Tech Support Forum - View Single Post

sitokaja · 01-08-2006, 11:36 AM

sUBs,

First of all many thanks for replying so promptly. I have carried out all of your instructions, my PC now has the correct Internet user name and has thus far not been redirected to the filost site. I have pasted below a new HJT log as well as the Ewido & Kaspersky logs, kaspersky detected 3 infected objects and 2 viruses. Look forward to hearing from you with further instructions.

sitokaja

Logfile of HijackThis v1.99.1
Scan saved at 18:25:57, on 08/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\System32\SG2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\main\launchpd.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Documents and Settings\Me\My Documents\hijackthis\HijackThis.exe

--------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 14:15:15, 08/01/2006
+ Report-Checksum: D4BDCAE7

+ Scan result:

C:\WINDOWS\internt.exe -> Trojan.Dialer.of : Cleaned with backup

::Report End

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, January 08, 2006 18:24:41
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 8/01/2006
Kaspersky Anti-Virus database records: 169937
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 55998
Number of viruses found: 2
Number of infected objects: 3
Number of suspicious objects: 0
Duration of the scan process: 1705 sec

Infected Object Name - Virus Name
C:\System Volume Information\_restore{49AB783E-4ABF-464A-82F2-07C3A3732A55}\RP3\A0000345.exe Infected: Trojan.Win32.Dialer.of
C:\System Volume Information\_restore{49AB783E-4ABF-464A-82F2-07C3A3732A55}\RP3\A0000346.dll Infected: Trojan-Clicker.Win32.Agent.ac
C:\System Volume Information\_restore{49AB783E-4ABF-464A-82F2-07C3A3732A55}\RP3\A0000363.exe Infected: Trojan.Win32.Dialer.of

Scan process completed.

01-08-2006, 11:36 AM	#3 (permalink)
sitokaja Registered User Join Date: Jan 2006 Posts: 12 OS: XP Home	sUBs, First of all many thanks for replying so promptly. I have carried out all of your instructions, my PC now has the correct Internet user name and has thus far not been redirected to the filost site. I have pasted below a new HJT log as well as the Ewido & Kaspersky logs, kaspersky detected 3 infected objects and 2 viruses. Look forward to hearing from you with further instructions. sitokaja Logfile of HijackThis v1.99.1 Scan saved at 18:25:57, on 08/01/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Executive Software\DiskeeperLite\DKService.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe C:\WINDOWS\system32\ScsiAccess.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\sstray.exe C:\WINDOWS\System32\SG2.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Multimedia\main\launchpd.exe C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Grisoft\AVG Free\avgcc.exe C:\Documents and Settings\Me\My Documents\hijackthis\HijackThis.exe -------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 14:15:15, 08/01/2006 + Report-Checksum: D4BDCAE7 + Scan result: C:\WINDOWS\internt.exe -> Trojan.Dialer.of : Cleaned with backup ::Report End ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Sunday, January 08, 2006 18:24:41 Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.67.0 Kaspersky Anti-Virus database last update: 8/01/2006 Kaspersky Anti-Virus database records: 169937 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 55998 Number of viruses found: 2 Number of infected objects: 3 Number of suspicious objects: 0 Duration of the scan process: 1705 sec Infected Object Name - Virus Name C:\System Volume Information\_restore{49AB783E-4ABF-464A-82F2-07C3A3732A55}\RP3\A0000345.exe Infected: Trojan.Win32.Dialer.of C:\System Volume Information\_restore{49AB783E-4ABF-464A-82F2-07C3A3732A55}\RP3\A0000346.dll Infected: Trojan-Clicker.Win32.Agent.ac C:\System Volume Information\_restore{49AB783E-4ABF-464A-82F2-07C3A3732A55}\RP3\A0000363.exe Infected: Trojan.Win32.Dialer.of Scan process completed.