Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Mülltonne (https://www.trojaner-board.de/muelltonne/)
-   -   Trojan-Clicker.Win32.VB.fo (https://www.trojaner-board.de/32688-trojan-clicker-win32-vb-fo.html)

calypsoo 05.10.2006 18:43
Trojan-Clicker.Win32.VB.fo
 
Hi
kennt sich einer mit der Entfernung von Trojan-Clicker.Win32.VB.fo (bzw TR/Spy.Banbra.df.199) aus??
Complete scanning result of "command.exe", received in VirusTotal at 10.05.2006, 17:56:37 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.22 10.05.2006 TR/Spy.Banbra.df.199
Authentium 4.93.8 10.05.2006 W32/Agent.WF
Avast 4.7.892.0 10.05.2006 Win32:Adware-gen.
AVG 386 10.04.2006 Adware Generic.GVT
BitDefender 7.2 10.05.2006 Adware.CommAd.A
CAT-QuickHeal 8.00 10.05.2006 AdWare.CommAd.a (Not a Virus)
ClamAV devel-20060426 10.05.2006 Trojan.Downloader.VB-104
DrWeb 4.33 10.05.2006 Trojan.Proxy.493
eTrust-InoculateIT 23.73.14 10.05.2006 no virus found
eTrust-Vet 30.3.3115 10.05.2006 no virus found
Ewido 4.0 10.05.2006 Adware.CommAd
Fortinet 2.82.0.0 10.05.2006 W32/Agent.WF!tr
F-Prot 3.16f 10.04.2006 security risk named W32/Agent.WF
F-Prot4 4.2.1.29 10.04.2006 W32/Agent.WF
Ikarus 0.2.65.0 10.05.2006 AdWare.CommAd.A
Kaspersky 4.0.2.24 10.05.2006 Trojan-Clicker.Win32.VB.fo
McAfee 4867 10.05.2006 potentially unwanted program Adware-Isearch
Microsoft 1.1603 10.05.2006 CMDService (threat-c)
NOD32v2 1.1791 10.05.2006 Win32/Adware.CommAd
Norman 5.80.02 10.05.2006 W32/CommAd.A
Panda 9.0.0.4 10.04.2006 Adware/CommAd
Sophos 4.10.0 10.05.2006 no virus found
Symantec 8.0 10.04.2006 no virus found
TheHacker 6.0.1.092 10.05.2006 Adware/CommAd.a
UNA 1.83 10.05.2006 Adware.CommAd.CAA7
VBA32 3.11.1 10.05.2006 AdWare.Win32.CommAd.a
VirusBuster 4.3.7:9 10.05.2006 Adware.CommAd.C

Aditional Information
File size: 293888 bytes
MD5: 3e2c234dde711c6754f2df994fb3cc94
SHA1: 14ed43e58d0fea3404886824d011814a241caaac
packers: UPX

das sitzt bei mir da---->C:\WINDOWS\TWlyaWFt\command.exe

Lg Cali

BataAlexander 05.10.2006 23:47
Hallo calypso,

sieht sehr schlecht aus, wird als Backdoor klassifizuert. Post bitte trotzdem noch ein HiJackThis Logfile.

Gruß :)

Schrulli

calypsoo 06.10.2006 20:52
hi
ich glaube es ist wech.. oder??
Logfile of HijackThis v1.99.1
Scan saved at 21:54:46, on 06.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\DrWeb\SpiderNT.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\ups.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Dit.exe
C:\Programme\Medion\PowerCinema\My_TV\Agent.exe
C:\WINDOWS\DitExp.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\D-Tools\daemon.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\Softwin\BitDefender8\bdnagent.exe
C:\Programme\a-squared Anti-Malware\a2guard.exe
C:\PROGRA~1\DrWeb\spidernt.exe
C:\Programme\DrWeb\spiderml.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Programme\AntiVir PersonalEdition Classic\avcenter.exe
C:\Programme\AntiVir PersonalEdition Classic\avscan.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Programme\a-squared Anti-Malware\a2HiJackFree.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://w.medion.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://w.medion.com/
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Agent] C:\Programme\Medion\PowerCinema\My_TV\Agent.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ylz4e62f] RUNDLL32.EXE w1298ac6.dll,n 0054e62a0000000a1298ac6
O4 - HKLM\..\Run: [BDMCon] "C:\Programme\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programme\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Programme\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [DrWebScheduler] C:\Programme\DrWeb\DRWEBSCD.EXE
O4 - HKLM\..\Run: [SpIDerNT] C:\PROGRA~1\DrWeb\spidernt.exe /agent
O4 - HKLM\..\Run: [SpIDerMail] "C:\Programme\DrWeb\spiderml.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {79629ABC-1DDD-490E-8AA3-28B1739FC9BC} - h**p://w.medionshop.de/ (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll
O14 - IERESET.INF: START_PAGE_URL=h**p://w.medion.com/
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - h**p://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143192665890
O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\CYAB4SMK.DLL (file missing)
O20 - Winlogon Notify: H323TSP - C:\WINDOWS\system32\ciseqchk.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Instant Messanger (AIM) - Unknown owner - C:\WINDOWS\aim.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Network Monitor - Unknown owner - C:\Programme\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SpIDer Guard for Windows NT (spidernt) - Doctor Web, Ltd. - C:\PROGRA~1\DrWeb\SpiderNT.exe
O23 - Service: Microsoft SSL (ssl) - Unknown owner - C:\WINDOWS\System32\ssl.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

greetz cali

felix1 06.10.2006 21:06
Erkläre doch mal, warum Du zwei Thread hast
http://www.trojaner-board.de/showthr...500#post235500


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:15 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131