Tech Support Forum - View Single Post - search-daily hijack

mmartin784 · 01-12-2008, 02:03 PM

In my earlier post I was unable to access the ActiveScan site. I have since gained access. Below is the report from ActiveScan. Please help!

Incident Status Location

Virus:Trj/Downloader.RDL Disinfected Operating system
Potentially unwanted tool:application/altnet Not disinfected c:\windows\smdat32a.sys
Potentially unwanted tool:application/bestoffer Not disinfected c:\windows\smdat32m.sys
Potentially unwanted tool:application/need2find Not disinfected c:\program files\Need2Find
Adware:adware/cydoor Not disinfected c:\windows\cdmxtras
Adware:adware/rxtoolbar Not disinfected Windows Registry
Potentially unwanted tool:Application/SpyDawn Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\Martin\LOCALS~1\Temp\av18EE.exe[SpyDawn.exe]
Spyware:Cookie/Ccbill Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\Martin\LOCALS~1\Temp\Cookies\martin@ccbill[2].txt
Potentially unwanted tool:Application/SpyDawn Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\Martin\LOCALS~1\Temp\laf18ED.tmp
Potentially unwanted tool:Application/P2PNetworking Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\Martin\LOCALS~1\Temp\p2psetup.exe
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\All Users\Application Data\SecTaskMan\arpl.exe.q_8042200_q
Virus:Trj/Downloader.MDW Disinfected C:\Documents and Settings\All Users\Application Data\SecTaskMan\hrum135.txt.q_8041800_q
Virus:Trj/Downloader.MDW Disinfected C:\Documents and Settings\All Users\Application Data\SecTaskMan\hrum135.txt.q_8041800_q.old
Adware:Adware/WinAntiVirus2007 Not disinfected C:\Documents and Settings\All Users\Application Data\SecTaskMan\printer.exe.q_8043A00_q
Adware:Adware/WinAntiVirus2007 Not disinfected C:\Documents and Settings\All Users\Application Data\SecTaskMan\WinAvXX.exe.q_8043A00_q
Virus:Trj/Downloader.OTR Disinfected C:\Documents and Settings\Martin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\java.class-42ed57a3-192a7163.class
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Martin\Cookies\martin@com[1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Martin\Desktop\ComboFix.exe[nircmd.com]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Martin\Desktop\ComboFix.exe[nircmd.cfexe]
Adware:Adware/Lop Not disinfected C:\Program Files\Common Files\Totem Shared\Update\Bpk.dll.131
Adware:Adware/IST Not disinfected C:\Program Files\Common Files\Totem Shared\Update\Distribution.dll.048
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\FavoriteLinks.dll.066
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\FreeSamples.dll.041
Adware:Adware/IST Not disinfected C:\Program Files\Common Files\Totem Shared\Update\Music.dll.023
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\Network.dll.062
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\System.dll.088
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\Update.dll.066
Adware:Adware/IST Not disinfected C:\Program Files\Common Files\Totem Shared\Update\Windows.dll.074
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\WindowsEx.dll.044
Possible Virus. Not disinfected C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\Setup.exe
Virus:Trj/Downloader.MDW Disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\append.dll.vir
Virus:Trj/Downloader.AEU Disinfected C:\WINDOWS\Downloaded Program Files\ied.inf
Virus:Trj/Downloader.AIB Disinfected C:\WINDOWS\Downloaded Program Files\start80.inf
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe
Virus:Trj/Downloader.RDL Disinfected C:\WINDOWS\SYSTEM32\AppCert\wnl32.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\arpl.exe
Adware:Adware/Adtomi Not disinfected C:\WINDOWS\SYSTEM32\cvz1.dll
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\SYSTEM32\hrum135.txt
Adware:Adware/WinAntiVirus2007 Not disinfected C:\WINDOWS\SYSTEM32\vtr135.dll

01-12-2008, 02:03 PM	#4 (permalink)
mmartin784 Registered User Join Date: Jan 2008 Posts: 23 OS: XP Home Edition 2002 service pack 1	Re: search-daily hijack In my earlier post I was unable to access the ActiveScan site. I have since gained access. Below is the report from ActiveScan. Please help! Incident Status Location Virus:Trj/Downloader.RDL Disinfected Operating system Potentially unwanted tool:application/altnet Not disinfected c:\windows\smdat32a.sys Potentially unwanted tool:application/bestoffer Not disinfected c:\windows\smdat32m.sys Potentially unwanted tool:application/need2find Not disinfected c:\program files\Need2Find Adware:adware/cydoor Not disinfected c:\windows\cdmxtras Adware:adware/rxtoolbar Not disinfected Windows Registry Potentially unwanted tool:Application/SpyDawn Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\Martin\LOCALS~1\Temp\av18EE.exe[SpyDawn.exe] Spyware:Cookie/Ccbill Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\Martin\LOCALS~1\Temp\Cookies\martin@ccbill[2].txt Potentially unwanted tool:Application/SpyDawn Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\Martin\LOCALS~1\Temp\laf18ED.tmp Potentially unwanted tool:Application/P2PNetworking Not disinfected C:\Deckard\System Scanner\backup\DOCUME~1\Martin\LOCALS~1\Temp\p2psetup.exe Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\All Users\Application Data\SecTaskMan\arpl.exe.q_8042200_q Virus:Trj/Downloader.MDW Disinfected C:\Documents and Settings\All Users\Application Data\SecTaskMan\hrum135.txt.q_8041800_q Virus:Trj/Downloader.MDW Disinfected C:\Documents and Settings\All Users\Application Data\SecTaskMan\hrum135.txt.q_8041800_q.old Adware:Adware/WinAntiVirus2007 Not disinfected C:\Documents and Settings\All Users\Application Data\SecTaskMan\printer.exe.q_8043A00_q Adware:Adware/WinAntiVirus2007 Not disinfected C:\Documents and Settings\All Users\Application Data\SecTaskMan\WinAvXX.exe.q_8043A00_q Virus:Trj/Downloader.OTR Disinfected C:\Documents and Settings\Martin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\java.class-42ed57a3-192a7163.class Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Martin\Cookies\martin@com[1].txt Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Martin\Desktop\ComboFix.exe[nircmd.com] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Martin\Desktop\ComboFix.exe[nircmd.cfexe] Adware:Adware/Lop Not disinfected C:\Program Files\Common Files\Totem Shared\Update\Bpk.dll.131 Adware:Adware/IST Not disinfected C:\Program Files\Common Files\Totem Shared\Update\Distribution.dll.048 Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\FavoriteLinks.dll.066 Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\FreeSamples.dll.041 Adware:Adware/IST Not disinfected C:\Program Files\Common Files\Totem Shared\Update\Music.dll.023 Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\Network.dll.062 Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\System.dll.088 Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\Update.dll.066 Adware:Adware/IST Not disinfected C:\Program Files\Common Files\Totem Shared\Update\Windows.dll.074 Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\WindowsEx.dll.044 Possible Virus. Not disinfected C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\Setup.exe Virus:Trj/Downloader.MDW Disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\append.dll.vir Virus:Trj/Downloader.AEU Disinfected C:\WINDOWS\Downloaded Program Files\ied.inf Virus:Trj/Downloader.AIB Disinfected C:\WINDOWS\Downloaded Program Files\start80.inf Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe Virus:Trj/Downloader.RDL Disinfected C:\WINDOWS\SYSTEM32\AppCert\wnl32.dll Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\arpl.exe Adware:Adware/Adtomi Not disinfected C:\WINDOWS\SYSTEM32\cvz1.dll Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\SYSTEM32\hrum135.txt Adware:Adware/WinAntiVirus2007 Not disinfected C:\WINDOWS\SYSTEM32\vtr135.dll