Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

Trojan + pop-ups help me!

This is a discussion on Trojan + pop-ups help me! within the Resolved HJT Threads forums, part of the Tech Support Forum category. Click Start>Control Panel>Add or Remove programs. Look for Panda ActiveScan in the list and click Remove. Try again, using the


 
 
Thread Tools Search this Thread
Old 09-13-2008, 09:06 PM   #21
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,338
OS: WinXP Home, Vista, Windows 7 64bit



Click Start>Control Panel>Add or Remove programs.

Look for Panda ActiveScan in the list and click Remove.


Try again, using the link I gave you in my previous post.

__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 09-13-2008, 09:10 PM   #22
Registered Member
 
Join Date: Sep 2008
Posts: 21
OS: xp sp3



Still not working... Let me try to restart my computer, give me a couple of minutes

__________________
klib_rt is offline  
Old 09-13-2008, 09:11 PM   #23
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,338
OS: WinXP Home, Vista, Windows 7 64bit



If it still won't work for you, try this link for Kaspersky http://www.kaspersky.com/virusscanner
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 09-13-2008, 09:25 PM   #24
Registered Member
 
Join Date: Sep 2008
Posts: 21
OS: xp sp3



Still doesn't work and this new kaspersky doesn't load either O_o

Well, I wanna go to sleep, so I'll work on this later :D
__________________
klib_rt is offline  
Old 09-15-2008, 10:38 AM   #25
Registered Member
 
Join Date: Sep 2008
Posts: 21
OS: xp sp3



Still not working... bump !

EDIT: I'm at school atm so when I get home, I'll scan my computer again with Avira to see if anything is wrong still...
__________________
klib_rt is offline  
Old 09-15-2008, 05:46 PM   #26
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,338
OS: WinXP Home, Vista, Windows 7 64bit



We'll try yet another online scanner. Please go here to run an online scannner from ESET.
  • Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure to set the options as follows:
  • Remove found threats is unticked,
  • Scan unwanted applications is checked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic and also let me know how things are now.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 09-16-2008, 07:14 PM   #27
Registered Member
 
Join Date: Sep 2008
Posts: 21
OS: xp sp3



I'm sorry it's taking so long... I did the scan last night, but my mom turned off the computer... so 1 more day :P
__________________
klib_rt is offline  
Old 09-16-2008, 08:28 PM   #28
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,338
OS: WinXP Home, Vista, Windows 7 64bit



Ok, I'll remain subscribed.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 09-17-2008, 03:56 PM   #29
Registered Member
 
Join Date: Sep 2008
Posts: 21
OS: xp sp3



FINALLY !!! :D

Here ya go.

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3447 (20080916)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=abe74b021b9a9d4e886b014601efd943
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-09-17 10:14:05
# local_time=2008-09-17 06:14:05 (-0500, Eastern Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=574154
# found=3
# scan_time=66173
C:\Documents and Settings\Owner.LEE\Desktop\Music\over my head sum41.mp3 WMA/TrojanDownloader.Wimad.N trojan 1A31AF52C42A4B385BFD1DC08CCDF7F2
C:\Documents and Settings\Owner.LEE\Local Settings\Application Data\Mozilla\Firefox\Profiles\vo9lq9p2.default\Cache\EE94540Ed01 Win32/Adware.PlayMP3Z application 2E1B0AA00847F943EDF939F91A66B63B
C:\RECYCLER\S-1-5-21-879948815-3651418651-1671562518-1006\Dc3.mp3 WMA/TrojanDownloader.Wimad.N trojan AE4E58959AFA1214D56E3A337DF988B8


Okies...
__________________
klib_rt is offline  
Old 09-17-2008, 04:35 PM   #30
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,338
OS: WinXP Home, Vista, Windows 7 64bit



After all that struggle, I'm afraid to say that I'm not satisfied with those results.


This next tool tends to be quite aggressive, so please be sure to configure it exactly as listed below. I do not want it to clean--for now, I only want to see a Report of what it finds.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and click 'Start' to run the express scan. This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, we need to change the default settings.
  • In the Menu Bar at the top, click 'Setting'>Change Settings.
  • Click on the Actions tab
  • Using the drop down menus, change each item under Objects and Malware to Report
  • Next, 'tick' Complete Scan.
  • Click the green arrow at the right, and the scan will start.
  • Click 'No to All' if it asks if you want to cure/move the file.
  • After the scan has completed, in the Dr.Web CureIt menu on top, click File and choose Save Report List
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Post the contents of the log from Dr.Web you saved previously in your next reply.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 09-18-2008, 03:45 AM   #31
Registered Member
 
Join Date: Sep 2008
Posts: 21
OS: xp sp3



Here...

List-C.bat;C:\ComboFix;Probably BATCH.Virus;;
psexec.cfexe;C:\ComboFix;Program.PsExec.171;;
setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2;Probably BACKDOOR.Trojan;;
inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3;Probably BACKDOOR.Trojan;;
ocpinst.exe\data529;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\ocpinst.exe;Probably BACKDOOR.Trojan;;
ocpinst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3;Archive contains infected objects;;
ComboFix.exe\327882R2FWJFW\List-C.bat;C:\Documents and Settings\Owner.LEE\Desktop\ComboFix.exe;Probably BATCH.Virus;;
ComboFix.exe\327882R2FWJFW\psexec.cfexe;C:\Documents and Settings\Owner.LEE\Desktop\ComboFix.exe;Program.PsExec.171;;
ComboFix.exe;C:\Documents and Settings\Owner.LEE\Desktop;Archive contains infected objects;;
over my head sum41.mp3;C:\Documents and Settings\Owner.LEE\Desktop\Music;Trojan.Click.18899;;
data002\data015;C:\Documents and Settings\Owner.LEE\Desktop\untitled\mirc631.exe\data002;Program.mIRC.623;;
data002;C:\Documents and Settings\Owner.LEE\Desktop\untitled\mirc631.exe;Archive contains infected objects;;
mirc631.exe;C:\Documents and Settings\Owner.LEE\Desktop\untitled;Archive contains infected objects;;
f_0002cc\FinalStory.exe;C:\Documents and Settings\Owner.LEE\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0002cc;Trojan.DownLoad.4265;;
f_0002cc;C:\Documents and Settings\Owner.LEE\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache;Archive contains infected objects;;
GTDownAO_106.ocx;C:\Program Files\Common Files\AolCoach\en_en;Adware.Gdown;;
mirc.chm\ctcp_events.htm;C:\Program Files\Gamers.IRC\mirc.chm;IRC.Generic.32;;
mirc.chm;C:\Program Files\Gamers.IRC;Archive contains infected objects;;
mirc.exe;C:\Program Files\Gamers.IRC;Program.mIRC.621;;
mirc.exe;C:\Program Files\mIRC;Program.mIRC.623;;
mirc.chm\ctcp_events.htm;C:\Program Files\mIRC\backups\mirc.chm;IRC.Generic.32;;
mirc.chm;C:\Program Files\mIRC\backups;Archive contains infected objects;;
mirc.exe;C:\Program Files\mIRC\backups;Program.mIRC.621;;
blphcpe6j0en39.scr.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Fakealert.1321;;
lphcpe6j0en39.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Packed.636;;
tdssserf.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Fakealert.1304;;
A0000024.bat;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP1;Probably BATCH.Virus;;
A0000042.scr;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP1;Trojan.Fakealert.1321;;
A0000056.dll;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP1;Trojan.Fakealert.1304;;
A0000057.exe;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP1;Trojan.Packed.636;;
A0000059.bat;C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP1;Probably BATCH.Virus;;
aolcinst.exe\core.cab\GTDOWNAO_106.ocx;D:\i386\Apps\App00577\comps\coach\aolcinst.exe;Adware.Gdown;;
aolcinst.exe;D:\i386\Apps\App00577\comps\coach;Archive contains infected objects;;
tssetup.exe\data002;D:\i386\Apps\App00577\comps\tpspd\tssetup.exe;Probably DLOADER.Trojan;;
tssetup.exe;D:\i386\Apps\App00577\comps\tpspd;Archive contains infected objects;;
__________________
klib_rt is offline  
Old 09-18-2008, 07:22 PM   #32
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,338
OS: WinXP Home, Vista, Windows 7 64bit



The only file that requires our attention is the following:

C:\Documents and Settings\Owner.LEE\Desktop\Music\over my head sum41.mp3

Please delete that file.

How is your system behaving?
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 09-20-2008, 04:43 PM   #33
Registered Member
 
Join Date: Sep 2008
Posts: 21
OS: xp sp3



Gah, sorry, I haven't checked my e-mail for a while. I did delete it... and I don't think anything has changed O_o....
__________________
klib_rt is offline  
Old 09-20-2008, 11:25 PM   #34
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,338
OS: WinXP Home, Vista, Windows 7 64bit



What issues remain, please describe in detail.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 09-21-2008, 08:21 AM   #35
Registered Member
 
Join Date: Sep 2008
Posts: 21
OS: xp sp3



I think I may have a different problem now... I keep getting pop-ups from my Avira that something in C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP1\A0000040.sys is BDS/Agent.roc.

All I did was deny it's access. It's been popping up every once in a while.
__________________
klib_rt is offline  
Old 09-21-2008, 12:16 PM   #36
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,338
OS: WinXP Home, Vista, Windows 7 64bit



If that is your only issue, it's of no concern. C:\System Volume Information\ is where System Restore's cache is stored. Whatever is in there can't harm you unless you choose to perform a manual restore. Nevertheless, we shall be resetting/clearing the cache shortly.


Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links:

The following procedure will clear out the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.

Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /u

--------------------------------------------------------------------


To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 4.0 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.
  • It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.

IESpyAD Zoned Out to block access to malicious websites so you cannot be redirected to them from an infected site or email. This severely impairs attempts to infect your system as it basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.


Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released.


In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?
Think Prevention


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically.

**Kindly respond one more time and let me know if we may consider this thread resolved.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 09-23-2008, 04:59 PM   #37
Registered Member
 
Join Date: Sep 2008
Posts: 21
OS: xp sp3



Alright, thanks for all your help! I'll be sure not to get another virus. :D
__________________
klib_rt is offline  
Old 09-23-2008, 06:53 PM   #38
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,338
OS: WinXP Home, Vista, Windows 7 64bit



You're welcome.

Surf safely!

__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 07:54 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts