troj harnig.gen

Discussion in 'Windows Desktop Systems' started by aznxcp4lyfez, May 2, 2005.

  1. aznxcp4lyfez

    aznxcp4lyfez OSNN One Post Wonder

    Messages:
    8
    i have a huge problem i got the trojan harnig virus and i was using avast it didn't do much to stop it so it messed up my computer and i scaned with trendmicro's online virus scanner and deleted the files but right now when i right click on my desktop and goto properties i only see screen saver and settings the rest of the tabs disappeared can anyone help me =\
    thanks in advance
     
  2. tdinc

    tdinc █▄█ ▀█▄ █ Political User

    Messages:
    3,507
    Location:
    Sterling Heights, MICHIGAN
    The trojan you have is a "Hijacker" try using a antispyware program
    like Spybot S&D or Microsoft Anti-Spyware to make sure the trojan is completly gone. you might also run "Hijack this" and post a log here on the forum.
     
  3. aznxcp4lyfez

    aznxcp4lyfez OSNN One Post Wonder

    Messages:
    8
    well i already did a spyware scan and everything is gone and here is my hijackthis log
    Logfile of HijackThis v1.99.1
    Scan saved at 5:20:18 PM, on 5/2/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Maxthon\Maxthon.exe
    C:\Documents and Settings\will\Desktop\HijackThis.exe

    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\system32\Services\{725EDAFE-3B61-440B-B5F7-C7BC104AA7D6}\SECURITY.EXE
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
     
  4. Nick

    Nick OSNN Lurker

    Messages:
    147
    Location:
    North West, UK
    The only thing from that list that I would check out is RadClock. It may well be benign, but I haven't seen it before, so it's worth checking.

    It looks like something has removed some of your system files. I'd try running sfc from a command prompt to try and restore any missing system files. To do this go to Run on your start menu and type cmd and click OK. Then type "sfc /SCANNOW" (without the quotes) and press enter. This should check your system for any missing/corrupt files.
     
  5. sean.ferguson

    sean.ferguson Moderator Folding Team

    Messages:
    1,693
    Location:
    Fife; Scotland
    when you run the above that Nick stated, make sure you have your Windows disc available tho :) you may need it.