Downloader.swizzor.8.BK Trojan

Posted 2/1/2007 3:00 AM
#42568
User avatar

MikeShad Member

Date Joined Nov 2016
Total Posts: 1
I recently started receiving a lot of pop-ups, and I assumed it was from some spyware I picked up. I had to run Norton, Spybot, Adaware, and Windows Defender several times to finally get rid of them. Then Norton started detecting a virus: adware.lop or adware.lop!dl. It would remove it, but a few minutes later it would come back. I installed AVG. When I ran the scan it found nothing, but it started giving me warning about a trojan called Downloader.swizzor.8.BK. Now both programs pop up with the virus warnings with each type of virus. Removing them does nothing. They come right back.

Here's my Hijackthis log. Any help would be greatly appreciated.


Logfile of HijackThis v1.99.1
Scan saved at 9:58:37 PM, on 1/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec

Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec

Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec

Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec

Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec

Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program

Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton

AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\Symantec

Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program

Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec

Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\YTBSDK.

exe
C:\Program

Files\Google\GoogleToolbarNotifier\1.2.1128.5462\

GoogleToolbarNotifier.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page =

https://albany.mediacomtoday.com/community/index.p

hp
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

https://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

https://us.rd.yahoo.com/customize/ie/defaults/su/m

sgr8/*https://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Bar =

https://us.rd.yahoo.com/customize/ie/defaults/sb/m

sgr8/*https://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet

Explorer\SearchURL,(Default) =

https://us.rd.yahoo.com/customize/ie/defaults/su/m

sgr8/*https://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\Program

Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper -

{02478D38-C3F9-4EFB-9B51-7695ECA05670} -

C:\Program

Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) -

{53707962-6F74-2D53-2644-206D7942484F} -

C:\Program Files\Spybot - Search &

Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button -

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -

C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class -

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: NAV Helper -

{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} -

C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper -

{AA58ED58-01DD-4d91-8333-CF10577473F7} -

c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Norton AntiVirus -

{C4069E3A-68F1-403E-B40E-20066696354B} -

C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\Program

Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google -

{2318C2B1-4965-11d4-9B18-009027A5CD4F} -

c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program

Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched]

"C:\Program

Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SBDrvDet] "C:\Program

Files\Creative\SB Drive Det\SBDrvDet.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE"

C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE"

C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program

Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVG7_CC]

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI

Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI

Technologies\ATI.ACE\CLIStart.exe"
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN

Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\1.2.1128.5462\

GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed

Launch.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema

Manager.lnk = C:\Program

Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Yahoo! Search -

https://messenger.zone.msn.com/binary/msgrchkr.cab

31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715}

(Creative Software AutoUpdate) -

https://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1}

(ewidoOnlineScan Control) -

https://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}

(YInstStarter Class) - C:\Program

Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8}

(ActiveDataInfo Class) -

https://www-secure.symantec.com/techsupp/asa/ctrl

/SymAData.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B}

(FilePlanet Download Control Class) -

https://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2

.100.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345}

(Symantec SmartIssue) -

https://www-secure.symantec.com/techsupp/asa/ctrl

/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345}

(Symantec Script Runner Class) -

https://www-secure.symantec.com/techsupp/asa/ctrl

/tgctlsr.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862}

(Symantec Download Manager) -

https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739}

(Verizon Wireless Media Upload) -

https://www.vzwpix.com/activex/VerizonWirelessUplo

adControl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}

(MessengerStatsClient Class) -

https://messenger.zone.msn.com/binary/MessengerSta

tsClient.cab31267.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722}

(DVCDownloadControl) -

https://download.games.yahoo.com/games/web_games/s

ony/davinci/DVCDownloadControl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadControl Class) -

https://messenger.msn.com/download/MsnMessengerSet

upDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999}

-

https://us.dl1.yimg.com/download.yahoo.com/dl/inst

alls/suite/yautocomplete.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}

(ActiveDataInfo Class) -

https://www-secure.symantec.com/techsupp/asa/SymA

Data.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB}

(iTunesDetector Class) -

https://ax.phobos.apple.com.edgesuite.net/detectio

n/ITDetector.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48}

(Yahoo! Webcam Viewer Wrapper) -

https://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6}

(MSN Chat Control 4.5) -

https://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29}

(Creative Software AutoUpdate Support Package) -

https://www.creative.com/su/ocx/15026/CTPID.cab
O17 -

HKLM\System\CCS\Services\Tcpip\..\{59228F13-C333-

4CBE-B125-8076172B1228}: NameServer = 192.168.0.1
O18 - Protocol: msnim -

{828030A1-22C1-4009-854F-8E305202313F} -

"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon -

C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier -

WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj -

{AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI

Technologies Inc. -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner -

C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler -

Symantec Corporation - C:\Program

Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server

(Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) -

GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) -

GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr)

- Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager

(ccSetMgr) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) -

Google - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager

(IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\11\Intel

32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer,

Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation

- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect

Service (navapsvc) - Symantec Corporation -

C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor

Service (NPFMntor) - Symantec Corporation -

C:\Program Files\Norton

AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service

(NSCService) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\Security

Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service

(NVSvc) - NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) -

Symantec Corporation - C:\Program Files\Norton

AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service

(SNDSrvc) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation -

C:\Program Files\Common Files\Symantec

Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec

Corporation - C:\Program Files\Common

Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Security Center (wscsvc) - Unknown

owner -

C:\WINDOWS\C:\WINDOWS\System32\svchost.exe (file

missing)
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Sunday, February 17, 2019, 10:46 AM (GMT +1)
There are a total of 61,693 posts in 13,599 threads.
In the last 3 days there were 0 new threads and 2 reply posts.

Who's online

This forum has 38,452 registered members. Please welcome our newest member, kenyon graham.
There are currently no users on-line.
We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.