Thread: Trojan.Vundo C:\windows\system32\vtstr.dll
View Single Post
Old 12-06-2005, 08:29 PM   #13 (permalink)
Uffan104
Registered User
 
Join Date: Jul 2005
Posts: 22
OS: win xp


Next step
Hey

Here is the Antispyware log

Quote:
Started Scanning
Internet Cookies
Found 'landing.domainsponsor.com' in 'Internet Explorer Cache'
Found 'questionmarket.com' in 'Internet Explorer Cache'
Found 'revenue.net' in 'Internet Explorer Cache'
Found 'realmedia.com' in 'Internet Explorer Cache'
Found 'tribalfusion.com' in 'Internet Explorer Cache'
Found 'bluestreak.com' in 'Internet Explorer Cache'
Found 'z1.adserver.com' in 'Internet Explorer Cache'
Found 'media.adrevolver.com' in 'Internet Explorer Cache'
Found 'adopt.specificclick.net' in 'Internet Explorer Cache'
Found 'media.adrevolver.com' in 'Internet Explorer Cache'
Found 'casalemedia.com' in 'Internet Explorer Cache'
Found 'adknowledge.com' in 'Internet Explorer Cache'
Found 'atwola.com' in 'Internet Explorer Cache'
Found 'go.com' in 'Internet Explorer Cache'
Found 'citi.bridgetrack.com' in 'Internet Explorer Cache'
Found 'ad.yieldmanager.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Found '' in 'SOFTWARE\LimeWire'
Found '' in 'SOFTWARE\Magnet'
Found '' in 'SOFTWARE\Classes\magnet'
Found '' in 'SOFTWARE\Classes\magnet\shell\open\command'
Found '' in 'SOFTWARE\Classes\NN_Bar_Dummy.NN_BarDummy'
Found '' in 'SOFTWARE\Classes\NN_Bar_Dummy.NN_BarDummy.1'
Found '' in 'SOFTWARE\Classes\NN_Bar_Dummy.NN_BarDummy.1\CLSID'
Found '' in 'SOFTWARE\Classes\NN_Bar_Dummy.NN_BarDummy\CLSID'
Found '' in 'SOFTWARE\Classes\NN_Bar_Dummy.NN_BarDummy\CurVer'
Found '' in 'SOFTWARE\Classes\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0'
Found '' in 'SOFTWARE\Classes\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\0\win32'
Found '' in 'SOFTWARE\Classes\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\HELPDIR'
Found '' in 'SOFTWARE\Classes\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}\1.0'
Found '' in 'SOFTWARE\Classes\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}\1.0\0\win32'
Found '' in 'SOFTWARE\Classes\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}\1.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}\1.0\HELPDIR'
Found '' in 'Software\Netsetter\OSSProxy\Settings'
Found '' in 'Software\VB and VBA Program Settings\AdDestroyer\Settings'
Found '' in 'Software\VB and VBA Program Settings\VBouncer\Settings'
Found '' in 'SOFTWARE\Classes\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}'
Found '' in 'SOFTWARE\Classes\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\VERSION'
Found 'ThreadingModel' in 'SOFTWARE\Classes\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\InprocServer32'
Found 'Name' in 'Software\Netsetter\OSSProxy\Settings'
Found 'URL Protocol' in 'SOFTWARE\Classes\magnet'
Found '' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Found 'InDate' in 'Software\VB and VBA Program Settings\AdDestroyer\Settings'
Found 'SearchAssistant' in 'SOFTWARE\Microsoft\Internet Explorer\Search'
Found '' in 'Software\Netsetter'
Found '' in 'SOFTWARE\Classes\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}\1.0\0'
Found '' in 'SOFTWARE\Classes\TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}'
Found '' in 'SOFTWARE\Classes\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\0'
Found '' in 'SOFTWARE\Classes\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}'
Found '' in 'SOFTWARE\Classes\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}'
Found '' in 'SOFTWARE\Classes\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}'
Found '' in 'SOFTWARE\Classes\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}'
Found '' in 'SOFTWARE\Classes\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}'
Found '{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}' in 'Software\Microsoft\Internet Explorer\Toolbar\WebBrowser'
Found '' in 'NN_Bar_Dummy.NN_BarDummy.1'
Found '' in 'NN_Bar_Dummy.NN_BarDummy'
Found '' in 'Interface\{224302B0-94E9-45C2-9E5B-BA989EE556E1}'
Found '' in 'TypeLib\{F8310E7D-4C4D-46A4-A068-B5BB99411CC7}'
Found '' in 'TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}'
Found '' in 'Interface\{1037B06C-84B7-4240-8D80-485810A0497D}'
Found '' in 'Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}'
Found '' in 'Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}'
Internet URL Shortcuts
Files and Directories
Found 'creditcard32123123123asdsa123.ico' in 'C:\WINDOWS\system32'
Found 'wnsapitr.exe' in 'C:\WINDOWS\system32'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Checking for 'C:\WINDOWS\system32\creditcard32123123123asdsa123.ico' in shortcut areas.
Checking for 'C:\WINDOWS\system32\creditcard32123123123asdsa123.ico' in startup areas.
Cleaning 'C:\WINDOWS\system32\creditcard32123123123asdsa123.ico'
Checking for 'C:\WINDOWS\system32\wnsapitr.exe' in shortcut areas.
Checking for 'C:\WINDOWS\system32\wnsapitr.exe' in startup areas.
Cleaning 'C:\WINDOWS\system32\wnsapitr.exe'
Finished Cleaning

I didnt know how to copy and past the trendmicro second log

but all it had was profiling cookie 1 count, atuda count 1 , and go.com 1 count

I cleaned them out


My comp is running much better.


What programs should i download to protect my comp from future malware and viruses


thanks, Nick
Uffan104 is offline