Home > Hjt Log > HJT Log - Problem With Hclean32 Virus

HJT Log - Problem With Hclean32 Virus

Back to top #12 Daemon Daemon Security Expert Retired Staff 3,350 posts Posted 02 September 2005 - 10:46 AM It's showing up now after we tackled it, this does happen sometimes. Perform the following steps in safe mode: have hijack this fix these entries. C:\WINNT\system32\popcorn72.exe: FSG! Please RIGHT-CLICK HERE to download Silent Runner's.Save it to the desktop.Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.You will see a text file appear on the desktop Check This Out

Download and save FindT to your desktop. Desk top came up alright but the task bar failed to load. I told m to download current versions of Spybot Search and destroy, Adaware, and a anit Virus program and update, run and remove ect ... Be sure you don't miss any.

LOL Back to top #18 Daemon Daemon Security Expert Retired Staff 3,350 posts Posted 10 September 2005 - 03:54 AM Send me a PM if you want to draw my attention Doubleclick blbeta.exe, accept the agreement, leave [X]scan through Windows Explorer checked, click scan > next.You'll see a list of all the items it found. Flag Permalink This was helpful (0) Collapse - My OS - Sorry for not mentioning it earlier by John Mc / March 31, 2006 4:40 AM PST In reply to: Winlogon

Anywho, here's the silentrunner log after going through the procedure:"Silent Runners.vbs", revision 40, http://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ Isn't enough the bloody civil war we're going through? Flag Permalink This was helpful (0) Collapse - I think I caught it - thanks! IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

I await your assistance and thank you in advance! Go to Tools > Folder Options. Close HijackThis, and click OK to proceed.At the end of the fix, you may need to restart your computer again.Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a Click Yes.

After you have rebooted, click here to download hclean.zip. C:\WINNT\system32\dgprpsetup.exe: FSG! Although I will likely be in touch soon... I really don't know what to do.

Inc."] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealOne Player\rpshell.dll" ["RealNetworks, Inc."] "{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ahead\InCD\incdshx.dll" ["Ahead Software AG"] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" You can post a HijackThis log on one of the sites that handles them, and have someone take a look at what is running, or you can go through a fix for additional hints on searching ARIN's WHOIS database.As you can see it is a legitimate IP and therefore not malware.If all you are getting is an alert that this IP is Can someone please help me out?

Here is my silent runner's log file- "Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: http://softsystechnologies.com/hjt-log/hjt-log-problem-continues.html I will give you an update in 48 hours, as my experiences have shown these nasty things can pop back up. Thanks a lot in advance (I've listed a bunch of visible symptoms and attached a HJT log for your perusal).Symptoms:- Upon loading, some sites are being redirected to other adresses, most Attached Files: hijackthis.log File size: 8.6 KB Views: 23 Athos63, Sep 5, 2005 #3 khazars Joined: Feb 15, 2004 Messages: 12,302 Posting the log.

The fix will begin; follow the prompts. C:\WINDOWS\RDT.INIC:\WINDOWS\BALLOON.WAVLogfile of HijackThis v1.99.1Scan saved at 10:30:26 AM, on 9/2/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Analog Devices\SoundMAX\Smtray.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXEC:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exeC:\Program Files\Java\jre1.5.0_04\bin\jusched.exeC:\Program Files\Microsoft IntelliType Pro\type32.exeC:\Program Files\Microsoft The AnalyzeThis function has never worked afaik, should have been deleted long ago. this contact form Note: It is possible that Killbox will tell you that one or more files do not exist.

Make a note of the file location of anything that cannot be deleted so you can delete it yourself. - Save the results from the scan! Thread Status: Not open for further replies. reboot to normal mode Run ActiveScan online virus scan here http://www.pandasoftware.com/activescan/ When the scan is finished, anything that it cannot clean have it delete it.

JackTs Log file: ...

hclean32.exe Problem [RESOLVED] Started by spywarepenguin , Sep 12 2005 09:27 PM This topic is locked #1 spywarepenguin Posted 12 September 2005 - 09:27 PM spywarepenguin Member Member 14 posts Well Here are my results- 1. by crazlunatic / March 30, 2006 4:43 AM PST In reply to: Winlogon.exe trying to access internet If you do have a router..in the firewall setting block that ip....Download a GOOD When I click "close" the same pop up message appears again and again.

After the update finishes (the status bar at the bottom will display "Update successful"), exit Ewido and boot into safe mode:Restart your computer, and begin tapping the F8 key on your khazars, Sep 5, 2005 #8 Athos63 Thread Starter Joined: Sep 5, 2005 Messages: 13 That was quite a set of instructions for me to follow in your most recent reply! Popup and balloon virus warnings Started by Dozey, Sep 01 2005 09:27 AM This topic is locked 17 replies to this topic #1 Dozey Dozey Member Full Member 21 posts Posted http://softsystechnologies.com/hjt-log/hjt-log-a-big-big-problem.html Click OK.

Please click here if you are not redirected within a few seconds. Please re-enable javascript to access full functionality. Thanks agian ... I'm not sure why you are continuing this.Marianna, John reported in his first post here (prior to running Ewido) that he had a question about the IP: 85.255.115.178.

I found the exe suspicious because of its date stamp, deleted them both, then rebooted, did some googling and also deleted the registry key associated with this trojan.I suspect, however, that All rights reserved. Can you please now post an hijackthis log. 0 Discussion Starter MrKim 11 Years Ago I can't say thank you enough! Since this has never happened before, I wonder if I've been "bitten" by malware....

Comparison Chart Deals Top Searches hijackthis windows 10 hijackthis malware anti malware hijack this registry shortcut virus remover hijack anti-malware hjt Thanks for helping keep SourceForge clean. I was able to shut down my PC through task manager and on restarting all seems well. Because XP will not always show you hidden files and folders by default, Go to Start > Search and under "More advanced search options". IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. Search by size and names...

Please try again now or at a later time. Thanks for your help!Logfile of HijackThis v1.99.1Scan saved at 10:27:15 AM, on 9/1/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Analog Devices\SoundMAX\Smtray.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXEC:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exeC:\Program Files\Java\jre1.5.0_04\bin\jusched.exeC:\Program Files\Microsoft