Tech Support Forum - View Single Post - ad.yieldmanager pop-ups

ellie_willis · 08-06-2006, 02:40 PM

Hello. Thanks again for your quick reply.

Log from GMER:
GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-08-06 20:13:34
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.10 ----

Code \SystemRoot\system32\DRIVERS\css-dvp.sys ZwClose
Code \SystemRoot\system32\DRIVERS\css-dvp.sys ZwCreateSection
Code \SystemRoot\system32\DRIVERS\css-dvp.sys ZwSetInformationFile
Code \SystemRoot\system32\DRIVERS\css-dvp.sys ZwWriteFile

---- Files - GMER 1.0.10 ----

File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File C:\System Volume Information\_restore{672B6422-9049-4679-AD0C-8379A27EB35A}

---- EOF - GMER 1.0.10 ----

fsbl-20060806191445 log:
08/06/06 20:14:45 [Info]: BlackLight Engine 1.0.42 initialized
08/06/06 20:14:45 [Info]: OS: 5.1 build 2600 (Service Pack 2)
08/06/06 20:14:46 [Note]: 7019 4
08/06/06 20:14:46 [Note]: 7005 0
08/06/06 20:15:19 [Note]: 7006 0
08/06/06 20:15:19 [Note]: 7011 1532
08/06/06 20:15:19 [Note]: 7026 0
08/06/06 20:15:19 [Note]: 7026 0
08/06/06 20:15:33 [Note]: FSRAW library version 1.7.1019
08/06/06 20:20:51 [Note]: 7007 0
End of log.

Report from F-Secure:
Scanning Report
Sunday, August 06, 2006 20:42:55 - 21:36:44

Computer name: BESTMAKE
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\
Result: 5 malware found
Tracking Cookie (spyware)

* System (Disinfected)
* System
* System
* System

W32/Malware (virus)

* C:\PROGRAM FILES\NTL\BROADBAND MEDIC\BIN\DISAD.EXE

Statistics
Scanned:

* Files: 28478
* System: 4432
* Not scanned: 3

Actions:

* Disinfected: 1
* Renamed: 0
* Deleted: 0
* None: 4
* Submitted: 0

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

Options
Scanning engines:

* F-Secure AVP: 6.0.171, 2006-08-04
* F-Secure Libra: 2.4.1, 2006-08-02
* F-Secure Blacklight: 1.0.31, 0000-00-00
* F-Secure Orion: 1.2.37, 2006-08-04
* F-Secure Pegasus: 1.19.0, 2006-06-05
* F-Secure Draco: 1.0.35, 0259-24-212

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
* Use Advanced heuristics
End of report.

Thankyou.

08-06-2006, 02:40 PM	#13 (permalink)
ellie_willis Registered User Join Date: Jul 2006 Posts: 9 OS: WinXP	Hello. Thanks again for your quick reply. Log from GMER: GMER 1.0.10.10122 - http://www.gmer.net Rootkit 2006-08-06 20:13:34 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.10 ---- Code \SystemRoot\system32\DRIVERS\css-dvp.sys ZwClose Code \SystemRoot\system32\DRIVERS\css-dvp.sys ZwCreateSection Code \SystemRoot\system32\DRIVERS\css-dvp.sys ZwSetInformationFile Code \SystemRoot\system32\DRIVERS\css-dvp.sys ZwWriteFile ---- Files - GMER 1.0.10 ---- File C:\System Volume Information\MountPointManagerRemoteDatabase File C:\System Volume Information\tracking.log File C:\System Volume Information\_restore{672B6422-9049-4679-AD0C-8379A27EB35A} ---- EOF - GMER 1.0.10 ---- fsbl-20060806191445 log: 08/06/06 20:14:45 [Info]: BlackLight Engine 1.0.42 initialized 08/06/06 20:14:45 [Info]: OS: 5.1 build 2600 (Service Pack 2) 08/06/06 20:14:46 [Note]: 7019 4 08/06/06 20:14:46 [Note]: 7005 0 08/06/06 20:15:19 [Note]: 7006 0 08/06/06 20:15:19 [Note]: 7011 1532 08/06/06 20:15:19 [Note]: 7026 0 08/06/06 20:15:19 [Note]: 7026 0 08/06/06 20:15:33 [Note]: FSRAW library version 1.7.1019 08/06/06 20:20:51 [Note]: 7007 0 End of log. Report from F-Secure: Scanning Report Sunday, August 06, 2006 20:42:55 - 21:36:44 Computer name: BESTMAKE Scanning type: Scan system for viruses, rootkits, spyware Target: C:\ Result: 5 malware found Tracking Cookie (spyware) * System (Disinfected) * System * System * System W32/Malware (virus) * C:\PROGRAM FILES\NTL\BROADBAND MEDIC\BIN\DISAD.EXE Statistics Scanned: * Files: 28478 * System: 4432 * Not scanned: 3 Actions: * Disinfected: 1 * Renamed: 0 * Deleted: 0 * None: 4 * Submitted: 0 Files not scanned: * C:\HIBERFIL.SYS * C:\PAGEFILE.SYS * C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Options Scanning engines: * F-Secure AVP: 6.0.171, 2006-08-04 * F-Secure Libra: 2.4.1, 2006-08-02 * F-Secure Blacklight: 1.0.31, 0000-00-00 * F-Secure Orion: 1.2.37, 2006-08-04 * F-Secure Pegasus: 1.19.0, 2006-06-05 * F-Secure Draco: 1.0.35, 0259-24-212 Scanning options: * Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX * Use Advanced heuristics End of report. Thankyou.