User Tag List

Ad-Aware Help

This is a discussion on Ad-Aware Help within the Resolved HJT Threads forums, part of the Tech Support Forum category. I'm reposting this here, even though it really isn't the right place for it. One of the mods over in

Thread Tools Search this Thread
Old 02-07-2010, 07:24 PM   #1
Registered Member
Join Date: Feb 2010
Posts: 14
OS: Windows XP

I'm reposting this here, even though it really isn't the right place for it. One of the mods over in the security section thought this belongs here. I don't think it does, but I'm going to do it to shut him up...

Okay, somehow my Ad-Aware failed me miserably and I don't know how it happened.

Today, when I pulled up the Task Manager (which I almost always leave running in case something goes wrong and I need to terminate something quickly) I noticed one of those executables with the random filenames. It was only on my list of running processes for a split second before it closed and/or hid itself. This set off a LARGE red and flashing light in my head and I immediately went to the System Configuration Utility to see if I could spot something amiss. Spot something I did and entered what I found into Google.

As it turns out, a Koobface worm somehow managed to find it's way onto the system, so I ran Ad-Aware and it said there was NOTHING there. I found that strange, so I downloaded and ran Avenger, which claimed to have successfully removed it (though this later proved to be only PARTLY true). I'm not a stupid person by any means, and immediately tracked down a copy of MBAM. It took five hours and reported over twenty problems. Here's the log:

Malwarebytes' Anti-Malware 1.44
Database version: 3703
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

2/7/2010 7:59:40 PM
mbam-log-2010-02-07 (19-59-32).txt

Scan type: Full Scan (C:\|)
Objects scanned: 476277
Time elapsed: 5 hour(s), 23 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 16

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Adware.Ecobar) -> No action taken.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Adware.Ecobar) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0} (Adware.Ecobar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Rogue.Installer) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_FIO32 (Worm.KoobFace) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_FIOO32 (Worm.KoobFace) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\fioo32 (Worm.KoobFace) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{78EBF27F-1BD1-40EA-A9BA-CB0B18CC4548}\RP103\A0031250.dll (Rogue.Agent) -> No action taken.
C:\System Volume Information\_restore{78EBF27F-1BD1-40EA-A9BA-CB0B18CC4548}\RP113\A0034312.exe (Trojan.Banker) -> No action taken.
C:\System Volume Information\_restore{78EBF27F-1BD1-40EA-A9BA-CB0B18CC4548}\RP94\A0028707.exe (Worm.KoobFace) -> No action taken.
C:\System Volume Information\_restore{78EBF27F-1BD1-40EA-A9BA-CB0B18CC4548}\RP94\A0028857.exe (Worm.KoobFace) -> No action taken.
C:\Documents and Settings\Joy B\My Documents\Downloads\setup.exe (Rogue.Installer) -> No action taken.
C:\WIN_XP\010112010146103110.xxe (KoobFace.Trace) -> No action taken.
C:\WIN_XP\010112010146111103.xxe (KoobFace.Trace) -> No action taken.
C:\WIN_XP\0101120101465348.xxe (KoobFace.Trace) -> No action taken.
C:\WIN_XP\0101120101465450.xxe (KoobFace.Trace) -> No action taken.
C:\WIN_XP\fdgg34353edfgdfdf (KoobFace.Trace) -> No action taken.
C:\Program Files\Mozilla Firefox\ftemp.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Joy B\Local Settings\Temp\zpskon_1261356247.exe (Worm.Koobface) -> No action taken.
C:\Documents and Settings\Joy B\Local Settings\Temp\zpskon_1261362547.exe (Worm.Koobface) -> No action taken.
C:\Documents and Settings\Joy B\Local Settings\Temp\zpskon_1261374379.exe (Worm.Koobface) -> No action taken.
C:\WIN_XP\010112010146101105.rx (Malware.Trace) -> No action taken.
C:\WIN_XP\rdr_1261350500.exe (Worm.Koobface) -> No action taken.
Now the part that I'm hoping someone can help me figure out is HOW Ad-Aware managed to fail me SO badly. I make sure I update it once every couple of days and I run it several times a week. It's always reported back to me that it found nothing, or at most maybe one or two infections and a couple of tracking cookies. Something must surely have been amiss if THIS much got past it. Is it possible that one of those infections (however they got installed; this computer has multiple users) compromised the security software? This is completely unacceptable to me, and makes me seriously concerned about whether I should even be using AAW.

Also, before I close, could someone possible tell me if one of those infections was a keylogger? My work and my passwords are very important to me, and if some scumbag had the computer simply emailing my keystrokes to him, I should probably know.

Thanks for listening.

Ben Barrett is offline  
Sponsored Links
Old 02-08-2010, 05:18 AM   #2
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10

One of the mods over in the security section thought this belongs here. I don't think it does, but I'm going to do it to shut him up...
I find this disrespectful to say the least. I read that post and am surprised at your less than commendable attitude to those who were trying to help you, free of charge I might add.

This is a forum dedicated to clean malware from the infected machines of home users. Since you are not asking for help to clean your system off the malware, the thread will be closed.

If you wish to change your mind and request help, please follow the instructions at our pre-posting topic to which Basementgeek has linked you and provide the requested logs.
amateur is offline  

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off

Post a Question

» Site Navigation
 > FAQ
Powered by vBadvanced CMPS v3.2.3

All times are GMT -7. The time now is 02:25 AM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts