

once you run "regedit" you should see the 6 registry folder (depending on windows version..6 is for 98se)

just open the folder for "hkey local machine"..it'll open to other folders...one of which will be "software"..open it...in the software folder will be other folders..one of which will be "microsoft"...etc etc
__________________
"Even a fool is thought to be wise if he is silent"
John Prophet is offline   Reply With Quote
Old 12-31-2003, 09:21 PM   #8 (permalink)
Registered User
 
BustedAvi's Avatar
 
Join Date: Mar 2003
Posts: 90
BustedAvi is on a distinguished road
THANKS JP, quick reply btw... knew i could count on you
__________________
CANADA KICKS ASS!
BustedAvi is offline   Reply With Quote
Old 12-31-2003, 09:50 PM   #9 (permalink)
Registered User
 
BustedAvi's Avatar
 
Join Date: Mar 2003
Posts: 90
BustedAvi is on a distinguished road
well i cant find that registry that they want on the sopho site.. but when i run windows task manager under processes i can see WUAUCLT.EXE which is the cult-b trojan... any fixes for this?
__________________
CANADA KICKS ASS!
Last edited by BustedAvi; 12-31-2003 at 09:53 PM.
BustedAvi is offline   Reply With Quote
Old 01-01-2004, 09:19 AM   #10 (permalink)
Registered User
 
BustedAvi's Avatar
 
Join Date: Mar 2003
Posts: 90
BustedAvi is on a distinguished road
in desperate need of help ... just an attempt to get it at the top of the posts
__________________
CANADA KICKS ASS!
BustedAvi is offline   Reply With Quote
Reply
Page 1 of 2 1 2

« Diablo 2 LOD: Good Paladin Build | what version of counterstrike »


« Diablo 2 LOD: Good Paladin Build | what version of counterstrike »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Most Active Discussions

Recent Discussions

All times are GMT -6. The time now is 04:48 PM.

Contact Us - ResellerRatings - Archive - Privacy Statement - Top