|
Donation/Premium |
|
 |
|
|
|
|
|
|
|
Survey |
|
|
|
|
|
|
|
|
|
|
|
| View previous topic :: View next topic |
| Author |
Message |
juggler1972
Guest
IP: 205.161.*.*
|
 Posted: Thu Dec 04, 2003 9:07 pm Post subject: ANyone heard of Vanquish.exe |
|
|
its a part of a virus on my system that Mcafee cant delete (i get the"delete error" response
thanks
|
|
| Back to top |
|
 |
TonyKlein
Site Moderator
Microsoft MVP
Joined: Oct 15, 2002
Posts: 13113
Location: Netherlands
|
| Posted: Thu Dec 04, 2003 9:25 pm Post subject: |
|
|
We'd like a closer look, please:
Go to http://tomcoyote.org/hjt/ , and download 'Hijack This!'.
Unzip, doubleclick HijackThis.exe, and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and please show us its contents.
Most of what it lists will be harmless or even required, so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.
_________________
Tony  CLSID List
|
|
| Back to top |
|
|
juggler1972
Guest
IP: 205.161.*.*
|
| Posted: Thu Dec 04, 2003 9:56 pm Post subject: |
|
|
Logfile of HijackThis v1.97.7
Scan saved at 5:02:44 PM, on 12/4/03
Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\spoolss.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINNT\System32\cpqalert.exe
C:\WINNT\CPQDIAG\CPQDFWAG.EXE
C:\Program Files\COMPAQ\CpqWebDMI\webdmi.EXE
C:\WINNT\SYSTEM32\CatRoot\cabs\# Servermake\service.exe
c:\jetsuite\jsdaemon.exe
C:\WINNT\System32\mgasc.exe
C:\WINNT\System32\mgactrl.exe
C:\WINNT\system32\RpcSs.exe
C:\WINNT\system32\dllcache\vanquish_files\lsass.exe
c:\winnt\system32\spool\network\network\csrss.exe
C:\WINNT\system32\tapisrv.exe
c:\winnt\system32\spool\network\network\ms\CSRSS.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\WINNT\system32\rasman.exe
C:\WINNT\system32\MSTask.exe
c:\dmi\win32\bin\Win32sl.exe
c:\winnt\system32\pstores.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINNT\Explorer.EXE
C:\mouse\system\em_exec.exe
C:\WINNT\System32\loadwc.exe
C:\WINNT\System32\CHKADMIN.EXE
C:\Program Files\MGA NT PowerDesk\QDesk\MGAQDESK.EXE
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\Program Files\PestPatrol\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\jetsuite\JETSTAT.EXE
C:\Palm\HOTSYNC.EXE
c:\jetsuite\JSFMAN.EXE
C:\WINNT\SYSTEM32\MDM.EXE
C:\WINNT\System32\ddhelp.exe
C:\PROGRA~1\Plus!\MICROS~1\iexplore.exe
C:\Program Files\Plus!\Microsoft Internet\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 4.0\Reader\AcroRd32.exe
C:\Program Files\Plus!\Microsoft Internet\IEXPLORE.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\MktData\ilx.exe
C:\Program Files\Plus!\Microsoft Internet\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\America Online 5.0\waol.exe
C:\PROGRA~1\MICROS~1\Office\OUTLOOK.EXE
C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
C:\WINNT\System32\taskmgr.exe
C:\TEMP\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINNT\Downloaded Program Files\ycomp5_1_6_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [CHKADMIN] CHKADMIN.EXE
O4 - HKLM\..\Run: [MGABG] "C:\WINNT\System32\MGABG.EXE"
O4 - HKLM\..\Run: [MGA QuickDesk] "C:\Program Files\MGA NT PowerDesk\QDesk\MGAQDESK.EXE"
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - Startup: America Online 5.0 Tray Icon.lnk = C:\America Online 5.0\aoltray.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: HP LaserJet 3150 Status.lnk = C:\jetsuite\JETSTAT.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .acp: C:\GOLDMAN\BIN\NpActPlg.dll
O12 - Plugin for .gsi: C:\Goldman\Reporting\np2_0ei32.dll
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {42E317A5-86A1-447B-BCED-1B802844D74D} (ILXWebAppHelperFactory Class) - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {48BAE8BB-A034-11D2-B9D3-00C04F753F09} (BridgeChannel) - http://channel.bridge.com/bc/java/install.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/d052c1d7d32ead/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://www.wildtangent.com/install/wdriver/ddc/shockwave/blackhawkstriker/wtinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4270/mcfscan.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/ym/yiebio5_1_6_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sprintlink.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sprintlink.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 204.117.214.10 199.2.252.10 204.97.212.10
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = sprintlink.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 204.117.214.10 199.2.252.10 204.97.212.10
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = sprintlink.net
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 204.117.214.10 199.2.252.10 204.97.212.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 204.117.214.10 199.2.252.10 204.97.212.10
|
|
| Back to top |
|
|
juggler1972
Guest
IP: 205.161.*.*
|
| Posted: Thu Dec 04, 2003 9:59 pm Post subject: |
|
|
BTW I realize I have way way too many background services running --but I never know why so many come on at strtup and I never know which ones I should "end process"
Any help clearing this up too would be most appreciated.
The knowledge on this site is incredible !!
|
|
| Back to top |
|
|
TonyKlein
Site Moderator
Microsoft MVP
Joined: Oct 15, 2002
Posts: 13113
Location: Netherlands
|
| Posted: Thu Dec 04, 2003 10:10 pm Post subject: |
|
|
Well, this is an extremely dubious process you have running:
C:\WINNT\system32\dllcache\vanquish_files\lsass.exe
I'd like you to restart your computer, re-run Hijack This, and press "Config" > "Miscellaneous Tools".
Now, under the "Generate Startuplist log" button, check both the "List also minor sections" and "list empty sections" boxes.
Next, press "Generate Startuplist Log"
This will generate a text file that will list all running processes, all applications that are loaded automatically when you start Windows, and more.
Go to Edit > select all, copy it and post its contents here.
Meanwhile also run an online virus scan at Trend Micro HouseCall or Panda Active Scan
_________________
Tony CLSID List
|
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
Powered by phpBB © 2001 phpBB Group
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
