Results 1 to 6 of 6
  1. #1
    Member
    Join Date
    Mar 2006
    Posts
    8
    Points
    0

    Default trojan.ribdew & HIJACKTHIS log

    HI - i ran the free online virus scan from trendmicro and it found a virus but couldn't remove it, i have tried a few other web bases scanners and they all can find this virus trojan.ribdew but none are able to remove it please help, here is my Hijackthis log:
    Logfile of HijackThis v1.99.1
    Scan saved at 10:39:32 AM, on 3/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\eDonkey2000\edonkey2000.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Silas\Desktop\hijackthis\HijackThis.exe

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.co...s/MsnPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5B848372-7DF9-4A8F-B7E6-DA4A900857F1}: NameServer = 204.127.198.4,63.240.76.4
    O17 - HKLM\System\CS1\Services\Tcpip\..\{5B848372-7DF9-4A8F-B7E6-DA4A900857F1}: NameServer = 204.127.198.4,63.240.76.4
    O17 - HKLM\System\CS2\Services\Tcpip\..\{5B848372-7DF9-4A8F-B7E6-DA4A900857F1}: NameServer = 204.127.198.4,63.240.76.4
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

  2. #2
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    Your hijackthis log is clean...

    Can you tell us the name and location of the file which is tagged as a virus, or post the log from one of the scans which find it...

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  3. #3
    Member
    Join Date
    Mar 2006
    Posts
    8
    Points
    0

    Default virus scan log

    BitDefender Online Scanner

    Scan report generated at: Sat, Mar 11, 2006 - 13:08:41

    Scan path: A:\;C:\;D:\;E:\;F:\;G:\;

    Statistics

    Time 00:43:00

    Files 261328

    Folders 3312

    Boot Sectors 4

    Archives 1888

    Packed Files 21889

    Results:

    Identified Viruses 2

    Infected Files 2

    Suspect Files 0

    Warnings 0

    Disinfected 0

    Deleted Files 2

    Engines Info

    Virus Definitions 304289

    Engine build AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

    Scan plugins 13

    Archive plugins 39

    Unpack plugins 4

    E-mail plugins 6

    System plugins 1


    Scan Settings

    First Action Disinfect

    Second Action Delete

    Heuristics Yes

    Enable Warnings Yes

    Scanned Extensions *;

    Exclude Extensions

    Scan Emails Yes

    Scan Archives Yes

    Scan Packed Yes

    Scan Files Yes

    Scan Boot Yes

    Scanned File Status

    C:\System Volume Information\_restore{319C775A-6231-4C9E-BA6A-5A0D45537900}\RP136\A0014877.exe=>(Instyler o)=>(Instyler Module 11)


    Detected with: Application.Adware.NewDotNet.Dropper

    C:\System Volume Information\_restore{319C775A-6231-4C9E-BA6A-5A0D45537900}\RP136\A0014877.exe=>(Instyler o)=>(Instyler Module 11)


    Deleted

    C:\System Volume Information\_restore{319C775A-6231-4C9E-BA6A-5A0D45537900}\RP136\A0014877.exe=>(Instyler o)


    Update failed

    C:\System Volume Information\_restore{319C775A-6231-4C9E-BA6A-5A0D45537900}\RP136\A0014892.exe=>(NSIS o)=>lzma_nsis0005


    Infected with: Trojan.Ribdew.C.DLL

    C:\System Volume Information\_restore{319C775A-6231-4C9E-BA6A-5A0D45537900}\RP136\A0014892.exe=>(NSIS o)=>lzma_nsis0005


    Disinfection failed

    C:\System Volume Information\_restore{319C775A-6231-4C9E-BA6A-5A0D45537900}\RP136\A0014892.exe=>(NSIS o)=>lzma_nsis0005


    Deleted

    C:\System Volume Information\_restore{319C775A-6231-4C9E-BA6A-5A0D45537900}\RP136\A0014892.exe=>(NSIS o)


    Update failed

  4. #4
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    According to the log you posted, the infections could not be cleaned, so they were successfully deleted...

    However if you are repeatedly getting these detections in this location, then your system restore folder is infected...

    You need to purge your system restore :-

    This will clear all your infected restore points...

    Turn off (Disable) System Restore in XP :-

    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.
    Restart your computer.

    Then...

    Turn on (enable) System Restore :-

    Follow the same proceedure, but this time uncheck Turn off System Restore

    if you have any problem with this... here's a link to instructions :-


    Disabling or enabling Windows XP System Restore >

    http://service1.symantec.com/SUPPORT...rc=sec_doc_nam


    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  5. #5
    Member
    Join Date
    Mar 2006
    Posts
    8
    Points
    0

    Default thanks

    i did all that and now the scans say that my machine is clean, thank you for your help

  6. #6
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    You're very welcome

    I'll lock this thread now that it is resolved...

    Should the original poster require it re-opening, please PM a moderator ... thanks

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -