Status
Not open for further replies.
1 - 12 of 12 Posts

#### miki

·
##### Registered
Joined
·
30 Posts
Discussion Starter · ·
running bitdefender shows disinfection failed for Infected Adware.Wheaterbug.A and many Trojan.Downloader.Agent. But running hijackthis(and analyzer) doesn't show any of these.

Seems to me the pc is still running slow so I'd like to
know if there is a problem or not. Can someone look at
the two logs and let me know if my pc is still infected or not.

Here are the specifics:

<----- bitdefender log starts here --->

//-----------------------------------------------------------------
//
// BitDefender report file
//
// Created on: 05/09/2005 07:46:41
//
//-----------------------------------------------------------------

Statistics

Scan path : C:\
Folders : 8292
Files : 356245
Archives : 9329
Packed files : 33333
Identified viruses : 5
Infected files : 62
Warnings : 0
Suspect files : 0
Disinfected files : 0
Deleted files : 0
Copied files : 0
Moved files : 0
Renamed files : 0
I/O errors : 45
Scan time : 01:42:29
Scan speed (files/sec) : 57

Virus definitions : 204765
Scan plugins : 13
Archive plugins : 39
Unpack plugins : 4
Mail plugins : 6
System plugins : 1

Scan options

Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email

[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user

Scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: vscan.log
[ ] Append to existing report

Summary:

C:\Program Files\AIM\Sysfiles\WxBug.EXE=>wise0008 Disinfection failed
C:\Program Files\AIM\Sysfiles\WxBug.EXE=>wise0008 Move failed
C:\RECYCLER\S-1-5-21-1078081533-436374069-725345543-500\Dc5\aim95.exe=>wise0034=>wise0008 Disinfection failed
C:\RECYCLER\S-1-5-21-1078081533-436374069-725345543-500\Dc5\aim95.exe=>wise0034=>wise0008 Move failed
C:\RECYCLER\S-1-5-21-1078081533-436374069-725345543-500\Dc5\Sysfiles\WxBug.EXE=>wise0008 Disinfection failed
C:\RECYCLER\S-1-5-21-1078081533-436374069-725345543-500\Dc5\Sysfiles\WxBug.EXE=>wise0008 Move failed
C:\WINDOWS\b2_t_%22BROKEN+BACKED+SHRIMP%22&465.xml=>ejbkt:$DATA Infected Trojan.Downloader.Agent.BQ C:\WINDOWS\b2_t_%22BROKEN+BACKED+SHRIMP%22&465.xml=>ejbkt:$DATA Disinfection failed
C:\WINDOWS\b2_t_%22BROKEN+BACKED+SHRIMP%22&465.xml=>ejbkt:$DATA Move failed C:\WINDOWS\b2_t_%22BROKEN+BACKED+SHRIMP%22&465.xml=>zrbw:$DATA Infected Trojan.Downloader.Agent.BC
C:\WINDOWS\b2_t_%22BROKEN+BACKED+SHRIMP%22&465.xml=>zrbw:$DATA Disinfection failed C:\WINDOWS\b2_t_%22BROKEN+BACKED+SHRIMP%22&465.xml=>zrbw:$DATA Move failed
C:\WINDOWS\b2_t_%22BROKEN+BACKED+SHRIMP%22&465.xml=>:dluwf:$DATA Infected Trojan.Downloader.Agent.BQ C:\WINDOWS\b2_t_%22BROKEN+BACKED+SHRIMP%22&465.xml=>:dluwf:$DATA Disinfection failed
C:\WINDOWS\b2_t_%22BROKEN+BACKED+SHRIMP%22&465.xml=>:dluwf:$DATA Move failed C:\WINDOWS\b2_t_%22BROKEN+BACKED+SHRIMP%22&526.xml=>:qwjezw:$DATA Infected Trojan.Downloader.Agent.BQ
C:\WINDOWS\b2_t_%22BROKEN+BACKED+SHRIMP%22&526.xml=>:qwjezw:$DATA Disinfection failed C:\WINDOWS\b2_t_%22BROKEN+BACKED+SHRIMP%22&526.xml=>:qwjezw:$DATA Move failed
C:\WINDOWS\b2_t_%22HEPTACARPUS+PICTUS%22+&335.xml=>dhqw:$DATA Infected Trojan.Downloader.Agent.BC C:\WINDOWS\b2_t_%22HEPTACARPUS+PICTUS%22+&335.xml=>dhqw:$DATA Disinfection failed
C:\WINDOWS\b2_t_%22HEPTACARPUS+PICTUS%22+&335.xml=>dhqw:$DATA Move failed C:\WINDOWS\b2_t_%22HEPTACARPUS+PICTUS%22+&573.xml=>:kqfeg:$DATA Infected Trojan.Downloader.Agent.BQ
C:\WINDOWS\b2_t_%22HEPTACARPUS+PICTUS%22+&573.xml=>:kqfeg:$DATA Disinfection failed C:\WINDOWS\b2_t_%22HEPTACARPUS+PICTUS%22+&573.xml=>:kqfeg:$DATA Move failed
C:\WINDOWS\b2_t_%22HEPTACARPUS+PICTUS%22+&891.xml=>:lyrnrc:$DATA Infected Trojan.Downloader.Agent.BQ C:\WINDOWS\b2_t_%22HEPTACARPUS+PICTUS%22+&891.xml=>:lyrnrc:$DATA Disinfection failed
C:\WINDOWS\b2_t_%22HEPTACARPUS+PICTUS%22+&891.xml=>:lyrnrc:$DATA Move failed C:\WINDOWS\b2_t_%22WANNA+GET+LOST+IN+YOUR+ROCK+AND+ROLL%22&589.xml=>:zbvus:$DATA Infected Trojan.Downloader.Agent.BQ
C:\WINDOWS\b2_t_%22WANNA+GET+LOST+IN+YOUR+ROCK+AND+ROLL%22&589.xml=>:zbvus:$DATA Disinfection failed C:\WINDOWS\b2_t_%22WANNA+GET+LOST+IN+YOUR+ROCK+AND+ROLL%22&589.xml=>:zbvus:$DATA Move failed
C:\WINDOWS\b2_t_H.%20PICTUS&638.xml=>:qggarj:$DATA Infected Trojan.Downloader.Agent.Z C:\WINDOWS\b2_t_H.%20PICTUS&638.xml=>:qggarj:$DATA Disinfection failed
C:\WINDOWS\b2_t_H.%20PICTUS&638.xml=>:qggarj:$DATA Move failed C:\WINDOWS\conscorr.ini=>:ibkemr:$DATA Infected Trojan.Downloader.Agent.BQ
C:\WINDOWS\conscorr.ini=>:ibkemr:$DATA Disinfection failed C:\WINDOWS\conscorr.ini=>:ibkemr:$DATA Move failed
C:\WINDOWS\dahotfix.log=>:vhjgdr:$DATA Infected Trojan.Downloader.Winshow.AK C:\WINDOWS\dahotfix.log=>:vhjgdr:$DATA Disinfection failed
C:\WINDOWS\dahotfix.log=>:vhjgdr:$DATA Move failed C:\WINDOWS\dahotfix.log=>:eshnmg:$DATA Infected Trojan.Downloader.Winshow.AK
C:\WINDOWS\dahotfix.log=>:eshnmg:$DATA Disinfection failed C:\WINDOWS\dahotfix.log=>:eshnmg:$DATA Move failed
C:\WINDOWS\DtcInstall.log=>:rtpdem:$DATA Infected Trojan.Downloader.Winshow.AK C:\WINDOWS\DtcInstall.log=>:rtpdem:$DATA Disinfection failed
C:\WINDOWS\DtcInstall.log=>:rtpdem:$DATA Move failed C:\WINDOWS\Gone Fishing.bmp=>ghcxi:$DATA Infected Trojan.Downloader.Agent.BC
C:\WINDOWS\Gone Fishing.bmp=>ghcxi:$DATA Disinfection failed C:\WINDOWS\Gone Fishing.bmp=>ghcxi:$DATA Move failed
C:\WINDOWS\iis6.log=>:rqxwvu:$DATA Infected Trojan.Downloader.Winshow.AK C:\WINDOWS\iis6.log=>:rqxwvu:$DATA Disinfection failed
C:\WINDOWS\iis6.log=>:rqxwvu:$DATA Move failed C:\WINDOWS\isina.log=>:ktcuke:$DATA Infected Trojan.Downloader.Winshow.AK
C:\WINDOWS\isina.log=>:ktcuke:$DATA Disinfection failed C:\WINDOWS\isina.log=>:ktcuke:$DATA Move failed
C:\WINDOWS\JCLLLIOO.ini=>:agmsgn:$DATA Infected Trojan.Downloader.Agent.BQ C:\WINDOWS\JCLLLIOO.ini=>:agmsgn:$DATA Disinfection failed
C:\WINDOWS\JCLLLIOO.ini=>:agmsgn:$DATA Move failed C:\WINDOWS\KB821557.log=>:kpqgi:$DATA Infected Trojan.Downloader.Agent.BC
C:\WINDOWS\KB821557.log=>:kpqgi:$DATA Disinfection failed C:\WINDOWS\KB821557.log=>:kpqgi:$DATA Move failed
C:\WINDOWS\KB821557.log=>:bybduu:$DATA Infected Trojan.Downloader.Winshow.AK C:\WINDOWS\KB821557.log=>:bybduu:$DATA Disinfection failed
C:\WINDOWS\KB821557.log=>:bybduu:$DATA Move failed C:\WINDOWS\KB821557.log=>:aoligj:$DATA Infected Trojan.Downloader.Agent.BQ
C:\WINDOWS\KB821557.log=>:aoligj:$DATA Disinfection failed C:\WINDOWS\KB821557.log=>:aoligj:$DATA Move failed
C:\WINDOWS\KB823182.log=>:rwrxjr:$DATA Infected Trojan.Downloader.Agent.BC C:\WINDOWS\KB823182.log=>:rwrxjr:$DATA Disinfection failed
C:\WINDOWS\KB823182.log=>:rwrxjr:$DATA Move failed C:\WINDOWS\KB823559.log=>:frsfyd:$DATA Infected Trojan.Downloader.Agent.BC
C:\WINDOWS\KB823559.log=>:frsfyd:$DATA Disinfection failed C:\WINDOWS\KB823559.log=>:frsfyd:$DATA Move failed
C:\WINDOWS\KB824141.log=>:dqbtd:$DATA Infected Trojan.Downloader.Agent.BC C:\WINDOWS\KB824141.log=>:dqbtd:$DATA Disinfection failed
C:\WINDOWS\KB824141.log=>:dqbtd:$DATA Move failed C:\WINDOWS\KB837001.log=>:mxtaqi:$DATA Infected Trojan.Downloader.Agent.BQ
C:\WINDOWS\KB837001.log=>:mxtaqi:$DATA Disinfection failed C:\WINDOWS\KB837001.log=>:mxtaqi:$DATA Move failed
C:\WINDOWS\KB839643.log=>:gjmez:$DATA Infected Trojan.Downloader.Agent.BQ C:\WINDOWS\KB839643.log=>:gjmez:$DATA Disinfection failed
C:\WINDOWS\KB839643.log=>:gjmez:$DATA Move failed C:\WINDOWS\KB873339.log=>:nsbrdu:$DATA Infected Trojan.Downloader.Winshow.AK
C:\WINDOWS\KB873339.log=>:nsbrdu:$DATA Disinfection failed C:\WINDOWS\KB873339.log=>:nsbrdu:$DATA Move failed
C:\WINDOWS\KB873376.log=>:hokgan:$DATA Infected Trojan.Downloader.Agent.Z C:\WINDOWS\KB873376.log=>:hokgan:$DATA Disinfection failed
C:\WINDOWS\KB873376.log=>:hokgan:$DATA Move failed C:\WINDOWS\KB888113.log=>dblid:$DATA Infected Trojan.Downloader.Agent.BQ
C:\WINDOWS\KB888113.log=>dblid:$DATA Disinfection failed C:\WINDOWS\KB888113.log=>dblid:$DATA Move failed
C:\WINDOWS\KB888113.log=>dbli:$DATA Infected Trojan.Downloader.Agent.BC C:\WINDOWS\KB888113.log=>dbli:$DATA Disinfection failed
C:\WINDOWS\KB888113.log=>dbli:$DATA Move failed C:\WINDOWS\KB890175.log=>:adpcpe:$DATA Infected Trojan.Downloader.Agent.BQ
C:\WINDOWS\KB890175.log=>:adpcpe:$DATA Disinfection failed C:\WINDOWS\KB890175.log=>:adpcpe:$DATA Move failed
C:\WINDOWS\KB892944.log=>:zende:$DATA Infected Trojan.Downloader.Agent.BQ C:\WINDOWS\KB892944.log=>:zende:$DATA Disinfection failed
C:\WINDOWS\KB892944.log=>:zende:$DATA Move failed C:\WINDOWS\msmqinst.log=>:gxfkgq:$DATA Infected Trojan.Downloader.Agent.BQ
C:\WINDOWS\msmqinst.log=>:gxfkgq:$DATA Disinfection failed C:\WINDOWS\msmqinst.log=>:gxfkgq:$DATA Move failed
C:\WINDOWS\ntbtlog.txt=>zolbo:$DATA Infected Trojan.Downloader.Winshow.AK C:\WINDOWS\ntbtlog.txt=>zolbo:$DATA Disinfection failed
C:\WINDOWS\ntbtlog.txt=>zolbo:$DATA Move failed C:\WINDOWS\ocgen.log=>vhqum:$DATA Infected Trojan.Downloader.Agent.BQ
C:\WINDOWS\ocgen.log=>vhqum:$DATA Disinfection failed C:\WINDOWS\ocgen.log=>vhqum:$DATA Move failed
C:\WINDOWS\ocgen.log=>:deiyi:$DATA Infected Trojan.Downloader.Agent.BQ C:\WINDOWS\ocgen.log=>:deiyi:$DATA Disinfection failed
C:\WINDOWS\ocgen.log=>:deiyi:$DATA Move failed C:\WINDOWS\Prairie Wind.bmp=>:uossmz:$DATA Infected Trojan.Downloader.Agent.BC
C:\WINDOWS\Prairie Wind.bmp=>:uossmz:$DATA Disinfection failed C:\WINDOWS\Prairie Wind.bmp=>:uossmz:$DATA Move failed
C:\WINDOWS\pss\win.ini.backup=>:ymxgse:$DATA Infected Trojan.Downloader.Agent.BC C:\WINDOWS\pss\win.ini.backup=>:ymxgse:$DATA Disinfection failed
C:\WINDOWS\pss\win.ini.backup=>:ymxgse:$DATA Move failed C:\WINDOWS\Q329048.log=>:hesxsz:$DATA Infected Trojan.Downloader.Winshow.AK
C:\WINDOWS\Q329048.log=>:hesxsz:$DATA Disinfection failed C:\WINDOWS\Q329048.log=>:hesxsz:$DATA Move failed
C:\WINDOWS\Q329441.log=>:nkhjj:$DATA Infected Trojan.Downloader.Agent.BC C:\WINDOWS\Q329441.log=>:nkhjj:$DATA Disinfection failed
C:\WINDOWS\Q329441.log=>:nkhjj:$DATA Move failed C:\WINDOWS\Q329834.log=>:wwtkn:$DATA Infected Trojan.Downloader.Agent.BC
C:\WINDOWS\Q329834.log=>:wwtkn:$DATA Disinfection failed C:\WINDOWS\Q329834.log=>:wwtkn:$DATA Move failed
C:\WINDOWS\Q329834.log=>:cynzhw:$DATA Infected Trojan.Downloader.Winshow.AK C:\WINDOWS\Q329834.log=>:cynzhw:$DATA Disinfection failed
C:\WINDOWS\Q329834.log=>:cynzhw:$DATA Move failed C:\WINDOWS\Q811630.log=>:hpedj:$DATA Infected Trojan.Downloader.Agent.BQ
C:\WINDOWS\Q811630.log=>:hpedj:$DATA Disinfection failed C:\WINDOWS\Q811630.log=>:hpedj:$DATA Move failed
C:\WINDOWS\Q813862.log=>:thoubt:$DATA Infected Trojan.Downloader.Agent.BC C:\WINDOWS\Q813862.log=>:thoubt:$DATA Disinfection failed
C:\WINDOWS\Q813862.log=>:thoubt:$DATA Move failed C:\WINDOWS\Q815021.log=>:fqwqv:$DATA Infected Trojan.Downloader.Agent.BC
C:\WINDOWS\Q815021.log=>:fqwqv:$DATA Disinfection failed C:\WINDOWS\Q815021.log=>:fqwqv:$DATA Move failed
C:\WINDOWS\Q815485.log=>:tgvtuk:$DATA Infected Trojan.Downloader.Agent.BQ C:\WINDOWS\Q815485.log=>:tgvtuk:$DATA Disinfection failed
C:\WINDOWS\Q815485.log=>:tgvtuk:$DATA Move failed C:\WINDOWS\Q816982.log=>:tgfred:$DATA Infected Trojan.Downloader.Agent.BC
C:\WINDOWS\Q816982.log=>:tgfred:$DATA Disinfection failed C:\WINDOWS\Q816982.log=>:tgfred:$DATA Move failed
C:\WINDOWS\Q817606.log=>:eftpt:$DATA Infected Trojan.Downloader.Agent.BC C:\WINDOWS\Q817606.log=>:eftpt:$DATA Disinfection failed
C:\WINDOWS\Q817606.log=>:eftpt:$DATA Move failed C:\WINDOWS\Q828026.log=>:ddbgm:$DATA Infected Trojan.Downloader.Agent.BC
C:\WINDOWS\Q828026.log=>:ddbgm:$DATA Disinfection failed C:\WINDOWS\Q828026.log=>:ddbgm:$DATA Move failed
C:\WINDOWS\Santa Fe Stucco.bmp=>:hzwnj:$DATA Infected Trojan.Downloader.Agent.BQ C:\WINDOWS\Santa Fe Stucco.bmp=>:hzwnj:$DATA Disinfection failed
C:\WINDOWS\Santa Fe Stucco.bmp=>:hzwnj:$DATA Move failed C:\WINDOWS\sessmgr.setup.log=>:visccb:$DATA Infected Trojan.Downloader.Agent.BQ
C:\WINDOWS\sessmgr.setup.log=>:visccb:$DATA Disinfection failed C:\WINDOWS\sessmgr.setup.log=>:visccb:$DATA Move failed
C:\WINDOWS\tabletoc.log=>:xbjzdv:$DATA Infected Trojan.Downloader.Agent.BQ C:\WINDOWS\tabletoc.log=>:xbjzdv:$DATA Disinfection failed
C:\WINDOWS\tabletoc.log=>:xbjzdv:$DATA Move failed C:\WINDOWS\tabletoc.log=>:uofiv:$DATA Infected Trojan.Downloader.Agent.BC
C:\WINDOWS\tabletoc.log=>:uofiv:$DATA Disinfection failed C:\WINDOWS\tabletoc.log=>:uofiv:$DATA Move failed
C:\WINDOWS\tabletoc.log=>:eyajjs:$DATA Infected Trojan.Downloader.Winshow.AK C:\WINDOWS\tabletoc.log=>:eyajjs:$DATA Disinfection failed
C:\WINDOWS\tabletoc.log=>:eyajjs:$DATA Move failed C:\WINDOWS\vnjtc.txt=>:gmwnt:$DATA Infected Trojan.Downloader.Agent.BQ
C:\WINDOWS\vnjtc.txt=>:gmwnt:$DATA Disinfection failed C:\WINDOWS\vnjtc.txt=>:gmwnt:$DATA Move failed
C:\WINDOWS\War3Unin.dat=>:fpqsk:$DATA Infected Trojan.Downloader.Agent.BQ C:\WINDOWS\War3Unin.dat=>:fpqsk:$DATA Disinfection failed
C:\WINDOWS\War3Unin.dat=>:fpqsk:$DATA Move failed C:\WINDOWS\wiaservc.log=>:isinaa:$DATA Infected Trojan.Downloader.Agent.Z
C:\WINDOWS\wiaservc.log=>:isinaa:$DATA Disinfection failed C:\WINDOWS\wiaservc.log=>:isinaa:$DATA Move failed
C:\WINDOWS\win.ini=>:ymxgse:$DATA Infected Trojan.Downloader.Agent.BC C:\WINDOWS\win.ini=>:ymxgse:$DATA Disinfection failed
C:\WINDOWS\win.ini=>:ymxgse:$DATA Move failed C:\WINDOWS\WindowsUpdate.log=>:sgerb:$DATA Infected Trojan.Downloader.Agent.BQ
C:\WINDOWS\WindowsUpdate.log=>:sgerb:$DATA Disinfection failed C:\WINDOWS\WindowsUpdate.log=>:sgerb:$DATA Move failed
C:\WINDOWS\_default.pif=>:zpctj:$DATA Infected Trojan.Downloader.Agent.BC C:\WINDOWS\_default.pif=>:zpctj:$DATA Disinfection failed
C:\WINDOWS\_default.pif=>:zpctj:\$DATA Move failed
Scanned files

< ------ bitdefender log ends here ---->

<hijackthis through Hijack This Analyzer starts here --->
====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05

***Security Programs Detected***

C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
c:\program files\softwin\bitdefender free edition\bdmcon.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 4:33:18 PM, on 9/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE
C:\hijackthis\HijackThis.exe

O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [BDMCon] C:\Program Files\Softwin\BitDefender Free Edition\\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Free Edition\\bdnagent.exe
O4 - HKLM\..\Run: [EPSON PictureMate] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE /P17 "EPSON PictureMate" /O6 "USB001" /M "PictureMate"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

End of KRC HijackThis Analyzer Log.
====================================================================

#### sUBs

·
##### TSF Security Team, Emeritus
Joined
·
26,363 Posts
Hello and Welcome to TSF!

Unless otherwise stated, they should be stored in same directory as the HiJackThis program.

CleanUp!.exe - Install

Ewido Security Suite
• Install Ewido Security Suite
• When installing, under "Additional Options" uncheck..
• Install background guard
• Install scan via context menu
• Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.
• On the left hand side of the main screen click update.
• Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.

This webpage would not be available when you're carrying out the fix. Please save the following instructions in Notepad. I have customed my instructions on the assumption that you are using Notepad. It may lead to some confusion should you choose to do otherwise.

If there's anything that you don't understand, kindly ask your questions before proceeding with the fixes. There should not be any opened browsers when you are carrying out the procedures below.

IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Next, reboot your computer in SafeMode :
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Select the first option, to run Windows in Safe Mode.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

From Control Panel->Add/Remove Programs, uninstall the following programs, if present, :
• Need2Find

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

CLOSE ALL OTHER PROGRAMS & ALL OPENED WINDOWS

Run a scan with HiJackThis & select/tick the following & click "Fix checked" :

O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Start HijackThis & Go to Config> Misc Tools > Open ADS Spy
1. Checkmark/tick - "Ignore Safe System Info Streams"
2. Click the "Scan" button
3. When it has finished scanning, checkmark/tick all that it found
4. Click the "remove selected" button

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools>Folder Options> View tab.
• Tick - Show hidden files and folder
• Untick - Hide file extensions for known types
• Untick - Hide protected operating system files
Click Yes to confirm & then click OK

Locate and delete the following folders, if present:
• C:\Program Files\Need2Find\
Locate and delete the following files:
• C:\Program Files\AIM\Sysfiles\WxBug.EXE

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider to Standard CleanUp!
3. Uncheck the following:
• Delete Newsgroup cache
[*]Delete Newsgroup Subscriptions
[*]Scan local drives for temporary files
4. Click OK
5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.
* CleanUp! will not create any backups!!

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Run Ewido with it's updated definitions...it's important that all windows must be closed)
• Click Scanner
• Click Complete System Scan to begin scanning.
• Click OK when prompted to clean files
With the first file it prompts to clean, select the option:
• "Perform action on all infections"
• .Choose clean and click OK.
Once finished, click the Save report button & save the report to your desktop

** Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

REBOOT TO NORMAL MODE

• Double-click the tmas-web-scan.exe icon
• Click "Start Scan"
After it's done scanning, click "Scan Results"
• Make sure all items found have a check next to them, then click "Clean Threats Now".
• Click Exit.
Reboot your computer. I then need you to repeat the same procedure above again... using the TrendMicro tool. I need the log from the second scan/clean...NOT the first...as this will contain what’s left in the system.

In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

1. HiJackThis
[*] Antispyware.log
[*] Ewido
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

#### miki

·
##### Registered
Joined
·
30 Posts
Discussion Starter · ·
no entry for nd2fnbar.dll in hijackthis

The instructions state
Run a scan with HiJackThis & select/tick the following & click "Fix checked" :

O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL

I did the scan but no entry for nd2fnbar.dll shows up.
Do I just skip this step and continue on with the Open ADS Spy step?

Miki

·
Joined
·
26,363 Posts

#### miki

·
##### Registered
Joined
·
30 Posts
Discussion Starter · ·
results

Have attached a zip file with results from
recommended steps above.

#### sUBs

·
##### TSF Security Team, Emeritus
Joined
·
26,363 Posts
Ermm.. where is the attachment? :4-dontkno

#### miki

·
##### Registered
Joined
·
30 Posts
let's try this again..see attachment

hope this works..I had missed hitting the "upload" button after browsing for the attachment. sorry.

Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05

***Security Programs Detected***

C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender Free Edition\bdmcon.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 9:22:50 PM, on 9/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE
C:\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [BDMCon] C:\Program Files\Softwin\BitDefender Free Edition\\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Free Edition\\bdnagent.exe
O4 - HKLM\..\Run: [EPSON PictureMate] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE /P17 "EPSON PictureMate" /O6 "USB001" /M "PictureMate"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe

End of KRC HijackThis Analyzer Log.
====================================================================

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:09:07 AM, 9/10/2005
+ Report-Checksum: 459029AC

+ Scan result:

C:\Documents and Settings\Miki Moore.MIKIHOME\Cookies\miki [email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Miki Moore.MIKIHOME\Cookies\miki [email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Miki Moore.MIKIHOME\Cookies\miki [email protected][1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Miki Moore.MIKIHOME\Cookies\miki [email protected][1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Miki Moore.MIKIHOME\Cookies\miki [email protected][1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup

::Report End

#### Attachments

• 10.8 KB Views: 38

#### sUBs

·
##### TSF Security Team, Emeritus
Joined
·
26,363 Posts
Have HijackThis Fix this:

Perform an online scan with Internet Explorer with Kaspersky WebScanner

Next Click on Launch Kaspersky Anti-Virus Web Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
• Now click on Scan Settings
• In the scan settings make that the following are selected:
• Scan using the following Anti-Virus database:
• Standard
• Scan Options:
• Scan Archives
• Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
• Now click on the Save as Text button:
• Save the file to your desktop.
Copy and paste that information in your next post along with a new HJT log

* Turn off the real time scanner of any existing antivirus program while performing the online scan

#### miki

·
##### Registered
Joined
·
30 Posts
Discussion Starter · ·
can't install Kaspersky WebScanner

I've tried to install/run Kaspersky Anti-Virus Webscanner.
It fails to install the ACtiveX component. When I click
on the "Install Active X.." it loads some stuff and then
displays the 'agreement' page again but without
the Agree/Disagree buttons at the bottom.

#### sUBs

·
##### TSF Security Team, Emeritus
Joined
·
26,363 Posts
Since Kaspersky didnt work for you, let's use Panda instead

Perform an online scan with Internet Explorer with Panda ActiveScan
1. Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
2. Click Scan Now
Begin the scan by selecting My Computer
• If it finds any malware, it will offer you a report.
• Click on see report. Then click Save report

*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan

#### miki

·
##### Registered
Joined
·
30 Posts
Discussion Starter · ·
panda results

Incident Status Location

#### Ried

·
##### TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Hello miki,

Reboot into Safe Mode.(tapping F8 or F5)

Copy the file names below to the clipboard by highlighting them and pressing Ctrl-C:

C:\WINDOWS\smdat32m.sys
C:\WINDOWS\SYSTEM32\ap2nqrd4.dat
C:\WINDOWS\SYSTEM32\bqrufs5f.dat
C:\Program Files\load vga bib\Cdrom Spam Eggs.exe
C:\RECYCLER\S-1-5-21-1078081533-436374069-725345543-500\Dc10\bdcore.dll

Start KillBox.
Go to the File menu, and choose Paste from Clipboard.
Verify that you've done this properly by clicking the dropdown-arrow next to the Full Path of File to Delete field. The filenames you pasted will be found in there.
Select/tick the following:
* Delete on Reboot
* End Explorer Shell While Killing File
* Unregister.dll Before Deleting" if it's not grayed out.
Click the RED X button.

Click [Yes] at the 'Delete on Reboot' prompt. Click [No] at the Pending Operations prompt.

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

Delete the following folders: