Re: Possible Hijacker

From: Alex.V.Prokhorov ()alexvp_at_ch(dot)moldpac.md)
Date: 08/18/04 

Date: Thu, 19 Aug 2004 00:46:27 +0300

      Into the name of Electron, and Silicon, and Binary Numeration, greet
you Stephanie! I wish to continue prayer, addressed by you at 18 ??????? to
on cause "Possible Hijacker".

S> Logfile of HijackThis v1.97.7
S> Scan saved at 10:16:31 PM, on 8/17/2004
S> Platform: Windows XP SP1 (WinNT 5.01.2600)
S> MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
S>
S> Running processes:

[Sorry, skipped]

S> C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
S> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    Who is "Synaptics"?

S> C:\Program Files\DR_S\DR_S.exe

    Who is "DR_S"?

S> C:\WINDOWS\System32\wuauclt.exe

    Sasser worm?

S> O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} -
S> C:\WINDOWS\questmod.dll
S> O2 - BHO: (no name) - {B20208D4-9EEB-D3CD-F2B2-EAA1144CA89F} -
S> C:\PROGRA~1\INTERN~2\freejugs.exe

    Who are its?

S> O4 - HKLM\..\Run: [Download eggs] C:\PROGRA~1\FORDUP~1\owns style
S> htm.exe

    Strange eggs...

S> O4 - HKLM\..\Run: [AnteLessDentTest] C:\Documents and Settings\All
S> Users\Application Data\greytrayanteless\First Seek.exe

    Who is "greytray AnteLess DentTest"?

S> O4 - HKCU\..\Run: [DR_S] C:\Program Files\DR_S\DR_S.exe

    One more time "DR_S". 

--
<EOF>!
Alex.V.Prokhorov.
.
[Spam to spamers: reklams@tom.com; newbases@post.cz; trade@roxrox.cjb.net;
info@elektrik-komplekt.ru; info@officemaker.cjb.net;
wealth-support@altern.org; a40richman@seznam.cz; hotos2004@netscape.net;
sistema17@yandex.ru; nevajno2003@yahoo.com]