Member Panel

jakedude182 · new hjt on 30.6.07.txt (6.8 KB, 4 views)

Hi,
I had found a Kb16 file (MS-DOS) in system 32 that looked suspicious that is recent, must have come in about the last 2 weeks max. there are also a lot (20+) of other files symilar to it named kb & kd things. An example is "Kbdcr.dll" "Kbdir.dll" etc.
So I scanned with windows defender, and didn't find anthing. Had recently stopped using spysweeper, tried a scan with that and it found a "Troj/Killav-DQ" that it says is a self replicating program that can infect computer code, documents, or applications and that it can replicate uncontollably inhibiting system performance, its risk rating is 5 of 5 bars. Spysweeper quarantined it for now, however im not sure that it can delete it with an expired trial version.

I havn't seen anything different inm security task maneger, or any startup programs. I have attached a hjt, also a spysweeper logfile. the virus/trojan is here on Troj/Killav-DQ - Trojan - Sophos threat analysis

nothing seems to be different yet, startup may be slightly slower, and I havn't seen any new processes.

help would be greatly appreciated.

thanks, jake

jakedude182

I have also shredded sectaskman in the location using avgantispyware
C:\Documents and Settings\All Users\Application Data\SecTaskMan
after googling it and finding bad results, also it had a whole range of files that I searched and were known to be bad
"_entreelist" was one of them.
sectaskman - Google Search

services.exe and lsass.exe also seem to be using low cpu.

any suggestions or help would be very appreciated

thanks, jake

elpmek · 01:19 AM

chiaz: Comment removed. Malware removal can be a dangerous thing for untrained personnel. For users' safety, we only allow trusted helper groups here to assist in malware removal. Thank you for your understanding. If you would like to be part of the team, please check out:
http://www.pchelpforum.com/hijackthi...tructions.html

chiaz

Hello Jake, your HijackThis log doesn't show much.

Can you please run SUPERAntiSpyware and AVG Anti-Spyware in the Prework (link is in my signature). Attach the new logs in your next reply, and we'll take it from there.

jakedude182

ok thanks,
a SecTaskMan folder keeps getting created and I keep deleting it for now, the system is going slower. I will post logs soon.

thanks, jake

jakedude182 · hjt on 1.7.07 safe mode.txt (6.7 KB, 3 views)

ok,
I have attached an avg antispyware log and a new hjt created on normal logon. I didn't have time to do a sas scan, will post another time. The Troj/Killav-DQ is in the spysweeper quarantine, should I delete it?
The computer is performing ok, but services and lsass.exe somtimes use more cpu than normal.

thanks, jake

Member Panel

Sponsors and Ads

Live Tag Cloud