Tech Support Forum - View Single Post - Found a ton of Spyware, can't get rid of one on my own

oblio98 · 08-19-2005, 04:35 PM

Bob,

Again. Thanks a bunch. Well, I did everything as you asked, and it looks like there are still a few buggers on the PC. It's odd, when I plug in the network cable (from the cable modem to the PC), it almost acts like there is a program downloading stuff from somewhere, as the IE window takes for ever to open, and the PC becomes very sluggish. I am not sure if this is just NIS/NAV going out for a Live Update, or something else. Like I said, this is not my PC, so I have no reference as to what it is like "normally".

I am just an uncle who is stuck with solving this problem.

Anyway, here are the logs you requested:

Fit It Log:

Microsoft Windows XP [Version 5.1.2600]
The current date is: Fri 08/19/2005
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»»»»»»»»»»»»»»»»»»»»» Todo Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»»»»»»»»» aurora Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»»»»»»»»» Suspect's »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Dont delete file's in the section without guidance
If any doubt back them up first

* UPX! C:\WINDOWS\ICONT.EXE

»»»»» lagitamate file's can/will show in this section.

»»»»»»»»»»»»»»»»»»»»»»»» Buddy file's »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»»»»»»»»» SAHAgent Files found »»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»»»»»»»»» Misc checks »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

»»»»» Check for Windows\SYSTEM32\cache32_rtneg* folder.

Volume in drive C has no label.
Volume Serial Number is 2C81-6BA4

Directory of C:\WINDOWS\SYSTEM32

»»»»» Checking for SAHAgent ico files.
Volume in drive C has no label.
Volume Serial Number is 2C81-6BA4

Directory of C:\WINDOWS\system32

08/19/2005 01:00 AM 1,406 AddQuit.ico
08/19/2005 01:00 AM 9,470 Desktop.ico
08/19/2005 01:00 AM 1,406 Help.ico
08/19/2005 01:00 AM 5,350 IE.ico
12/07/2001 01:40 PM 22,486 LRNXP.ICO
08/19/2005 01:00 AM 1,718 Open.ico
08/19/2005 01:00 AM 1,718 Quick.ico
08/19/2005 01:00 AM 2,550 Uninstall.ico
8 File(s) 46,104 bytes
0 Dir(s) 22,588,383,232 bytes free

»»»»»»»»»»»»»»»»»»»»»»»».

rkfiles log:

C:\jon\rkfiles

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............
------------------------
C:\WINDOWS\SYSTEM32\DFRG.MSC: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213

Files Found in all users startup Folder............
------------------------
Files Found in all users windows Folder............
------------------------
C:\WINDOWS\icont.exe: UPX!
Finished
bye

Panda Scan:

Incident Status Location

Spyware:spyware/whazit No disinfected C:\WINDOWS\SYSTEM32\kyf.dat
Adware:adware/cws No disinfected C:\DOCUMENTS AND SETTINGS\KRISTIN\FAVORITES\Living
Adware:adware/savenow No disinfected Windows Registry
Security Risk:Application/ProcessorNo disinfected C:\Documents and Settings\Kristin\Desktop\l2mfix.exe[Process.exe]
Security Risk:Application/ProcessorNo disinfected C:\HiJack This\l2mfix\l2mfix\Process.exe
WHAT NEXT?????

08-19-2005, 04:35 PM	#6 (permalink)
oblio98 Registered User Join Date: Sep 2003 Location: CT Posts: 70 OS: Vista Ultimate	Bob, Again. Thanks a bunch. Well, I did everything as you asked, and it looks like there are still a few buggers on the PC. It's odd, when I plug in the network cable (from the cable modem to the PC), it almost acts like there is a program downloading stuff from somewhere, as the IE window takes for ever to open, and the PC becomes very sluggish. I am not sure if this is just NIS/NAV going out for a Live Update, or something else. Like I said, this is not my PC, so I have no reference as to what it is like "normally". I am just an uncle who is stuck with solving this problem. Anyway, here are the logs you requested: Fit It Log: Microsoft Windows XP [Version 5.1.2600] The current date is: Fri 08/19/2005 PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. »»»»»»»»»»»»»»»»»»»»»»»» Todo Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»» aurora Files found »»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»» Suspect's »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Dont delete file's in the section without guidance If any doubt back them up first * UPX! C:\WINDOWS\ICONT.EXE »»»»» lagitamate file's can/will show in this section. »»»»»»»»»»»»»»»»»»»»»»»» Buddy file's »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»» SAHAgent Files found »»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»» Misc checks »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»» Check for Windows\SYSTEM32\cache32_rtneg* folder. Volume in drive C has no label. Volume Serial Number is 2C81-6BA4 Directory of C:\WINDOWS\SYSTEM32 »»»»» Checking for SAHAgent ico files. Volume in drive C has no label. Volume Serial Number is 2C81-6BA4 Directory of C:\WINDOWS\system32 08/19/2005 01:00 AM 1,406 AddQuit.ico 08/19/2005 01:00 AM 9,470 Desktop.ico 08/19/2005 01:00 AM 1,406 Help.ico 08/19/2005 01:00 AM 5,350 IE.ico 12/07/2001 01:40 PM 22,486 LRNXP.ICO 08/19/2005 01:00 AM 1,718 Open.ico 08/19/2005 01:00 AM 1,718 Quick.ico 08/19/2005 01:00 AM 2,550 Uninstall.ico 8 File(s) 46,104 bytes 0 Dir(s) 22,588,383,232 bytes free »»»»»»»»»»»»»»»»»»»»»»»». rkfiles log: C:\jon\rkfiles PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. Files Found in system Folder............ ------------------------ C:\WINDOWS\SYSTEM32\DFRG.MSC: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213 Files Found in all users startup Folder............ ------------------------ Files Found in all users windows Folder............ ------------------------ C:\WINDOWS\icont.exe: UPX! Finished bye Panda Scan: Incident Status Location Spyware:spyware/whazit No disinfected C:\WINDOWS\SYSTEM32\kyf.dat Adware:adware/cws No disinfected C:\DOCUMENTS AND SETTINGS\KRISTIN\FAVORITES\Living Adware:adware/savenow No disinfected Windows Registry Security Risk:Application/ProcessorNo disinfected C:\Documents and Settings\Kristin\Desktop\l2mfix.exe[Process.exe] Security Risk:Application/ProcessorNo disinfected C:\HiJack This\l2mfix\l2mfix\Process.exe WHAT NEXT?????