Hi everybody,

I know it should not be there...

If I rename it or block it's access to Internet, in Zonealarm, I can't access any Web pages in IE6sp1 under Win98se.

I scanned my computer for trojans with TDS-3 and the only thing it did was tell me that this was a possible trojan infection. I already knew that...

Can anybody help me...

Hi laly, welcome to the forum :)

We sure do need some more details from you. Got the log from Trojan Hunter? What is trying to access the internet and to where? (what info does your firewall give on that).

Have you run an online AV scan?

Panda's Active Scan
http://www.pandasoftware.com/activescan/co...n_principal.htm

Trend Micro (PC-cillin) - Free on-line Scan
http://housecall.antivirus.com

RAV Antivirus Online Scan
http://www.ravantivirus.com/scan/

eTrust AV web scanner (Computer Associates)
http://www3.ca.com/virusinfo/virusscan.aspx

Also, have you run a thought antispyware check just in case it is a spyware related item?

See the Guidelines for posting at the top of the forum. Use the Adaware first, and let us know if that solves the problem. If not - post a HijackThis log. But please do the Adaware steps first.

Guidelines for Posting
http://forum.gladiator-antivirus.com/index...showtopic=10517

Hi Calamity,

Thank you very much for your answer.

I will try to be clearer, but this time I'm clueless...

I have been "on the net" for ten years now, been trough a few problems before but never one like this.

I have both AVG and Norton running in the back.

I run both AdAware and Spybot S&D weekly or every other week.

I also ran an online antivirus service, think it was Trend Micro plus HighJackThis twice

I found your forum while searching for a solution ;), do you have a clue...

Here is my HijackThis log

Logfile of HijackThis v1.97.5
Scan saved at 20:43:38, on 04-05-05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
D:\PROGRAM FILES\UTIL\AVG\AVGSERV9.EXE
C:\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMPAQ\COMPAQ EAB SOFTWARE\CPQEK.EXE
D:\PROGRAM FILES\UTIL\AVG\AVGCC32.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
D:\PROGRAM FILES\UTIL\MOONPHASE\MOON.EXE
D:\PROGRAM FILES\UTIL\TRANSPARENT\TRANSPARENTD.EXE
C:\PROGRAM FILES\SYMPATICO\ACCESS MANAGER\APP\ENTERNET.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\NOTEPAD.EXE
D:\PROGRAM FILES\UTIL\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = <none>
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wired.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.wired.com/
O2 - BHO: (no name) - {00000178-CD4A-447a-BCF9-6FD0096B5527} - D:\PROGRAM FILES\UTIL\PRIVACYBIRD\P3PCLIENT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [cpqek] C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
O4 - HKLM\..\Run: [AVG_CC] D:\PROGRAM FILES\UTIL\AVG\avgcc32.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [Avgserv9.exe] D:\PROGRA~1\UTIL\AVG\Avgserv9.exe
O4 - Startup: moon.exe.lnk = D:\Program Files\Util\MoonPhase\moon.exe
O4 - Startup: TransparentD.lnk = D:\Program Files\Util\Transparent\TransparentD.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Ouvrir le cadre dans une nouvelle fenêtre - file://C:\WINDOWS\web\reopen.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.sympatico.ca/homepage.html?blink=static
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.com/games/popcaploader_v5.cab

As you can see, I think, I am clean exept for C:\EXPLORER.EXE..?

Go to the sites below to scan that file:

C:\EXPLORER.EXE <--this file

Single file check (KAV)
http://www.kaspersky.com/remoteviruschk.html

Dr.Web online scan
http://www.dials.ru/english/www_av/

Each will give you a report at the end of the scan of tha file. Copy and paste the results back here.

Hi Calamity,

The file seems to be OK same size, 176kb, as the original. As a matter a fact, when I doubleclick on it, it opens another instance of Explorer..?


Kapersky Online Virus Scanner

Current object: Explorer.exe

Explorer.exe Ok

Statistics:
Known viruses: 88317 Updated: 7.05.2004
File size (Kb): 176 Scan time: 00:00:01
Speed (Kb/sec): 177 Virus bodies: 0
Archives: 0 Packed: 0
Folders: 0 Files: 1
Suspicious: 0 Warnings: 0


Online virus check by the latest version of Dr.Web® anti-virus

The latest virus identities update: 06.05.2004 21:53

Virus records: 49584
Explorer.exe - Ok

Thank you for your time...

Sounds good, laly :)