ccsort.exe - malicious program? HELP!!

Status
Not open for further replies.
O

Olympus

Beta member
Messages
2
I run Windows 2000 Professional. Ever since I installed Norton Antivirus 2003, a process called ccsort.exe pops up every few days and takes up a lot of CPU. Also it tries to, and succeeds, in establishing a lot of network connections. I monitor the CPU usage through Task Manager and the active connections through a freeware called Active Ports. Once this process ccsort.exe starts doing its thing, the PC becomes unresponsive. Please help. I could not find any information regarding ccsort.exe on the web. Does this affect all Norton Antivirus users or is it only me? I have tried uninstalling and reinstalling both Windows and Norton AV. Please suggest something. Thank you.
 
It looks to me like part of W32.HLLW.Gaobot.cl
the information i found on ccsort.exe was in another hijack log
which was nothing until i looked up the startup entry to that file
which i believe should say configuration loader

to make sure thats the case if you could

Please do this. Click here to download Hijack This. Save it to itÂ’s own folder (not temporary files or the desktop).
Close all open windows and open HIJACK THIS. Click “Scan” . When the scan is finished (it only takes a second), the scan button will change to“Save Log”. Click on“Save Log” and save it to NotePad. Copy the entire log and paste it here.

DO NOT FIX ANYTHING YET , most items that appear in the log are harmless or even needed. Wait for someone to analyze the scan and advise


you probably have some other things to be fixed too


Lobos
 
hijackThis log

___________________________________________________________________
LOG from hijackthis
___________________________________________________________________
Logfile of HijackThis v1.97.7
Scan saved at 1:06:48 AM, on 5/24/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
K:\WINDOWS\System32\smss.exe
K:\WINDOWS\system32\winlogon.exe
K:\WINDOWS\system32\services.exe
K:\WINDOWS\system32\lsass.exe
K:\WINDOWS\system32\svchost.exe
K:\WINDOWS\System32\svchost.exe
K:\WINDOWS\system32\spoolsv.exe
k:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
K:\WINDOWS\system32\ZONELABS\vsmon.exe
K:\WINDOWS\Explorer.EXE
k:\PROGRA~1\mcafee.com\vso\mcshield.exe
K:\WINDOWS\System32\hkcmd.exe
K:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
K:\PROGRA~1\mcafee.com\agent\mcagent.exe
k:\progra~1\mcafee.com\vso\mcvsescn.exe
K:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
K:\Program Files\Broadband Pacenet\Pacenet Dialer\PaceDial.exe
K:\Program Files\Crystal Internet Meter\cimeter.exe
K:\Program Files\FlashGet\flashget.exe
K:\Program Files\D-Tools\daemon.exe
K:\Program Files\oDC\oDC.exe
k:\progra~1\mcafee.com\vso\mcvsftsn.exe
K:\Program Files\Messenger\msmsgs.exe
K:\Program Files\Network Assistant\Nassi.exe
K:\Program Files\Mozilla Firefox\firefox.exe
K:\Program Files\Ahead\Nero\nero.exe
L:\hijackthis1977\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - K:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - K:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - K:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - K:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - k:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] K:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] K:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Configuration Loader] ccSort.exe
O4 - HKLM\..\Run: [VSOCheckTask] "k:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "k:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] k:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] K:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [McRegWiz] k:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [DAEMON Tools-1033] "K:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] K:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\RunServices: [Configuration Loader] ccSort.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = K:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O4 - Global Startup: Microsoft Office.lnk = K:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - K:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - K:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .spop: K:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/s...81/mcinsctl.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.c...8120.3963310185
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/s...,19/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C35717A-3C76-4DA0-8C9E-F0943B839561}: NameServer = 203.115.71.66 202.54.1.18
O17 - HKLM\System\CCS\Services\Tcpip\..\{63A9DA8B-6B17-481A-9129-B945FD6F05DC}: NameServer = 172.19.4.56

_________________________________________________________________
END OF LOG
_________________________________________________________________
 
Run hijack this put a check next to these close all browsers and hit fix

Make sure not to miss one

O4 - HKLM\..\Run: [Configuration Loader] ccSort.exe
O4 - HKLM\..\RunServices: [Configuration Loader] ccSort.exe
O4 - Global Startup: Microsoft Office.lnk = K:\Program Files\Microsoft Office\Office10\OSA.EXE

-----------------------------------------------------------------------------------------------------------------------------------
Open My Computer. Go to Tools, Folder Options and click on the View tab. Make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files". Now click"Apply to all folders"
Click "Apply" then "OK


reboot into safe mode

How to boot into safe mode

Delete

ccSort.exe

come back and post a fresh log


Lobos
 
Status
Not open for further replies.

Similar threads

P
ComboFix Replacement
Replies
5
Views
517
PC_Cone
P
H
My battle with WPSpamAIBot1gpt
Replies
3
Views
777
hamsheena
H
A
Microsoft Outlook 2021 Does Not Install Important Add-In Tool Anymore - Please Help
Replies
0
Views
1K
Azam.biz
A
J
Wireshark - No SYN but lots of ACK
Replies
0
Views
1K
Jaydaley123
J
R
Vpn apps keep breaking my internet
Replies
1
Views
882
Scissorman
S
Back
Top Bottom