It's Cyber Monday - fantastic 70% discount

Buy Now

Limited time offer:

03

Days

/

00

Hrs

/

04

Min

/

04

Sec

Trojan.LowZone virus - tried Spybot, AdAware, Dr Delete etc and still will not fix

Posted 3/13/2006 7:20 PM
#28924
User avatar

Lazey Member

Date Joined Nov 2016
Total Posts: 3
Ive had a unregistered (identifies, but does not fix spyware problems until you pay) copy of Spyware Doctor for a long time now, and apparently had trojan virus on my comp for a while but it never gave me problems, norton never found it, and i got Trend Micro PC Cillin too, and they never found it either. Microsoft Defender did nto find any problems either. so that virus has just been chillin on my computer all this time. <br/> <br/>Anyways, now, yesterday night this norton window pops up telling me that there is another trojan virus, trojan.lowzone, and it cannot be deleted, and bla bla bla. No matter how many times i click OK it just keeps coming back up again, 100's of times. the virus keeps renaming itself, im sure yall are familiar with it. <br/> <br/>I got Hijack This and will post a log, and right now i am running a scan with MircoWorld AntiVirus, and apparently I am up to 7,000-something total critical objects (all but 14 of them are from the Norton Quarantine folder) and the # just keeps going,....and going...and going....every second it goes up and it been scanning for about 2 hours now. Actually now by the time this post is done it's up to about 7,500. <br/> <br/>ANY help with this I would appreciate SO Much, i have a Gigabyte of RAM and when i go to task manager, it says i am at 100% CPU usage, all the time, even with NOTHING running. I tried to help myself and search the web and this site etc, but nothing been able to help so far , Im at a loss. <br/> <br/>here is my hijack this log: <br/> <br/>Logfile of HijackThis v1.99.1 <br/>Scan saved at 2:18:34 PM, on 3/13/2006 <br/>Platform: Windows XP SP2 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\csrss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe <br/>C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe <br/>C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe <br/>C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\WINDOWS\system32\LEXBCES.EXE <br/>C:\WINDOWS\system32\LEXPPS.EXE <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\Program Files\Norton AntiVirus\navapsvc.exe <br/>C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe <br/>C:\WINDOWS\system32\wdfmgr.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\Program Files\AIM95\aim.exe <br/>C:\Program Files\Windows Defender\MsMpEng.exe <br/>C:\Program Files\Windows Defender\MSASCui.exe <br/>C:\DOCUME~1\K\LOCALS~1\Temp\mexe.com <br/>C:\DOCUME~1\K\LOCALS~1\Temp\kavss.exe <br/>C:\PROGRA~1\MOZILL~1\FIREFOX.EXE <br/>C:\Documents and Settings\K\Desktop\HijackThis.exe <br/> <br/>O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll <br/>O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll <br/>O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll <br/>O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll <br/>O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll <br/>O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll <br/>O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll <br/>O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide <br/>O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl <br/>O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background <br/>O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe <br/>O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html <br/>O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html <br/>O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html <br/>O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html <br/>O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html <br/>O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html <br/>O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll <br/>O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll <br/>O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing) <br/>O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe <br/>O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab <br/>O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe <br/>O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe <br/>O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe <br/>O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe <br/>O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE <br/>O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe <br/>O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe <br/>O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe <br/>O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe <br/>O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe <br/>O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe <br/>O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe <br/>O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe <br/>O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe <br/>O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe <br/>O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe <br/>O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe <br/> <br/> <br/>Not much is even running....I cant identify what is a virus and what aint, most of the programs look legit. I really need some help with this I am about to throw my computer out the window and smash it with hammers then hunt down the ******* who created this virus and do the same to them. JK. <br/> <br/>Thanks in advance guys =) <br/> <br/>Lazey
Posted 3/18/2006 12:22 AM
#29005
User avatar

Lazey Member

Date Joined Nov 2016
Total Posts: 3
Anyone....please help me out here....Im about to just wipe out my hard drive and start from scratch because I cant seem to get any help anywhere else...A reply from anyone with even a little knowlege woudl be much appreciated
Posted 3/18/2006 8:23 AM
#29015
User avatar

rpggamergirl Advanced member

Date Joined Nov 2016
Total Posts: 938
Your Hijackthis log is not showing any nasty entries, that happens sometimes, viruses/trojans doesn't normally show up in Hijackthis log. <br/>What we can do is run other diagnostic tools, or you could always manually delete those viruses that the other scanners did not delete. can you post those logs that <br/> <br/>You might also like to try using System Restore console, go back to a date before you got infected. If you have any of those logs that the other scanners produced post them here. <br/> <br/>It's hard to diagnose an infection when Hijackthis log does not show anything.
* You may pm me if you're still waiting for my follow-up post.
Posted 3/19/2006 5:54 PM
#29059
User avatar

Lazey Member

Date Joined Nov 2016
Total Posts: 3
Hey, thanks for the reply. <br/> <br/>i got myself into some problems because i looked up torjan lowone removal and on this site there were several topics and i attempted following their directions. first thing i did was disable system restore, following those directions, but that was stupid since i couldnt follow thru with the rest and now im left with no old checkpoints. <br/> <br/>Now i wish i had just system restored in the beginning but i was all coming in there like i was gonna kill this virus and kick its ass, yee ha, which failed LOL. now it wont even let me restore, even now that i re enabled it. <br/> <br/>Anyways, What other logs would you like? <br/> <br/>I dont know much about this all but i got Spybot S&D and some other programs, whatever would help. My trend pc antivirus now is finding the lowzone virus, but it aint deleting it or cleaning it just saying its deleted and quarantined, and my computer is still running crappy and slow, so, i know the virus is still here. <br/> <br/>Thanks for the help so far =)
Posted 3/19/2006 11:14 PM
#29061
User avatar

rpggamergirl Advanced member

Date Joined Nov 2016
Total Posts: 938
I've been in a couple of debates about turning off System Restore before scanning. I know antivirus sites and a lot of people suggest to turn off system restore before scanning. I am very much against this idea because sometimes it's easier to do system restore if malware are too stuborn to go away or if something happens while cleaning your pc that you need to go back. <br/> <br/> <br/>The only 2 reasons I can think of why Symantec and most sites suggest to turn off System Restore before scanning are: <br/>1. Scanning time is reduced. <br/>2. The possibility of "hangs/freeze" is also reduced(some scanners, like SpySweeper sometimes hangs when scanning this volume) <br/> <br/> <br/> <br/>It is better to have a bad system restore than none. Viruses in your System Restore(if there is) is INACTIVE. Viruses there will not harm your system, the only way they can be active is when you go back to that infected restore points. <br/>So the best time to turn off System Restore is after you've cleaned your system. All the viruses that have been backed-up in system restore points will be deleted when you turn it off. <br/> <br/> <br/>Can you manually empty or delete the virus in quarantine? <br/>Did MicroWorld AntiVirus gave you a logfile? just post the log here,omit the lines with cookies. <br/> <br/> <br/> <br/>Also try this diagnostic tools, let's see what they come up with: <br/>Please download Silent Runners. <br/>http://www.silentrunners.org/Silent%20Runners.vbs <br/>* Save it to the desktop. <br/>* Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop. <br/>* You will see a text file appear on the desktop - it's not done yet, just let it run (it won't appear to be doing anything!) <br/>* Once you receive the prompt "All Done!", double-click on the new text file on the desktop and copy that entire log and post it here, or upload it somewhere and just post the link here. <br/> <br/> <br/> <br/>*NOTE* If you receive any warning message about scripts, please choose to allow the script to run. <br/> <br/> <br/> <br/>Also try Blacklight: <br/> <br/>Download and save blacklight to your desktop. <br/>http://www.f-secure.com/blacklight/try.shtml <br/>Doubleclick blbeta.exe, accept the agreement, click scan > next. <br/> <br/>You'll see a list of all the items it found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (where xxxxxxx represents numbers). The application finds both bad files and legitimate ones such as "wbemtest.exe", so don't choose the rename option yet! Copy and paste the log it generated in your next reply.
* You may pm me if you're still waiting for my follow-up post.
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Saturday, December 3, 2016, 7:54 AM (GMT +1)
There are a total of 61,157 posts in 13,447 threads.
In the last 3 days there were 1 new threads and 1 reply posts.

Who's online

This forum has 37,966 registered members. Please welcome our newest member, Don Tee.
There are currently no users on-line.