Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Bias Name.exe
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 11-30-2005, 07:54 PM   #1 (permalink)
Registered User
 
Join Date: Nov 2005
Posts: 7
OS: XP


Bias Name.exe
I have kept viruses and adware off my computer for about 2 years now and most of the ones I do get I can get rid of easily. However, I just recently started to get this error message and I have tried all of my basic techniques to get rid of it, but so far I have had no luck. I was wondering if anyone here knew what this was or how to get rid of it. Thanks for your help.
-Hikari No Kenkaku
P.S. It pops up every 2 minutes, here is a picture of it.
Last edited by HikariNoKenkaku; 11-30-2005 at 08:10 PM.
HikariNoKenkaku is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 11-30-2005, 08:56 PM   #2 (permalink)
Analyst, Security Team
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP


Sounds like a LOP infection. Drag the error message to the edge of the screen without choosing either option. This will usually prevent the message from occurring again and interfering with the programs you will need to run.

Please read and follow the process outlined here.

Then download Findlop by Metallica. Unzip it to your desktop.
Double click findlop.bat. It will open a notepad file.
Copy the content of that file and past it here in your reply.
Vikesrock8411 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-30-2005, 10:29 PM   #3 (permalink)
Registered User
 
Join Date: Nov 2005
Posts: 7
OS: XP


Sorry for not reading the processed outline. Also, I tried moving the message box to the side of the screen since that is what usually works with most error boxes, however, this one keeps popping up until I delete them (As in if I go to bed I will wake up with 100 error boxes). Anyways, here is my lob.bat file:

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'CC6F253AB8B4E116.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\hikari~1\applic~1\setupr~1\Stop Book Dent.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'Hikari No Kenkaku'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 12/01/2005 0:00:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 02/13/1998
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'Symantec NetDetect.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE'
Parameters: ''
WorkingDirectory: 'C:\Program Files\Symantec\LiveUpdate'
Comment: 'Symantec NetDetect'
Creator: 'Hikari No Kenkaku'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 11/30/2005 23:11:00
NextRun: 12/01/2005 3:11:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 12/01/2005
EndDate: 00/00/0000
StartTime: 03:11
MinutesDuration: 1440
MinutesInterval: 240
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

-Hikari No Kenkaku
P.S. Thanks again, and I am sorry for the inconvenience.
Last edited by HikariNoKenkaku; 11-30-2005 at 10:53 PM.
HikariNoKenkaku is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-01-2005, 10:16 AM   #4 (permalink)
Analyst, Security Team
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP


Please download lop.zip
Unzip it to your desktop.
Go into the new lop folder and double-click lop.bat
It will run and when done a notepad will open, please copy the contents of the Notepad and paste it here.

I have attached a file called remlop.zip Please unzip it to your Desktop and double click on remlop.bat to run it. A window should open and close quickly, this is normal.

Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears).

Viewing Hidden Files
Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.

File and Folder Deletions
Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.
c:\docume~1\hikari~1\applic~1\setupr~1 <<<The ~1 mean the first folder alphabetically beginning with that string.
Bias Name.exe <<<Do a search and delete this file. Make sure the boxes are checked to search for hidden files and folders.

Reboot your system in Normal Mode.

Then download HijackThis - this program will help us determine if there are any spyware/malware on your computer. Create a folder at C:\HJT and move HijackThis.exe there. Run a scan and save the log file. Copy and paste the contents of the logfile here for review. Do not fix anything in HijackThis since they may be harmless. Make sure to include the System information at the top of the log as well.

In you next post please include:
  • Lop.bat log
  • Hijackthis log
Vikesrock8411 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-01-2005, 03:09 PM   #5 (permalink)
Registered User
 
Join Date: Nov 2005
Posts: 7
OS: XP


I got an hour break off work and luckily I already had all the programs on my computer, so it only took me about 5 minutes to do after I got to my house.
Here is the lop:

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'Symantec NetDetect.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE'
Parameters: ''
WorkingDirectory: 'C:\Program Files\Symantec\LiveUpdate'
Comment: 'Symantec NetDetect'
Creator: 'Hikari No Kenkaku'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 12/01/2005 15:11:00
NextRun: 12/01/2005 19:11:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 12/01/2005
EndDate: 00/00/0000
StartTime: 03:11
MinutesDuration: 1440
MinutesInterval: 240
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

Here is HJT:

Logfile of HijackThis v1.99.1
Scan saved at 4:07:28 PM, on 12/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\tsappcmp.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Ares\Ares.exe
C:\WINDOWS\system32\MSAgentXP.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\WINDOWS\system32\XPAgent.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\wuauclt.exe
F:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = xanga.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = xanga.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: (no name) - {1908CCF6-A320-78F3-29F8-84ADA3C9E1EE} - C:\DOCUME~1\HIKARI~1\APPLIC~1\1DEFYN~1\intercool.exe
O2 - BHO: (no name) - {2126F076-D126-BD30-45BD-8ACD7CEA7DAB} - C:\DOCUME~1\HIKARI~1\APPLIC~1\1DEFYN~1\intercool.exe
O2 - BHO: NaviHelperObj Class - {3E422F49-1566-40D3-B43D-077EF739AC32} - C:\WINDOWS\system32\NaviHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [PLAY MAIL HIDE SHIM] C:\Documents and Settings\All Users\Application Data\Obj admin play mail\mfcdeq.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [obj build bike memo] C:\Documents and Settings\All Users\Application Data\Poll bias obj build\DartWave.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MSAgentXP] C:\WINDOWS\system32\MSAgentXP.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [PhoneProc] C:\DOCUME~1\HIKARI~1\APPLIC~1\SETUPR~1\balm load.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [wiadefui] C:\WINDOWS\system32\wiadefui.exe
O4 - HKCU\..\Run: [mfc40u] C:\WINDOWS\system32\mfc40u.exe
O4 - HKCU\..\Run: [XPAgent] C:\WINDOWS\system32\XPAgent.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/09c86d4c...p/RdxIE601.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...anner37460.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: tsappcmp - Unknown owner - C:\WINDOWS\system32\tsappcmp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

-Hikari No Kenkaku
Last edited by HikariNoKenkaku; 12-01-2005 at 03:12 PM.
HikariNoKenkaku is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-01-2005, 03:28 PM   #6 (permalink)
Analyst, Security Team
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP


Are you still seeing an error message or has that been taken care of?

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Special Note:
Microsoft AntiSpyware Program:
Because of recent changes in the way this program now defines and detects spyware/adware, it is no longer recommended as a spyware removal tool. Microsoft has downgraded several adware/spyware programs that it used to detect and remove and now lists them simply as “Ignore

These are some of the adware/spyware programs that this program will NOT prompt you to remove. Claria, 180Solutions, WhenU, New.net, most WhenU apps, eZula,TopText, Gain/Gator, and Webhancer. These are all known adware/spyware programs and hijackers. Basically this product can no longer be trusted. We recommend you uninstall it.

Downloads(make sure to save these in a permanent location)
Cleanup! (Alternate Link)- Install it. You will use this later.

*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does not make backups.

Ewido Security Suite
  • Install Ewido Security Suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.
  • On the left hand side of the main screen click update.
  • Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.

Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears).

HijackThis!
Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)
O2 - BHO: (no name) - {1908CCF6-A320-78F3-29F8-84ADA3C9E1EE} - C:\DOCUME~1\HIKARI~1\APPLIC~1\1DEFYN~1\intercool.e xe
O2 - BHO: (no name) - {2126F076-D126-BD30-45BD-8ACD7CEA7DAB} - C:\DOCUME~1\HIKARI~1\APPLIC~1\1DEFYN~1\intercool.e xe
O4 - HKLM\..\Run: [PLAY MAIL HIDE SHIM] C:\Documents and Settings\All Users\Application Data\Obj admin play mail\mfcdeq.exe
O4 - HKLM\..\Run: [obj build bike memo] C:\Documents and Settings\All Users\Application Data\Poll bias obj build\DartWave.exe
O4 - HKCU\..\Run: [wiadefui] C:\WINDOWS\system32\wiadefui.exe
O4 - HKCU\..\Run: [mfc40u] C:\WINDOWS\system32\mfc40u.exe

Please remember to close all other windows, including browsers then click Fix checked.

File and Folder Deletions
Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.
C:\DOCUME~1\HIKARI~1\APPLIC~1\1DEFYN~1 <<< The ~1 means that it is the first folder alphabettically beginning with that string.
:\Documents and Settings\All Users\Application Data\Obj admin play mail
C:\Documents and Settings\All Users\Application Data\Poll bias obj build

C:\WINDOWS\system32\wiadefui.exe
C:\WINDOWS\system32\mfc40u.exe

Tools
Open Cleanup! by double-clicking the icon on your desktop (or from Start > All Programs). Set the program up as follows:

Click Options
Move the slider button down to Custom CleanUp!

Check the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Uncheck the following :
  • Scan local drives for temporary files

Click OK, Press the CleanUp! button to start the program. If prompted to reboot, click No.

Run Ewido with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click Complete System Scan to begin scanning.
  • Click OK when prompted to clean files
With the first file it prompts to clean, select the option:
  • "Perform action on all infections"
  • Choose clean and click OK.
Once finished, click the Save report button & save the report to your desktop

** This scan may take over an hour, after choosing the action for the first item you do not need to stay at the PC.

Reboot your system in Normal Mode.

Online Scans
Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner
  1. Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
  2. Click Scan Now
  3. Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
  • Click on see report. Then click Save report
Post the contents of the report in your next reply

*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan

In your next post please include:
  • Ewido Log
  • Panda Activescan Log
  • A new Hijackthis! Log
Vikesrock8411 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-01-2005, 11:45 PM   #7 (permalink)
Registered User
 
Join Date: Nov 2005
Posts: 7
OS: XP


Ewido
This file has too many files in it. There are only 12 main ones, the other 32,382 are from mozilla. Anyways, they were all cleaned, so it should be okay. I tried to add an attachment of the report, but it was too big. On a side, note, the original error that I posted about was fixed, sorry for not mentioning that in my last post.

Panda
Incident Status Location

Virus:Trj/Clicker.LE Not disinfected
Operating system
Adware:adware/navipromo Not disinfected
Windows Registry
Adware:Adware/Lop Not disinfected
C:\HJT\backups\backup-20051201-204651-716.dll
Adware:Adware/Lop Not disinfected
C:\HJT\backups\backup-20051201-204651-736.dll
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\10DF861A.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\11286442.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\13DCB712.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\14296F6F.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\14BB4A5F.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\14C258DF.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\14D69A19.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\155C37EF.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\15670775.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\158C775.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\15AE15BB.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\15BD5706.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\15F1E3D8.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\1643DE5F.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\168AAFBB.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\172F9B2B.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\1745A9EF.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\177169AB.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\1773AC5.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\178CB986.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\17C345CE.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\180A52BE.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\1864315F.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\190C3C58.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\1939FD4B.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\198BD83E.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\19E5B4DF.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\1A2C841A.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\1A54E6F.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\1AAA244.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\1AB96099.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\1AC0719A.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\1AD4B351.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\1B0B5FCB.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\1B52F7CF.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\1B65C98B.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\1BACD53E.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\1BB34BCE.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\1BF7A3D8.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\1C3EB1EC.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\1C41A1B0.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\1C54363B.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\1CA6124E.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\1CD27D9E.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\1CE54BAD.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\1DBE373D.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\1E1CA6DA.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\1E69691A.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\1EFB4742.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\1F025590.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\1FB0551D.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\1FEEEF83.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\2078CBC4.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\208E6B5.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\2102F376.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\A0032096.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\balm load.VIR
Virus:Exploit/ByteVerify Not disinfected
C:\ProgramFiles\AVPersonal\INFECTED\LOADERADV783.JAR-106D9513-6FC623AD.ZIP.VIR[Matrix.class]
Virus:Exploit/ByteVerify Not disinfected
C:\ProgramFiles\AVPersonal\INFECTED\LOADERADV783.JAR-106D9513-6FC623AD.ZIP.VIR[Dummy.class]
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\STA111A.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\STA1335.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\STA18DE.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\STA1ACA.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\STA1B34.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\STA1CF.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\STA1D0.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\STA1D1.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\STA1DD.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\STA262F.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\STA2635.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\STA2636.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\STA28.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\STA2AB3.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\STA2ABA.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\STA2ABC.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\STA2AC5.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\STA2AC6.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\STA2AC8.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\STA2AC9.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\STA2B.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\STA2B0F.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\STA2B7F.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\STA2C6E.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\STA2CA6.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\STA2D.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\STA33B.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\STA453D.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\STA453E.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\STA453F.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\STA4540.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\STA62EC.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\STA62ED.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\STA7490.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\STA7C.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\STA8492.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\STA9.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\STAA1.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\STAAD.EXE.VIR
Adware:Adware/Lop Not disinfected
C:\Program Files\AVPersonal\INFECTED\STAAFF.EXE.VIR
Virus:Trj/Agent.AUO Not disinfected
C:\RECYCLER\NPROTECT\00291908.exe
Virus:Trj/Fastmp.A Not disinfected
C:\WINDOWS\system32\MSAgentXP.exe
Virus:Trj/Clicker.LE Not disinfected
C:\WINDOWS\system32\XPAgent.exe
Adware:Adware/IST.ISTBar Not disinfected
F:\Documents and Settings\UokogSobi\Local Settings\Temp\aDgTgP.exe
Virus:Bck/Freeze.C Not disinfected
F:\Documents and Settings\UokogSobi\Local Settings\Temp\GLF41.EXE
Adware:Adware/IST.ISTBar Not disinfected
F:\Documents and Settings\UokogSobi\Local Settings\Temp\XH9ECi.exe
Adware:Adware/IST.ISTBar Not disinfected
F:\Documents and Settings\UokogSobi\Local Settings\Temp\YfGTjI.exe
Spyware:Spyware/New.net Not disinfected
F:\Program Files\filesubmit\Battle Athletes - Victory\NNEZSTB3.exe
Hacktool:Hacktool/Hammer Not disinfected
F:\Program Files\Halflife Logo Creator\HLC.exe
Spyware:Spyware/LinkReplacer Not disinfected
F:\WINDOWS\system32\uninst.exe
Adware:Adware/PurityScan Not disinfected
F:\WINDOWS\system32\w?auboot.exe


HJT
Logfile of HijackThis v1.99.1
Scan saved at 12:17:24 AM, on 12/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
F:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\MSAgentXP.exe
C:\WINDOWS\system32\XPAgent.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = xanga.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = xanga.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: NaviHelperObj Class - {3E422F49-1566-40D3-B43D-077EF739AC32} - C:\WINDOWS\system32\NaviHelper.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MSAgentXP] C:\WINDOWS\system32\MSAgentXP.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [PhoneProc] C:\DOCUME~1\HIKARI~1\APPLIC~1\SETUPR~1\balm load.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [XPAgent] C:\WINDOWS\system32\XPAgent.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/09c86d4c...p/RdxIE601.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...anner37460.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: tsappcmp - Unknown owner - C:\WINDOWS\system32\tsappcmp.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Last edited by HikariNoKenkaku; 12-01-2005 at 11:49 PM.
HikariNoKenkaku is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-02-2005, 08:58 PM   #8 (permalink)
Analyst, Security Team
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP


Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Viewing Hidden Files
Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.

Downloads(make sure to save these in a permanent location)
KillBox v2.0.0.175.exe (it's important that you get version v2.0.0.175)

HijackThis!
Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)
O4 - HKCU\..\Run: [MSAgentXP] C:\WINDOWS\system32\MSAgentXP.exe
O4 - HKCU\..\Run: [PhoneProc] C:\DOCUME~1\HIKARI~1\APPLIC~1\SETUPR~1\balm load.exe
O4 - HKCU\..\Run: [XPAgent] C:\WINDOWS\system32\XPAgent.exe

Please remember to close all other windows, including browsers then click Fix checked.

Please open this folder and delete all files inside:
C:\Program Files\AVPersonal\INFECTED

Tools
Launch KillBox.exe & select the following options:
  • delete on Reboot
Select all the filenames below & then right-click & select Copy
  • C:\WINDOWS\system32\MSAgentXP.exe
    C:\WINDOWS\system32\XPAgent.exe
    F:\Program Files\filesubmit\Battle Athletes - Victory\NNEZSTB3.exe
    F:\WINDOWS\system32\uninst.exe
    F:\WINDOWS\system32\w?auboot.exe
* Go to the File menu, and choose Paste from Clipboard
* Click the RED X button.
* Click Yes at the Delete on Reboot prompt.
* Click No at the 'Pending Operations prompt'.

Open Cleanup! by double-clicking the icon on your desktop (or from Start > All Programs). Set the program up as follows:

Click Options
Move the slider button down to Custom CleanUp!

Check the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Uncheck the following :
  • Scan local drives for temporary files

Click OK, Press the CleanUp! button to start the program and reboot(Normal Mode) when prompted.

Online Scans
Please submit the following file to Jotti File Scan
C:\WINDOWS\system32\tsappcmp.exe<<<If this file is not present please let me know.

This will produce a report after the scan is complete, please copy and paste those results in your next post

Please open IE and go to
Kaspersky WebScanner

Next Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    • Standard
    • Scan Options:
    • Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

* Turn off the real time scanner of any existing antivirus program while performing the online scan

In your next post please include:
  • Jotti Results
  • Kaspersky Log
  • A new Hijackthis! Log
Vikesrock8411 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-02-2005, 11:43 PM   #9 (permalink)
Registered User
 
Join Date: Nov 2005
Posts: 7
OS: XP


Jotti

The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file

Kaspersky

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, December 03, 2005 00:36:31
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 3/12/2005
Kaspersky Anti-Virus database records: 153154
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 179091
Number of viruses found: 30
Number of infected objects: 95
Number of suspicious objects: 0
Duration of the scan process: 2440 sec

Infected Object Name - Virus Name
C:\HJT\backups\backup-20051201-204651-716.dll Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\HJT\backups\backup-20051201-204651-736.dll Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\System Volume Information\_restore{2E2A5DFF-EE83-49B6-97FA-DBCBA5CCC538}\RP359\A0057574.exe Infected: Trojan-Downloader.Win32.Swizzor.co
C:\System Volume Information\_restore{2E2A5DFF-EE83-49B6-97FA-DBCBA5CCC538}\RP359\A0057575.exe Infected: Trojan-Downloader.Win32.Swizzor.cb
C:\System Volume Information\_restore{2E2A5DFF-EE83-49B6-97FA-DBCBA5CCC538}\RP359\A0057760.EXE Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\System Volume Information\_restore{2E2A5DFF-EE83-49B6-97FA-DBCBA5CCC538}\RP360\A0057835.exe Infected: Trojan-Downloader.Win32.Swizzor.co
C:\System Volume Information\_restore{2E2A5DFF-EE83-49B6-97FA-DBCBA5CCC538}\RP360\A0057836.exe Infected: Trojan-Downloader.Win32.Swizzor.cb
C:\System Volume Information\_restore{2E2A5DFF-EE83-49B6-97FA-DBCBA5CCC538}\RP360\A0058017.EXE Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\System Volume Information\_restore{2E2A5DFF-EE83-49B6-97FA-DBCBA5CCC538}\RP362\A0059644.exe Infected: Virus.Win32.Parite.b
C:\System Volume Information\_restore{2E2A5DFF-EE83-49B6-97FA-DBCBA5CCC538}\RP362\A0059645.exe Infected: Virus.Win32.HLLP.Savno
C:\System Volume Information\_restore{2E2A5DFF-EE83-49B6-97FA-DBCBA5CCC538}\RP362\A0059648.exe Infected: Virus.Win32.HLLP.Savno
C:\System Volume Information\_restore{2E2A5DFF-EE83-49B6-97FA-DBCBA5CCC538}\RP362\A0059649.exe Infected: Virus.Win32.HLLP.Savno
C:\System Volume Information\_restore{2E2A5DFF-EE83-49B6-97FA-DBCBA5CCC538}\RP362\A0059650.dll Infected: Trojan.Win32.Delf.gh
C:\System Volume Information\_restore{2E2A5DFF-EE83-49B6-97FA-DBCBA5CCC538}\RP363\A0059999.exe Infected: Trojan-Downloader.Win32.Swizzor.co
C:\System Volume Information\_restore{2E2A5DFF-EE83-49B6-97FA-DBCBA5CCC538}\RP363\A0060000.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{2E2A5DFF-EE83-49B6-97FA-DBCBA5CCC538}\RP363\A0060006.exe Infected: Trojan-Downloader.Win32.Swizzor.cb
C:\System Volume Information\_restore{2E2A5DFF-EE83-49B6-97FA-DBCBA5CCC538}\RP363\A0060008.exe Infected: Trojan-Downloader.Win32.Swizzor.dd
C:\System Volume Information\_restore{2E2A5DFF-EE83-49B6-97FA-DBCBA5CCC538}\RP363\A0060009.exe Infected: Trojan-Downloader.Win32.Swizzor.du
C:\System Volume Information\_restore{2E2A5DFF-EE83-49B6-97FA-DBCBA5CCC538}\RP364\A0060177.exe Infected: Trojan-Downloader.Win32.Swizzor.bo
C:\System Volume Information\_restore{2E2A5DFF-EE83-49B6-97FA-DBCBA5CCC538}\RP364\A0060178.exe Infected: Trojan-Downloader.Win32.Swizzor.de
C:\System Volume Information\_restore{2E2A5DFF-EE83-49B6-97FA-DBCBA5CCC538}\RP364\A0060182.exe Infected: Trojan-Downloader.Win32.Swizzor.dd
C:\System Volume Information\_restore{2E2A5DFF-EE83-49B6-97FA-DBCBA5CCC538}\RP364\A0060184.exe Infected: Trojan-Downloader.Win32.Swizzor.du
C:\System Volume Information\_restore{2E2A5DFF-EE83-49B6-97FA-DBCBA5CCC538}\RP364\A0060370.EXE Infected: Trojan-Downloader.Win32.Agent.am
C:\System Volume Information\_restore{2E2A5DFF-EE83-49B6-97FA-DBCBA5CCC538}\RP365\A0060542.exe Infected: Trojan-Downloader.Win32.Reqlook.c
F:\Documents and Settings\UokogSobi\Local Settings\Temp\1.32 MB.exe/data0005/stream/data0002 Infected: Trojan-Downloader.Win32.Agent.cf
F:\Documents and Settings\UokogSobi\Local Settings\Temp\1.32 MB.exe/data0005/stream Infected: Trojan-Downloader.Win32.Agent.cf
F:\Documents and Settings\UokogSobi\Local Settings\Temp\1.32 MB.exe/data0005 Infected: Trojan-Downloader.Win32.Agent.cf
F:\Documents and Settings\UokogSobi\Local Settings\Temp\1.32 MB.exe Infected: Trojan-Downloader.Win32.Agent.cf
F:\Documents and Settings\UokogSobi\Local Settings\Temp\aDgTgP.exe Infected: Trojan-Downloader.Win32.IstBar.ig
F:\Documents and Settings\UokogSobi\Local Settings\Temp\XH9ECi.exe Infected: Trojan-Downloader.Win32.IstBar.ig
F:\Documents and Settings\UokogSobi\Local Settings\Temp\YfGTjI.exe Infected: Trojan-Downloader.Win32.IstBar.ig
F:\Program Files\Ares\My Shared Folder\norton antivirus 2004 professional + crack.exe/Norton.Antivirus.2004.PRO.KEYGEN.exe Infected: Virus.Win32.HLLP.Savno
F:\Program Files\Ares\My Shared Folder\norton antivirus 2004 professional + crack.exe Infected: Virus.Win32.HLLP.Savno
F:\Program Files\Norton AntiVirus\Quarantine\01565F87 Infected: Trojan.Java.ClassLoader.ak
F:\Program Files\Norton AntiVirus\Quarantine\02EC5193 Infected: Trojan.Java.ClassLoader.ak
F:\Program Files\Norton AntiVirus\Quarantine\05DE0DD9.class Infected: Trojan-Downloader.Java.OpenConnection.v
F:\Program Files\Norton AntiVirus\Quarantine\0BB0773D Infected: Trojan.Win32.KillAV.ef
F:\Program Files\Norton AntiVirus\Quarantine\14C4049C Infected: Trojan.Win32.KillAV.ef
F:\Program Files\Norton AntiVirus\Quarantine\15F82302 Infected: Trojan.Java.ClassLoader.z
F:\Program Files\Norton AntiVirus\Quarantine\16C64E85 Infected: Trojan-Downloader.Win32.IstBar.ic
F:\Program Files\Norton AntiVirus\Quarantine\21EC6F1E Infected: Trojan-Downloader.Java.OpenConnection.v
F:\Program Files\Norton AntiVirus\Quarantine\26566095 Infected: Trojan.Java.ClassLoader.z
F:\Program Files\Norton AntiVirus\Quarantine\28BB734B/data0000 Infected: Trojan.Win32.SecondThought.aa
F:\Program Files\Norton AntiVirus\Quarantine\28BB734B Infected: Trojan.Win32.SecondThought.aa
F:\Program Files\Norton AntiVirus\Quarantine\324E7496.exe Infected: Virus.Win32.HLLP.Savno
F:\Program Files\Norton AntiVirus\Quarantine\36CA01ED Infected: Trojan-Downloader.Java.OpenConnection.v
F:\Program Files\Norton AntiVirus\Quarantine\3E0856CC Infected: Trojan-Spy.Win32.Perfloger.l
F:\Program Files\Norton AntiVirus\Quarantine\504C6C9E Infected: Trojan.Java.ClassLoader.ak
F:\Program Files\Norton AntiVirus\Quarantine\63390D6A Infected: Trojan-Spy.Win32.Perfloger.l
F:\Program Files\Norton AntiVirus\Quarantine\67EE538C Infected: Trojan-Spy.Win32.Perfloger.f
F:\Program Files\Norton AntiVirus\Quarantine\68970F93 Infected: Trojan-Downloader.Java.OpenConnection.v
F:\Program Files\Norton AntiVirus\Quarantine\6DB54004 Infected: Trojan.Win32.KillAV.ef
F:\Program Files\Norton AntiVirus\Quarantine\7A705D0F Infected: Trojan.Java.ClassLoader.z
F:\System Volume Information\_restore{2E2A5DFF-EE83-49B6-97FA-DBCBA5CCC538}\RP362\A0059884.ocx Infected: Trojan-Downloader.Win32.VB.en
F:\System Volume Information\_restore{E06CC13C-B2B2-4A6E-9DA8-3F9B07F5CC0F}\RP177\A0189178.exe/rinst.exe Infected: Trojan.Win32.KillAV.ef
F:\System Volume Information\_restore{E06CC13C-B2B2-4A6E-9DA8-3F9B07F5CC0F}\RP177\A0189178.exe Infected: Trojan.Win32.KillAV.ef
F:\System Volume Information\_restore{E06CC13C-B2B2-4A6E-9DA8-3F9B07F5CC0F}\RP177\A0189186.exe/rinst.exe Infected: Trojan.Win32.KillAV.ef
F:\System Volume Information\_restore{E06CC13C-B2B2-4A6E-9DA8-3F9B07F5CC0F}\RP177\A0189186.exe Infected: Trojan.Win32.KillAV.ef
F:\System Volume Information\_restore{E06CC13C-B2B2-4A6E-9DA8-3F9B07F5CC0F}\RP180\A0195505.exe Infected: Trojan.Win32.KillAV.ef
F:\System Volume Information\_restore{E06CC13C-B2B2-4A6E-9DA8-3F9B07F5CC0F}\RP180\A0195587.exe Infected: P2P-Worm.Win32.Tibick
F:\System Volume Information\_restore{E06CC13C-B2B2-4A6E-9DA8-3F9B07F5CC0F}\RP180\A0195588.exe Infected: P2P-Worm.Win32.Tibick.d
F:\System Volume Information\_restore{E06CC13C-B2B2-4A6E-9DA8-3F9B07F5CC0F}\RP180\A0195589.exe Infected: P2P-Worm.Win32.Tibick.d
F:\System Volume Information\_restore{E06CC13C-B2B2-4A6E-9DA8-3F9B07F5CC0F}\RP182\A0197770.EXE/rinst.exe Infected: Trojan-Spy.Win32.Perfloger.f
F:\System Volume Information\_restore{E06CC13C-B2B2-4A6E-9DA8-3F9B07F5CC0F}\RP182\A0197770.EXE Infected: Trojan-Spy.Win32.Perfloger.f
F:\System Volume Information\_restore{E06CC13C-B2B2-4A6E-9DA8-3F9B07F5CC0F}\RP185\A0197973.exe Infected: Trojan-Spy.Win32.Perfloger.f
F:\System Volume Information\_restore{E06CC13C-B2B2-4A6E-9DA8-3F9B07F5CC0F}\RP185\A0197974.exe Infected: Trojan.Win32.KillAV.ef
F:\System Volume Information\_restore{E06CC13C-B2B2-4A6E-9DA8-3F9B07F5CC0F}\RP185\A0197976.exe Infected: Trojan.Win32.KillAV.ef
F:\System Volume Information\_restore{E06CC13C-B2B2-4A6E-9DA8-3F9B07F5CC0F}\RP189\A0208803.exe Infected: Trojan.Win32.KillAV.ef
F:\System Volume Information\_restore{E06CC13C-B2B2-4A6E-9DA8-3F9B07F5CC0F}\RP209\A0260331.exe Infected: Trojan-Spy.Win32.Perfloger.l
F:\System Volume Information\_restore{E06CC13C-B2B2-4A6E-9DA8-3F9B07F5CC0F}\RP210\A0260333.dll Infected: Trojan-Spy.Win32.Perfloger.i
F:\System Volume Information\_restore{E06CC13C-B2B2-4A6E-9DA8-3F9B07F5CC0F}\RP215\A0263417.dll Infected: Trojan-Downloader.Win32.Braidupdate.d
F:\System Volume Information\_restore{E06CC13C-B2B2-4A6E-9DA8-3F9B07F5CC0F}\RP215\A0263418.DLL Infected: Trojan-Clicker.Win32.Agent.dh
F:\System Volume Information\_restore{E06CC13C-B2B2-4A6E-9DA8-3F9B07F5CC0F}\RP227\A0275089.exe Infected: Trojan-Downloader.Win32.IstBar.ie
F:\System Volume Information\_restore{E06CC13C-B2B2-4A6E-9DA8-3F9B07F5CC0F}\RP228\A0276424.exe Infected: Trojan-Downloader.Win32.IstBar.ie
F:\System Volume Information\_restore{E06CC13C-B2B2-4A6E-9DA8-3F9B07F5CC0F}\RP234\A0278765.exe Infected: Trojan-Downloader.Win32.IstBar.gen
F:\System Volume Information\_restore{E06CC13C-B2B2-4A6E-9DA8-3F9B07F5CC0F}\RP237\A0280765.exe Infected: Trojan-Downloader.Win32.IstBar.gen
F:\System Volume Information\_restore{E06CC13C-B2B2-4A6E-9DA8-3F9B07F5CC0F}\RP237\A0281765.exe Infected: Trojan-Downloader.Win32.IstBar.gen
F:\System Volume Information\_restore{E06CC13C-B2B2-4A6E-9DA8-3F9B07F5CC0F}\RP238\A0283765.exe Infected: Trojan-Downloader.Win32.IstBar.gen
F:\System Volume Information\_restore{E06CC13C-B2B2-4A6E-9DA8-3F9B07F5CC0F}\RP240\A0285942.exe Infected: Trojan-Downloader.Win32.IstBar.gen
F:\System Volume Information\_restore{E06CC13C-B2B2-4A6E-9DA8-3F9B07F5CC0F}\RP241\A0285985.EXE/WISE0021.BIN Infected: Trojan-Downloader.Win32.Agent.er
F:\System Volume Information\_restore{E06CC13C-B2B2-4A6E-9DA8-3F9B07F5CC0F}\RP241\A0285985.EXE Infected: Trojan-Downloader.Win32.Agent.er
F:\System Volume Information\_restore{E06CC13C-B2B2-4A6E-9DA8-3F9B07F5CC0F}\RP241\A0285993.exe/WISE0021.BIN Infected: Trojan-Downloader.Win32.Agent.er
F:\System Volume Information\_restore{E06CC13C-B2B2-4A6E-9DA8-3F9B07F5CC0F}\RP241\A0285993.exe Infected: Trojan-Downloader.Win32.Agent.er
F:\System Volume Information\_restore{E06CC13C-B2B2-4A6E-9DA8-3F9B07F5CC0F}\RP242\A0286027.exe/data0000 Infected: Trojan.Win32.SecondThought.aa
F:\System Volume Information\_restore{E06CC13C-B2B2-4A6E-9DA8-3F9B07F5CC0F}\RP242\A0286027.exe Infected: Trojan.Win32.SecondThought.aa
F:\System Volume Information\_restore{E06CC13C-B2B2-4A6E-9DA8-3F9B07F5CC0F}\RP245\A0286085.exe Infected: Trojan-Downloader.Win32.IstBar.gen
F:\System Volume Information\_restore{E06CC13C-B2B2-4A6E-9DA8-3F9B07F5CC0F}\RP246\A0286369.exe Infected: Trojan-Downloader.Win32.IstBar.gen
F:\System Volume Information\_restore{E06CC13C-B2B2-4A6E-9DA8-3F9B07F5CC0F}\RP246\A0286375.exe Infected: Trojan-Downloader.Win32.IstBar.gen
F:\System Volume Information\_restore{E06CC13C-B2B2-4A6E-9DA8-3F9B07F5CC0F}\RP249\A0288192.EXE Infected: Trojan-Downloader.Win32.Agent.er
F:\System Volume Information\_restore{E06CC13C-B2B2-4A6E-9DA8-3F9B07F5CC0F}\RP253\A0292318.exe Infected: Trojan-Downloader.Win32.IstBar.gen
F:\System Volume Information\_restore{E06CC13C-B2B2-4A6E-9DA8-3F9B07F5CC0F}\RP254\A0292437.exe Infected: Trojan-Downloader.Win32.IstBar.gen
F:\System Volume Information\_restore{E06CC13C-B2B2-4A6E-9DA8-3F9B07F5CC0F}\RP255\A0292624.exe/WISE0022.BIN Infected: Trojan-Downloader.Win32.Agent.er
F:\System Volume Information\_restore{E06CC13C-B2B2-4A6E-9DA8-3F9B07F5CC0F}\RP255\A0292624.exe Infected: Trojan-Downloader.Win32.Agent.er
F:\System Volume Information\_restore{E06CC13C-B2B2-4A6E-9DA8-3F9B07F5CC0F}\RP259\A0294822.exe/rinst.exe Infected: Trojan.Win32.KillAV.ef
F:\System Volume Information\_restore{E06CC13C-B2B2-4A6E-9DA8-3F9B07F5CC0F}\RP259\A0294822.exe Infected: Trojan.Win32.KillAV.ef

Scan process completed.

HJT

Logfile of HijackThis v1.99.1
Scan saved at 12:42:08 AM, on 12/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
F:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = xanga.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = xanga.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: NaviHelperObj Class - {3E422F49-1566-40D3-B43D-077EF739AC32} - C:\WINDOWS\system32\NaviHelper.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/09c86d4c...p/RdxIE601.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...anner37460.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: tsappcmp - Unknown owner - C:\WINDOWS\system32\tsappcmp.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

-Hikari No Kenkaku
Last edited by HikariNoKenkaku; 12-02-2005 at 11:45 PM.
HikariNoKenkaku is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-03-2005, 08:22 PM   #10 (permalink)
Analyst, Security Team
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP


Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Viewing Hidden Files
Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.

Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears).

Please browse to each of the following folders. After opening the folder press Ctrl+A. Then press Delete.
F:\Documents and Settings\UokogSobi\Local Settings\Temp
F:\Program Files\Norton AntiVirus\Quarantine

Then delete the following file
F:\Program Files\Ares\My Shared Folder\norton antivirus 2004 professional + crack.exe

Online Scans
Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).
  • Save it to your desktop.
  • Double-click the new icon on your desktop (tmas-web-scan.exe)
  • It will say "Loading TrendMicro definitions".
  • Once the definitions are loaded, the program will appear to close then re-open.
  • Click "Start Scan"
  • After it's done scanning, click "Scan Results"
  • Make sure all items found have a check next to them, then click "Clean Threats Now".
  • Click Exit.
Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here.

I then need you to repeat the same procedure above again... using the TrendMicro tool. I need the log from the second scan/clean...NOT the first...as this will contain what’s left in the system.

How is your system now? Are there any issues remaining?

In your next post please include:
  • Antispyware.log
  • A new Hijackthis! Log
Vikesrock8411 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-04-2005, 12:16 AM   #11 (permalink)
Registered User
 
Join Date: Nov 2005
Posts: 7
OS: XP


TrendMicro
WhenU.com, Inc. <---Sorry, the program wasn't working, so all I could do was get the name of the only file that stayed on my second scan.

HJT
Logfile of HijackThis v1.99.1
Scan saved at 1:00:30 AM, on 12/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
F:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = xanga.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = xanga.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: NaviHelperObj Class - {3E422F49-1566-40D3-B43D-077EF739AC32} - C:\WINDOWS\system32\NaviHelper.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/09c86d4c...p/RdxIE601.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...anner37460.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: tsappcmp - Unknown owner - C:\WINDOWS\system32\tsappcmp.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

-Hikari No Kenkaku
P.S. Yes, my computer is working much better now. Thank you very much for your help, and I am sorry for your inconvenience.
HikariNoKenkaku is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-04-2005, 03:37 PM   #12 (permalink)
Analyst, Security Team
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP


Don't worry about it, you were no inconvience at all.

Your log appears to be clean. If you still have any problems let me know and we will work on diagnosing those through other means. If not, there are just a few more things to go through to finish this off and help prevent future infections. Please post one more time even if you have no problems so we can mark this thread as resolved.

Disabling the Viewing of Hidden and System Files
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Deselect the Show hidden files and folders option.
  • Select the Hide file extensions for known types option.
  • Select the Hide protected operating system files option.
  • Click Yes to confirm.
  • Click OK.

Setting a new Restore Point
Go to Start >> Run - type control sysdm.cpl,,4 & press Enter.
  • Tick the checkbox - Turn off System Restore on all drives
  • Click Apply
  • Turn it back 'On' by unticking the same checkbox & click OK

Windows Update
Make sure to get the latest updates for Windows and Internet Explorer at Microsoft Update Site.

Prevention
A good virus scanner is a necessity in today's computer environment. Many virus scanners include active components that protect you from infection without even running a scan. Some good free antivirus programs include:
AVG Free
Avast! Home Edition (Antivirus & Firewall)
AntiVir

A firewall is the first line of defense standing between the internet and your computer. Some good free firewalls are:
Zone Alarm
Outpost
Tiny Personal Firewall
Avast! Home Edition (Antivirus & Firewall)

Adaware SE and Spybot SD are a pair of anti-spyware scanners that should be run every week or two. Although there is some overlap there are many pieces of malware that is caught by one of these and not the other, therefore it is recommended you use both to compliment each other. Spybot also contains two other useful pieces. The first is "Immunize", this helps protect your computer against known exploits. The second is "TeaTimer", with this feature enabled you will receive notifications of all changes to the registry such as programs adding themselves to start-up and you default search page being changed.

Spyware Blaster is a powerful tool that prevents "drive-by" downloads and other unwanted installations. It also uses no system resources, run it once and you're all set. Spyware Guard Is a realtime protection engine to guard your computer from spyware. This program does for spyware what an antivirus program does for viruses.

IE-Spyad is a program that only needs to be run once to protect you from many malicious sites. It adds domains of known adware companies into the Restricted List of Internet Explorer, preventing them from performing malicious actions on your PC.

The MVPS HOSTS file is a file you can download and use to replace your regular hosts file. It prevents many sites from performing malicious actions by blocking the sites from ever being accessed.

Together these programs form a powerful barrier between the Internet and your computer. However, all the programs stand alone and feel free to eliminate any you are not comfortable with. Any protection you add to your PC is better than no protection at all.

Alternative Programs
Here are some alternatives that are either less suceptible than others to malware or don't contain malware where similar programs do.

Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

Desktop Weather - Free taskbar weather program that is free, malware free, and resource light.

Firefox - This is an increasingly popular alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.

Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
Vikesrock8411 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-04-2005, 07:55 PM   #13 (permalink)
Registered User
 
Join Date: Nov 2005
Posts: 7
OS: XP


My computer is working just fine. You can count this topic closed.
-Hikari No Kenkaku
Last edited by HikariNoKenkaku; 12-04-2005 at 07:57 PM.
HikariNoKenkaku is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 08:37 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85