Trojan Horse Small.BOG? Attacked my iTunes

View previous topic View next topic Go down

Trojan Horse Small.BOG? Attacked my iTunes

Post by jtlk21 on 25th July 2009, 12:10 am

ADMIN EDIT

There seems to be a recent glitch in AVG where it detects iTunes as a Trojan Horse Small.BOG variant.

To workaround your problem, follow the steps I posted here:

[You must be registered and logged in to see this link.]





I can't open iTunes or view any of my mp3s. I also can't download any programs from the internet. Something is blocking the downloads. Thanks in advance. I'm running Windows XP 64 Bit.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:05:54 PM, on 7/24/2009
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
I:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
I:\Program Files (x86)\Bonjour\mDNSResponder.exe
I:\Program Files (x86)\Java\jre6\bin\jqs.exe
I:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
I:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
I:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
I:\windows\system32\java.exe
I:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
I:\PROGRA~2\AVG\AVG8\avgemc.exe
I:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
I:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe
I:\windows\SysWOW64\ctfmon.exe
I:\windows\RTHDCPL.EXE
I:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
I:\PROGRA~2\AVG\AVG8\avgtray.exe
I:\Program Files (x86)\Java\jre6\bin\jusched.exe
I:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
I:\Program Files (x86)\Mozilla Firefox\firefox.exe
I:\Program Files (x86)\AVG\AVG8\avgui.exe
I:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe
I:\Documents and Settings\Administrator\Application Data\U3\0000060410077410\LaunchPad.exe
I:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - I:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
F2 - REG:system.ini: UserInit=userinit
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - I:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - I:\Program Files (x86)\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - I:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - I:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - I:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - I:\Program Files (x86)\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [StartCCC] "I:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [EasyTuneVPro] "I:\Program Files (x86)\Gigabyte\ET5Pro\ETcall.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] I:\PROGRA~2\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "I:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] I:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] I:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Windows Search.lnk = I:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - I:\Program Files (x86)\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: [You must be registered and logged in to see this link.]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - I:\Program Files (x86)\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - I:\windows\
O23 - Service: Ati HotKey Poller - Unknown owner - I:\windows\system32\Ati2evxx.exe (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - I:\PROGRA~2\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - I:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - I:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - I:\windows\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - I:\windows\system32\services.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - I:\windows\System32\lsass.exe (file missing)
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Unknown owner - I:\WINDOWS\SysWOW64\IcdSptSv.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - I:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - I:\Program Files (x86)\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - I:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - I:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - I:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - I:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Net Logon (Netlogon) - Unknown owner - I:\windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - I:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - I:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - I:\windows\system32\lsass.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - I:\windows\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - I:\windows\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - I:\windows\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - I:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - I:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - I:\windows\system32\lsass.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - I:\windows\System32\vds.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - I:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - I:\windows\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - I:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
O23 - Service: Windows Search (WSearch) - Unknown owner - I:\windows\system32\SearchIndexer.exe (file missing)

jtlk21
Beginner
Beginner

Posts Posts : 1
Joined Joined : 2009-07-24
OS OS : Windox XP 64 Bit
Points Points : 26963
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Horse Small.BOG? Attacked my iTunes

Post by laika284 on 25th July 2009, 1:16 am

First off, PLEASE do wait for the GeekPolice experts to give their input, as is the rule.

However, I got this problem earlier as well. Through a Google search, I found that it seems to be affecting many many others (everyone else maybe?) who is using iTunes and AVG.

[You must be registered and logged in to see this link.]

From what I can tell, it seems like a false positive, but again, please do wait for the GeekPolice experts to look at your log and listen to their input. I'm just showing you, and them if they haven't seen yet, that it seems to be a false positive in AVG's newest definitions.

laika284
Novice
Novice

Posts Posts : 29
Joined Joined : 2009-06-16
OS OS : Windows XP
Points Points : 27373
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Horse Small.BOG? Attacked my iTunes

Post by Doctor Inferno on 25th July 2009, 2:52 am

There seems to be a recent glitch in AVG where it detects iTunes as a Trojan Horse Small.BOG variant.

To workaround your problem, follow the steps I posted here:

[You must be registered and logged in to see this link.]


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 11976
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104640
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Horse Small.BOG? Attacked my iTunes

Post by KrazieKleo on 25th July 2009, 4:48 am

AVG seems to have fixed the problem. I just updated my AVG and reinstalled iTunes and it works perfectly again.

Thanks GP! Big Grin

KrazieKleo
Novice
Novice

Posts Posts : 13
Joined Joined : 2009-07-25
OS OS : XP
Points Points : 26969
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan Horse Small.BOG? Attacked my iTunes

Post by Doctor Inferno on 25th July 2009, 4:55 am

AVG has removed iTunes as a trojan from their databases, thanks for informing us KrazieKleo. Smile


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 11976
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104640
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum