Trojan.LowZone virus - tried Spybot, AdAware, Dr Delete etc and still will not fix

Posted 3/13/2006 7:20 PM
User avatar

Lazey Member

Date Joined Nov 2016
Total Posts: 3
Ive had a unregistered (identifies, but does not fix spyware problems until you pay) copy of Spyware Doctor for a long time now, and apparently had trojan virus on my comp for a while but it never gave me problems, norton never found it, and i got Trend Micro PC Cillin too, and they never found it either. Microsoft Defender did nto find any problems either. so that virus has just been chillin on my computer all this time.

Anyways, now, yesterday night this norton window pops up telling me that there is another trojan virus, trojan.lowzone, and it cannot be deleted, and bla bla bla. No matter how many times i click OK it just keeps coming back up again, 100's of times. the virus keeps renaming itself, im sure yall are familiar with it.

I got Hijack This and will post a log, and right now i am running a scan with MircoWorld AntiVirus, and apparently I am up to 7,000-something total critical objects (all but 14 of them are from the Norton Quarantine folder) and the # just keeps going,....and going...and going....every second it goes up and it been scanning for about 2 hours now. Actually now by the time this post is done it's up to about 7,500.

ANY help with this I would appreciate SO Much, i have a Gigabyte of RAM and when i go to task manager, it says i am at 100% CPU usage, all the time, even with NOTHING running. I tried to help myself and search the web and this site etc, but nothing been able to help so far , Im at a loss.

here is my hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 2:18:34 PM, on 3/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Documents and Settings\K\Desktop\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Not much is even running....I cant identify what is a virus and what aint, most of the programs look legit. I really need some help with this I am about to throw my computer out the window and smash it with hammers then hunt down the ******* who created this virus and do the same to them. JK.

Thanks in advance guys =)

Posted 3/18/2006 12:22 AM
User avatar

Lazey Member

Date Joined Nov 2016
Total Posts: 3
Anyone....please help me out here....Im about to just wipe out my hard drive and start from scratch because I cant seem to get any help anywhere else...A reply from anyone with even a little knowlege woudl be much appreciated
Posted 3/18/2006 8:23 AM
User avatar

rpggamergirl Advanced member

Date Joined Nov 2016
Total Posts: 938
Your Hijackthis log is not showing any nasty entries, that happens sometimes, viruses/trojans doesn't normally show up in Hijackthis log.
What we can do is run other diagnostic tools, or you could always manually delete those viruses that the other scanners did not delete. can you post those logs that

You might also like to try using System Restore console, go back to a date before you got infected. If you have any of those logs that the other scanners produced post them here.

It's hard to diagnose an infection when Hijackthis log does not show anything.
* You may pm me if you're still waiting for my follow-up post.
Posted 3/19/2006 5:54 PM
User avatar

Lazey Member

Date Joined Nov 2016
Total Posts: 3
Hey, thanks for the reply.

i got myself into some problems because i looked up torjan lowone removal and on this site there were several topics and i attempted following their directions. first thing i did was disable system restore, following those directions, but that was stupid since i couldnt follow thru with the rest and now im left with no old checkpoints.

Now i wish i had just system restored in the beginning but i was all coming in there like i was gonna kill this virus and kick its ass, yee ha, which failed LOL. now it wont even let me restore, even now that i re enabled it.

Anyways, What other logs would you like?

I dont know much about this all but i got Spybot S&D and some other programs, whatever would help. My trend pc antivirus now is finding the lowzone virus, but it aint deleting it or cleaning it just saying its deleted and quarantined, and my computer is still running crappy and slow, so, i know the virus is still here.

Thanks for the help so far =)
Posted 3/19/2006 11:14 PM
User avatar

rpggamergirl Advanced member

Date Joined Nov 2016
Total Posts: 938
I've been in a couple of debates about turning off System Restore before scanning. I know antivirus sites and a lot of people suggest to turn off system restore before scanning. I am very much against this idea because sometimes it's easier to do system restore if malware are too stuborn to go away or if something happens while cleaning your pc that you need to go back.

The only 2 reasons I can think of why Symantec and most sites suggest to turn off System Restore before scanning are:
1. Scanning time is reduced.
2. The possibility of "hangs/freeze" is also reduced(some scanners, like SpySweeper sometimes hangs when scanning this volume)

It is better to have a bad system restore than none. Viruses in your System Restore(if there is) is INACTIVE. Viruses there will not harm your system, the only way they can be active is when you go back to that infected restore points.
So the best time to turn off System Restore is after you've cleaned your system. All the viruses that have been backed-up in system restore points will be deleted when you turn it off.

Can you manually empty or delete the virus in quarantine?
Did MicroWorld AntiVirus gave you a logfile? just post the log here,omit the lines with cookies.

Also try this diagnostic tools, let's see what they come up with:
Please download Silent Runners.
* Save it to the desktop.
* Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
* You will see a text file appear on the desktop - it's not done yet, just let it run (it won't appear to be doing anything!)
* Once you receive the prompt "All Done!", double-click on the new text file on the desktop and copy that entire log and post it here, or upload it somewhere and just post the link here.

*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.

Also try Blacklight:

Download and save blacklight to your desktop.
Doubleclick blbeta.exe, accept the agreement, click scan > next.

You'll see a list of all the items it found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (where xxxxxxx represents numbers). The application finds both bad files and legitimate ones such as "wbemtest.exe", so don't choose the rename option yet! Copy and paste the log it generated in your next reply.
* You may pm me if you're still waiting for my follow-up post.
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Wednesday, January 17, 2018, 2:14 AM (GMT +1)
There are a total of 61,546 posts in 13,546 threads.
In the last 3 days there were 2 new threads and 6 reply posts.

Who's online

This forum has 38,178 registered members. Please welcome our newest member, mahi21212.
There are currently no users on-line.
We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.