Thread: False Security Alerts (pop-ups) for alleged "Sinowal.Trojan"; suspicious links
View Single Post
Old 12-06-2008, 07:47 PM   #8 (permalink)
sUBs
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,500
OS: N/A


Re: False Security Alerts (pop-ups) for alleged "Sinowal.Trojan"; suspicious links
Looks correct. Strange that it didnt run as planned.
Let's give it another go. This one is slightly different


Open NOTEPAD and copy/paste the text in the quotebox below into it:

Code:
http://www.techsupportforum.com/security-center/hijackthis-log-help/320337-false-security-alerts-pop-ups-alleged-sinowal-trojan-suspicious-links.html
AWF::
C:\program files\Adobe\Photoshop Elements 5.0\bak\apdproxy.exe
C:\program files\Analog Devices\Core\bak\smax4pnp.exe
C:\program files\Analog Devices\SoundMAX\bak\Smax4.exe
C:\program files\ATI Technologies\ATI.ACE\bak\CLIStart.exe
C:\program files\Canon\MyPrinter\bak\BJMyPrt.exe
C:\program files\Common Files\InstallShield\UpdateService\bak\issch.exe
C:\program files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe
C:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\bak\SSBkgdupdate.exe
C:\program files\Java\jre1.5.0_06\bin\bak\jusched.exe
C:\program files\Lenovo\Client Security Solution\bak\cssauth.exe
C:\program files\Lenovo\PkgMgr\HOTKEY\bak\TPHKMGR.exe
C:\program files\Lenovo\SafeGuard PrivateDisk\bak\pdservice.exe
C:\program files\ScanSoft\OmniPageSE4.0\bak\OpwareSE4.exe
C:\program files\Synaptics\SynTP\bak\SynTPEnh.exe
C:\program files\Synaptics\SynTP\bak\SynTPLpr.exe
C:\program files\ThinkPad\Utilities\bak\TpKmapAp.exe
C:\windows\system32\DLA\bak\DLACTRLW.EXE
Folder::
C:\program files\Common Files\Adobe\Updater5\bak
C:\program files\Common Files\Lenovo\Scheduler\bak
C:\program files\Common Files\Symantec Shared\bak
C:\program files\iTunes\bak
C:\program files\Microsoft Office\Office12\bak
C:\program files\QuickTime\bak
C:\program files\Symantec AntiVirus\bak
C:\program files\ThinkPad\Utilities\bak
C:\program files\ThinkVantage Fingerprint Software\bak
C:\program files\ThinkVantage\PrdCtr\bak
C:\program files\Tunebite\bak
Collect::
c:\documents and settings\jaddison\Application Data\Google\ggqjh22510678.exe
FILE::
C:\WINDOWS\crazaa.exe
C:\WINDOWS\system32\mi2.exe
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06840000\4FBC4609.VBN
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B900000.VBN
Save this as "CFScript"





Referring to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Additonally, ComboFix will generate a zipped file at C:\Qoobox\Quarantine\[4]Submit@Date_Time.zip
Please submit this file to http://www.bleepingcomputer.com/subm....php?channel=4
sUBs is offline