jathuerk

Members
 View Profile  See their activity

  • Content Count

    2

  • Joined

  • Last visited

 Content Type 

Posts posted by jathuerk

  2. Have Perfcoo Trojan Cannot Rid[INACTIVE]

    in Malware Removal

    Posted · Edited by jathuerk

    Hi I recently connected my computer to a dorm network and I had 3 moth old definitions on my symantec antivirus. I got the trojan called perfcoo or perfc000.dat I do not know how I got it as I was not using my computer when the security alerts began appearing. The symptoms are that if I have symantec active protection on I get about 3 alerts per second about perfc000.dat until my computer locks up after about 10-15 minutes. I have followed the symmantec instructions to remove this trojan but it did not work, the trojan just appeared again immediatly after removal. Also the registry key modification instructions are not clear and detailed enough for me to follow. I have read around about this and it looks like a nasty one to remove.

    I have done updated ad aware, symantec antivirus and spy bot search and destroy scans while in safe mode and nothing has removed the trojan

    here is my log file from hijak this, I hope someone can help, thanks in advance.

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 10:33:37 AM, on 9/3/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16512)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\RunDll32.exe

    C:\WINDOWS\system32\carpserv.exe

    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

    C:\Program Files\AIM\aim.exe

    C:\Program Files\Uniblue\ProcessLibrary\qaccess.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

    C:\WINDOWS\system32\HPZipm12.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\ZyXEL\G-302v2\tiwlnsvc.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.wisc.edu/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    O2 - BHO: (no name) - AutorunsDisabled - (no file)

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

    O4 - HKLM\..\Run: [CARPService] carpserv.exe

    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe

    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

    O4 - HKCU\..\Run: [uniblue Quick Access] "C:\Program Files\Uniblue\ProcessLibrary\qaccess.exe" /startup

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - Global Startup: AutorunsDisabled

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

    O9 - Extra button: (no name) - AutorunsDisabled - (no file)

    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O16 - DPF: ActiveGS.cab - http://www.virtualapple.com/activegs.cab

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{8577AE3C-8681-44FC-BBC4-B365634F29F5}: NameServer = 194.54.90.226

    O17 - HKLM\System\CCS\Services\Tcpip\..\{A0243ACE-7216-4E05-896B-8064E0070CA5}: NameServer = 194.54.90.226

    O17 - HKLM\System\CCS\Services\Tcpip\..\{ABB638D0-1F64-455F-9C79-D7B7766C778E}: NameServer = 194.54.90.226

    O17 - HKLM\System\CS1\Services\Tcpip\..\{8577AE3C-8681-44FC-BBC4-B365634F29F5}: NameServer = 194.54.90.226

    O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat

    O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)

    O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)

    O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

    O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\ZyXEL\G-302v2\tiwlnsvc.exe

    O23 - Service: Windows Media Connect Service (WMConnectCDS) - Unknown owner - C:\Program Files\Windows Media Connect 2\wmccds.exe (file missing)

    --

    End of file - 5256 bytes