mIRC Homepage

peerbot trojan

Posted By: moofster

peerbot trojan - 18/09/06 01:08 AM

i was told to use hijackthis.exe and save a log to post on a forum site so that is what i did. Can ne1 help me with this?

this is what i was told

<dreppy> there is a rbot/peerbot trojan on this computer addres
<dreppy> address
<dreppy> clean this computer to keep from getting glined
<dreppy> http://localhost.nl/~prysm/hijackthis.exe will get you a list of processes on your computer
<dreppy> look for the line that shows shell=explorer.exe virus-file.exe to find the name of the 'virus-file.exe

this is the log

Logfile of HijackThis v1.99.1
Scan saved at 6:58:16 PM, on 9/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\mIRC\download\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tyler\Local Settings\Temporary Internet Files\Content.IE5\S3FVI0P1\hijackthis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
F2 - REG:system.ini: Shell=Explorer.exe msdhcp.exe
O1 - Hosts: avp.com
O1 - Hosts: ca.com
O1 - Hosts: customer.symantec.com
O1 - Hosts: dispatch.mcafee.com
O1 - Hosts: download.mcafee.com
O1 - Hosts: downloads1.kaspersky-labs.com
O1 - Hosts: downloads2.kaspersky-labs.com
O1 - Hosts: downloads3.kaspersky-labs.com
O1 - Hosts: downloads4.kaspersky-labs.com
O1 - Hosts: downloads-eu1.kaspersky-labs.com
O1 - Hosts: downloads-eu2.kaspersky-labs.com
O1 - Hosts: downloads-eu3.kaspersky-labs.com
O1 - Hosts: downloads-eu4.kaspersky-labs.com
O1 - Hosts: downloads-us1.kaspersky-labs.com
O1 - Hosts: downloads-us2.kaspersky-labs.com
O1 - Hosts: downloads-us3.kaspersky-labs.com
O1 - Hosts: downloads-us4.kaspersky-labs.com
O1 - Hosts: f-secure.com
O1 - Hosts: ftp.avp.com
O1 - Hosts: ftp.ca.com
O1 - Hosts: ftp.customer.symantec.com
O1 - Hosts: ftp.dispatch.mcafee.com
O1 - Hosts: ftp.download.mcafee.com
O1 - Hosts: ftp.downloads1.kaspersky-labs.com
O1 - Hosts: ftp.downloads2.kaspersky-labs.com
O1 - Hosts: ftp.downloads3.kaspersky-labs.com
O1 - Hosts: ftp.downloads4.kaspersky-labs.com
O1 - Hosts: ftp.downloads-eu1.kaspersky-labs.com
O1 - Hosts: ftp.downloads-eu2.kaspersky-labs.com
O1 - Hosts: ftp.downloads-eu3.kaspersky-labs.com
O1 - Hosts: ftp.downloads-eu4.kaspersky-labs.com
O1 - Hosts: ftp.downloads-us1.kaspersky-labs.com
O1 - Hosts: ftp.downloads-us2.kaspersky-labs.com
O1 - Hosts: ftp.downloads-us3.kaspersky-labs.com
O1 - Hosts: ftp.downloads-us4.kaspersky-labs.com
O1 - Hosts: ftp.f-secure.com
O1 - Hosts: ftp.grisoft.com
O1 - Hosts: ftp.kaspersky.com
O1 - Hosts: ftp.kaspersky-labs.com
O1 - Hosts: ftp.liveupdate.symantec.com
O1 - Hosts: ftp.liveupdate.symantecliveupdate.com
O1 - Hosts: ftp.mast.mcafee.com
O1 - Hosts: ftp.mcafee.com
O1 - Hosts: ftp.my-etrust.com
O1 - Hosts: ftp.nai.com
O1 - Hosts: ftp.networkassociates.com
O1 - Hosts: ftp.norton.com
O1 - Hosts: ftp.rads.mcafee.com
O1 - Hosts: ftp.sandbox.norman.com
O1 - Hosts: ftp.secure.nai.com
O1 - Hosts: ftp.securityresponse.symantec.com
O1 - Hosts: ftp.sophos.com
O1 - Hosts: ftp.symantec.com
O1 - Hosts: ftp.symantecliveupdate.com
O1 - Hosts: ftp.symatec.com
O1 - Hosts: ftp.trendmicro.com
O1 - Hosts: ftp.uk.trendmicro-europe.com
O1 - Hosts: ftp.update.symantec.com
O1 - Hosts: ftp.updates.symantec.com
O1 - Hosts: ftp.updates1.kaspersky-labs.com
O1 - Hosts: ftp.updates2.kaspersky-labs.com
O1 - Hosts: ftp.updates3.kaspersky-labs.com
O1 - Hosts: ftp.updates4.kaspersky-labs.com
O1 - Hosts: ftp.us.mcafee.com
O1 - Hosts: ftp.viruslist.com
O1 - Hosts: grisoft.com
O1 - Hosts: kaspersky.com
O1 - Hosts: kaspersky-labs.com
O1 - Hosts: liveupdate.symantec.com
O1 - Hosts: liveupdate.symantecliveupdate.com
O1 - Hosts: mast.mcafee.com
O1 - Hosts: mcafee.com
O1 - Hosts: my-etrust.com
O1 - Hosts: nai.com
O1 - Hosts: networkassociates.com
O1 - Hosts: norton.com
O1 - Hosts: pandasoftware.com
O1 - Hosts: rads.mcafee.com
O1 - Hosts: sandbox.norman.com
O1 - Hosts: secure.nai.com
O1 - Hosts: securityresponse.symantec.com
O1 - Hosts: sophos.com
O1 - Hosts: symantec.com
O1 - Hosts: symantecliveupdate.com
O1 - Hosts: symatec.com
O1 - Hosts: trendmicro.com
O1 - Hosts: uk.trendmicro-europe.com
O1 - Hosts: update.symantec.com
O1 - Hosts: updates.symantec.com
O1 - Hosts: updates1.kaspersky-labs.com
O1 - Hosts: updates2.kaspersky-labs.com
O1 - Hosts: updates3.kaspersky-labs.com
O1 - Hosts: updates4.kaspersky-labs.com
O1 - Hosts: us.mcafee.com
O1 - Hosts: viruslist.com
O1 - Hosts: virusscan.jotti.org
O1 - Hosts: virustotal.com
O1 - Hosts: www.avp.com
O1 - Hosts: www.ca.com
O1 - Hosts: www.customer.symantec.com
O1 - Hosts: www.dispatch.mcafee.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft HDCP for NT] msdhcp.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\RunServices: [Microsoft HDCP for NT] msdhcp.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft HDCP for NT] msdhcp.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\RunServices: [Microsoft HDCP for NT] msdhcp.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab40641.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{642568FF-1B0F-42F3-B376-AF87C4971AE0}: NameServer =
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\mIRC\download\Spy Sweeper\WRSSSDK.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
Posted By: RusselB

Re: peerbot trojan - 18/09/06 01:51 AM

The file that's being detected as a trojan is msdhcp.exe

You should ensure that your anti-virus is up-to-date, and check that file and any others that came with it. I don't recognize the file, so I have no idea where you got it from. If you can identify which program it is associated with, you should check with the authors of that program and see if they have an update available.
Posted By: FNar

Re: peerbot trojan - 18/09/06 01:57 AM

Or post it where you were told to post it - the hijackthis support forum on which you were told to run hijackthis.
Posted By: moofster

Re: peerbot trojan - 18/09/06 01:59 AM

i was told to run it by dreppy on irc undernet he did not tell me where to post it so i thought to come here first.
Posted By: Scorpwanna

Re: peerbot trojan - 19/09/06 03:51 PM

And this has what to do with mIRC?
Posted By: moofster

Re: peerbot trojan - 19/09/06 06:46 PM

i can't log on to undernet because of some virus. however if yno-one here can help me then i guess i will have to find help somewhere else. thanks for taking the time to read over my problem though.
Posted By: Firestarter

Re: peerbot trojan - 19/09/06 07:23 PM

Dont know if you have already looked using Google but ~if~ it is msdhcp.exe that is the problem then have a look HERE
It may help or not.
Good luck
Posted By: KidSol

Re: peerbot trojan - 22/09/06 02:43 AM

Never run Hijackthis from temp or zip file
always make sure to create a folder for it on ur desktop so it will scan ur whole pc and it will create backup for the item u fix just incase u fix the wrong entry.
Posted By: FaiNT

Re: peerbot trojan - 08/12/06 04:16 PM

msdhcp.exe IS the vruis, there will be no other copys of it but this, after removeing it, do a hard reboot (un pulg ur hd) and then u are good
Posted By: Riamus2

Re: peerbot trojan - 08/12/06 10:25 PM

You never have to unplug your hard drive to fix any virus issues. A "hard" reboot is turning off your computer and then turning it on, or else using the Reset button. A "soft" reboot is using Ctrl-Alt-Del to reboot, or using Windows' "reboot" option from the Start menu or the task manager or any other location, such as when a new program is installed and wants to reboot your computer.
© 2021 mIRC Discussion Forums