Trojan, virus ???

Toggle sidebar Toggle sidebar
T

TurboMike

Member
Dec 31, 2002
162
0
0
My IT man at work called me and said my computer was trying to send information to a website. The firewall was stopping it, but it continues to hit it. I've ran spybot, Norton AVI, went to MSCONFIG and check what running and can't find anything. It's trying to send to a address called box14.4421 It also says set.ahost.net.

I'm really stumped because I can find anything that is running that is sending the stuff out.

Any ideas?

2000 Pro on a network
 
R

RegisteredJack

Member
Oct 6, 2004
53
0
0
Can you see what port the app(s) are trying to connect to? That will point you in the right direction in finding what virus/trojan has infiltrated your system.

I would first update my virus scan software to clean the system...
 
D

DaFinn

Diamond Member
Jan 24, 2002
4,725
0
0
Get Hijackthis and post your log. You'll see all that is running on your computer.
 
T

TurboMike

Member
Dec 31, 2002
162
0
0
I think he said port 8088. I see if they will let me just the two recommend programs. It's on a government computer so they funny about stuff. Thanks for the help, I'll report my findings tomorrow morning.
 
T

TurboMike

Member
Dec 31, 2002
162
0
0
Logfile of HijackThis v1.98.2
Scan saved at 7:56:28 AM, on 10/8/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\NavNT\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\MsiExec.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\PRPCUI.exe
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\WindowsUpd2.exe
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\mws\Desktop\hjthis\HijackThis.exe


O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WindowsUpd] C:\WINNT\WindowsUpd2.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll


 
T

TurboMike

Member
Dec 31, 2002
162
0
0
Looks like the windowsupd2.exe may be the dirty bird. I removed it from the system and reg... i'll post back if it was it. NAV or the A2 didn't find it. I compaired my hijackthis to another pc in the office.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom