ccsort.exe - malicious program? HELP!! - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 05-23-2004, 07:17 AM   #1 (permalink)
Newb Techie
 
Join Date: May 2004
Posts: 2
Question ccsort.exe - malicious program? HELP!!

I run Windows 2000 Professional. Ever since I installed Norton Antivirus 2003, a process called ccsort.exe pops up every few days and takes up a lot of CPU. Also it tries to, and succeeds, in establishing a lot of network connections. I monitor the CPU usage through Task Manager and the active connections through a freeware called Active Ports. Once this process ccsort.exe starts doing its thing, the PC becomes unresponsive. Please help. I could not find any information regarding ccsort.exe on the web. Does this affect all Norton Antivirus users or is it only me? I have tried uninstalling and reinstalling both Windows and Norton AV. Please suggest something. Thank you.
__________________

Olympus is offline  
Old 05-23-2004, 09:31 PM   #2 (permalink)
Ultra Techie
 
Join Date: Apr 2004
Posts: 617
Default

It looks to me like part of W32.HLLW.Gaobot.cl
the information i found on ccsort.exe was in another hijack log
which was nothing until i looked up the startup entry to that file
which i believe should say configuration loader

to make sure thats the case if you could

Please do this. Click here to download Hijack This. Save it to it’s own folder (not temporary files or the desktop).
Close all open windows and open HIJACK THIS. Click “Scan” . When the scan is finished (it only takes a second), the scan button will change to“Save Log”. Click on“Save Log” and save it to NotePad. Copy the entire log and paste it here.

DO NOT FIX ANYTHING YET , most items that appear in the log are harmless or even needed. Wait for someone to analyze the scan and advise


you probably have some other things to be fixed too


Lobos
__________________

__________________
AdAware | Spybot S&D 1.4 | spyware guard & spyware blaster |

How did I get infected in the first place By Tony Klein

If you use IE I suggest using thes two programs IE Hosts & IE-SPYAD


Lobos is offline  
Old 06-01-2004, 04:57 AM   #3 (permalink)
Newb Techie
 
Join Date: May 2004
Posts: 2
Default hijackThis log

__________________________________________________ _________________
LOG from hijackthis
__________________________________________________ _________________
Logfile of HijackThis v1.97.7
Scan saved at 1:06:48 AM, on 5/24/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
K:\WINDOWS\System32\smss.exe
K:\WINDOWS\system32\winlogon.exe
K:\WINDOWS\system32\services.exe
K:\WINDOWS\system32\lsass.exe
K:\WINDOWS\system32\svchost.exe
K:\WINDOWS\System32\svchost.exe
K:\WINDOWS\system32\spoolsv.exe
k:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
K:\WINDOWS\system32\ZONELABS\vsmon.exe
K:\WINDOWS\Explorer.EXE
k:\PROGRA~1\mcafee.com\vso\mcshield.exe
K:\WINDOWS\System32\hkcmd.exe
K:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
K:\PROGRA~1\mcafee.com\agent\mcagent.exe
k:\progra~1\mcafee.com\vso\mcvsescn.exe
K:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
K:\Program Files\Broadband Pacenet\Pacenet Dialer\PaceDial.exe
K:\Program Files\Crystal Internet Meter\cimeter.exe
K:\Program Files\FlashGet\flashget.exe
K:\Program Files\D-Tools\daemon.exe
K:\Program Files\oDC\oDC.exe
k:\progra~1\mcafee.com\vso\mcvsftsn.exe
K:\Program Files\Messenger\msmsgs.exe
K:\Program Files\Network Assistant\Nassi.exe
K:\Program Files\Mozilla Firefox\firefox.exe
K:\Program Files\Ahead\Nero\nero.exe
L:\hijackthis1977\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - K:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - K:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - K:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - K:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - k:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] K:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] K:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Configuration Loader] ccSort.exe
O4 - HKLM\..\Run: [VSOCheckTask] "k:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "k:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] k:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] K:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [McRegWiz] k:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [DAEMON Tools-1033] "K:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] K:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\RunServices: [Configuration Loader] ccSort.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = K:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O4 - Global Startup: Microsoft Office.lnk = K:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - K:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - K:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .spop: K:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/s...81/mcinsctl.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.c...8120.3963310185
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/s...,19/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C35717A-3C76-4DA0-8C9E-F0943B839561}: NameServer = 203.115.71.66 202.54.1.18
O17 - HKLM\System\CCS\Services\Tcpip\..\{63A9DA8B-6B17-481A-9129-B945FD6F05DC}: NameServer = 172.19.4.56

__________________________________________________ _______________
END OF LOG
__________________________________________________ _______________
Olympus is offline  
Old 06-01-2004, 06:23 AM   #4 (permalink)
Ultra Techie
 
Join Date: Apr 2004
Posts: 617
Default

Run hijack this put a check next to these close all browsers and hit fix

Make sure not to miss one

O4 - HKLM\..\Run: [Configuration Loader] ccSort.exe
O4 - HKLM\..\RunServices: [Configuration Loader] ccSort.exe
O4 - Global Startup: Microsoft Office.lnk = K:\Program Files\Microsoft Office\Office10\OSA.EXE

-----------------------------------------------------------------------------------------------------------------------------------
Open My Computer. Go to Tools, Folder Options and click on the View tab. Make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files". Now click"Apply to all folders"
Click "Apply" then "OK


reboot into safe mode

How to boot into safe mode

Delete

ccSort.exe

come back and post a fresh log


Lobos
__________________
AdAware | Spybot S&D 1.4 | spyware guard & spyware blaster |

How did I get infected in the first place By Tony Klein

If you use IE I suggest using thes two programs IE Hosts & IE-SPYAD


Lobos is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 12:55 PM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.