Thread: trojan.ribdew & HIJACKTHIS log
- 03-11-2006 01:56 PM #1
- Join Date
- Mar 2006
- Posts
- 8
- Points
- 0
trojan.ribdew & HIJACKTHIS log
HI - i ran the free online virus scan from trendmicro and it found a virus but couldn't remove it, i have tried a few other web bases scanners and they all can find this virus trojan.ribdew but none are able to remove it please help, here is my Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 10:39:32 AM, on 3/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\eDonkey2000\edonkey2000.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Silas\Desktop\hijackthis\HijackThis.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B848372-7DF9-4A8F-B7E6-DA4A900857F1}: NameServer = 204.127.198.4,63.240.76.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{5B848372-7DF9-4A8F-B7E6-DA4A900857F1}: NameServer = 204.127.198.4,63.240.76.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{5B848372-7DF9-4A8F-B7E6-DA4A900857F1}: NameServer = 204.127.198.4,63.240.76.4
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
- 03-11-2006 03:13 PM #2
Hi
Your hijackthis log is clean...
Can you tell us the name and location of the file which is tagged as a virus, or post the log from one of the scans which find it...
steam
- 03-11-2006 08:06 PM #3
- Join Date
- Mar 2006
- Posts
- 8
- Points
- 0
virus scan log
BitDefender Online Scanner
Scan report generated at: Sat, Mar 11, 2006 - 13:08:41
Scan path: A:\;C:\;D:\;E:\;F:\;G:\;
Statistics
Time 00:43:00
Files 261328
Folders 3312
Boot Sectors 4
Archives 1888
Packed Files 21889
Results:
Identified Viruses 2
Infected Files 2
Suspect Files 0
Warnings 0
Disinfected 0
Deleted Files 2
Engines Info
Virus Definitions 304289
Engine build AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)
Scan plugins 13
Archive plugins 39
Unpack plugins 4
E-mail plugins 6
System plugins 1
Scan Settings
First Action Disinfect
Second Action Delete
Heuristics Yes
Enable Warnings Yes
Scanned Extensions *;
Exclude Extensions
Scan Emails Yes
Scan Archives Yes
Scan Packed Yes
Scan Files Yes
Scan Boot Yes
Scanned File Status
C:\System Volume Information\_restore{319C775A-6231-4C9E-BA6A-5A0D45537900}\RP136\A0014877.exe=>(Instyler o)=>(Instyler Module 11)
Detected with: Application.Adware.NewDotNet.Dropper
C:\System Volume Information\_restore{319C775A-6231-4C9E-BA6A-5A0D45537900}\RP136\A0014877.exe=>(Instyler o)=>(Instyler Module 11)
Deleted
C:\System Volume Information\_restore{319C775A-6231-4C9E-BA6A-5A0D45537900}\RP136\A0014877.exe=>(Instyler o)
Update failed
C:\System Volume Information\_restore{319C775A-6231-4C9E-BA6A-5A0D45537900}\RP136\A0014892.exe=>(NSIS o)=>lzma_nsis0005
Infected with: Trojan.Ribdew.C.DLL
C:\System Volume Information\_restore{319C775A-6231-4C9E-BA6A-5A0D45537900}\RP136\A0014892.exe=>(NSIS o)=>lzma_nsis0005
Disinfection failed
C:\System Volume Information\_restore{319C775A-6231-4C9E-BA6A-5A0D45537900}\RP136\A0014892.exe=>(NSIS o)=>lzma_nsis0005
Deleted
C:\System Volume Information\_restore{319C775A-6231-4C9E-BA6A-5A0D45537900}\RP136\A0014892.exe=>(NSIS o)
Update failed
- 03-12-2006 05:37 AM #4
Hi
According to the log you posted, the infections could not be cleaned, so they were successfully deleted...
However if you are repeatedly getting these detections in this location, then your system restore folder is infected...
You need to purge your system restore :-
This will clear all your infected restore points...
Turn off (Disable) System Restore in XP :-
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer.
Then...
Turn on (enable) System Restore :-
Follow the same proceedure, but this time uncheck Turn off System Restore
if you have any problem with this... here's a link to instructions :-
Disabling or enabling Windows XP System Restore >
http://service1.symantec.com/SUPPORT...rc=sec_doc_nam
steam
- 03-14-2006 11:29 AM #5
- Join Date
- Mar 2006
- Posts
- 8
- Points
- 0
thanks
i did all that and now the scans say that my machine is clean, thank you for your help
- 03-14-2006 12:45 PM #6
Hi
You're very welcome
I'll lock this thread now that it is resolved...
Should the original poster require it re-opening, please PM a moderator ... thanks
steam