Tech Support banner

Status
Not open for further replies.
1 - 12 of 12 Posts

·
Registered
Joined
·
30 Posts
Discussion Starter · #1 ·
running bitdefender shows disinfection failed for Infected Adware.Wheaterbug.A and many Trojan.Downloader.Agent. But running hijackthis(and analyzer) doesn't show any of these.

Seems to me the pc is still running slow so I'd like to
know if there is a problem or not. Can someone look at
the two logs and let me know if my pc is still infected or not.


Here are the specifics:

Ran AboutBuster, Ad-aware, spybot s&d. Upgraded to xp/sp2. Ran bitdefender - vscan.log is:

<----- bitdefender log starts here --->

//-----------------------------------------------------------------
//
// BitDefender report file
//
// Created on: 05/09/2005 07:46:41
//
//-----------------------------------------------------------------


Statistics

Scan path : C:\
Folders : 8292
Files : 356245
Archives : 9329
Packed files : 33333
Identified viruses : 5
Infected files : 62
Warnings : 0
Suspect files : 0
Disinfected files : 0
Deleted files : 0
Copied files : 0
Moved files : 0
Renamed files : 0
I/O errors : 45
Scan time : 01:42:29
Scan speed (files/sec) : 57

Virus definitions : 204765
Scan plugins : 13
Archive plugins : 39
Unpack plugins : 4
Mail plugins : 6
System plugins : 1

Scan options

Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user

Scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: vscan.log
[ ] Append to existing report

Summary:

C:\Program Files\AIM\Sysfiles\WxBug.EXE=>wise0008 Infected Adware.Wheaterbug.A
C:\Program Files\AIM\Sysfiles\WxBug.EXE=>wise0008 Disinfection failed
C:\Program Files\AIM\Sysfiles\WxBug.EXE=>wise0008 Move failed
C:\RECYCLER\S-1-5-21-1078081533-436374069-725345543-500\Dc5\aim95.exe=>wise0034=>wise0008 Infected Adware.Wheaterbug.A
C:\RECYCLER\S-1-5-21-1078081533-436374069-725345543-500\Dc5\aim95.exe=>wise0034=>wise0008 Disinfection failed
C:\RECYCLER\S-1-5-21-1078081533-436374069-725345543-500\Dc5\aim95.exe=>wise0034=>wise0008 Move failed
C:\RECYCLER\S-1-5-21-1078081533-436374069-725345543-500\Dc5\Sysfiles\WxBug.EXE=>wise0008 Infected Adware.Wheaterbug.A
C:\RECYCLER\S-1-5-21-1078081533-436374069-725345543-500\Dc5\Sysfiles\WxBug.EXE=>wise0008 Disinfection failed
C:\RECYCLER\S-1-5-21-1078081533-436374069-725345543-500\Dc5\Sysfiles\WxBug.EXE=>wise0008 Move failed
C:\WINDOWS\b2_t_%22BROKEN+BACKED+SHRIMP%22&465.xml=>:pejbkt:$DATA Infected Trojan.Downloader.Agent.BQ
C:\WINDOWS\b2_t_%22BROKEN+BACKED+SHRIMP%22&465.xml=>:pejbkt:$DATA Disinfection failed
C:\WINDOWS\b2_t_%22BROKEN+BACKED+SHRIMP%22&465.xml=>:pejbkt:$DATA Move failed
C:\WINDOWS\b2_t_%22BROKEN+BACKED+SHRIMP%22&465.xml=>:eek:zrbw:$DATA Infected Trojan.Downloader.Agent.BC
C:\WINDOWS\b2_t_%22BROKEN+BACKED+SHRIMP%22&465.xml=>:eek:zrbw:$DATA Disinfection failed
C:\WINDOWS\b2_t_%22BROKEN+BACKED+SHRIMP%22&465.xml=>:eek:zrbw:$DATA Move failed
C:\WINDOWS\b2_t_%22BROKEN+BACKED+SHRIMP%22&465.xml=>:dluwf:$DATA Infected Trojan.Downloader.Agent.BQ
C:\WINDOWS\b2_t_%22BROKEN+BACKED+SHRIMP%22&465.xml=>:dluwf:$DATA Disinfection failed
C:\WINDOWS\b2_t_%22BROKEN+BACKED+SHRIMP%22&465.xml=>:dluwf:$DATA Move failed
C:\WINDOWS\b2_t_%22BROKEN+BACKED+SHRIMP%22&526.xml=>:qwjezw:$DATA Infected Trojan.Downloader.Agent.BQ
C:\WINDOWS\b2_t_%22BROKEN+BACKED+SHRIMP%22&526.xml=>:qwjezw:$DATA Disinfection failed
C:\WINDOWS\b2_t_%22BROKEN+BACKED+SHRIMP%22&526.xml=>:qwjezw:$DATA Move failed
C:\WINDOWS\b2_t_%22HEPTACARPUS+PICTUS%22+&335.xml=>:pdhqw:$DATA Infected Trojan.Downloader.Agent.BC
C:\WINDOWS\b2_t_%22HEPTACARPUS+PICTUS%22+&335.xml=>:pdhqw:$DATA Disinfection failed
C:\WINDOWS\b2_t_%22HEPTACARPUS+PICTUS%22+&335.xml=>:pdhqw:$DATA Move failed
C:\WINDOWS\b2_t_%22HEPTACARPUS+PICTUS%22+&573.xml=>:kqfeg:$DATA Infected Trojan.Downloader.Agent.BQ
C:\WINDOWS\b2_t_%22HEPTACARPUS+PICTUS%22+&573.xml=>:kqfeg:$DATA Disinfection failed
C:\WINDOWS\b2_t_%22HEPTACARPUS+PICTUS%22+&573.xml=>:kqfeg:$DATA Move failed
C:\WINDOWS\b2_t_%22HEPTACARPUS+PICTUS%22+&891.xml=>:lyrnrc:$DATA Infected Trojan.Downloader.Agent.BQ
C:\WINDOWS\b2_t_%22HEPTACARPUS+PICTUS%22+&891.xml=>:lyrnrc:$DATA Disinfection failed
C:\WINDOWS\b2_t_%22HEPTACARPUS+PICTUS%22+&891.xml=>:lyrnrc:$DATA Move failed
C:\WINDOWS\b2_t_%22WANNA+GET+LOST+IN+YOUR+ROCK+AND+ROLL%22&589.xml=>:zbvus:$DATA Infected Trojan.Downloader.Agent.BQ
C:\WINDOWS\b2_t_%22WANNA+GET+LOST+IN+YOUR+ROCK+AND+ROLL%22&589.xml=>:zbvus:$DATA Disinfection failed
C:\WINDOWS\b2_t_%22WANNA+GET+LOST+IN+YOUR+ROCK+AND+ROLL%22&589.xml=>:zbvus:$DATA Move failed
C:\WINDOWS\b2_t_H.%20PICTUS&638.xml=>:qggarj:$DATA Infected Trojan.Downloader.Agent.Z
C:\WINDOWS\b2_t_H.%20PICTUS&638.xml=>:qggarj:$DATA Disinfection failed
C:\WINDOWS\b2_t_H.%20PICTUS&638.xml=>:qggarj:$DATA Move failed
C:\WINDOWS\conscorr.ini=>:ibkemr:$DATA Infected Trojan.Downloader.Agent.BQ
C:\WINDOWS\conscorr.ini=>:ibkemr:$DATA Disinfection failed
C:\WINDOWS\conscorr.ini=>:ibkemr:$DATA Move failed
C:\WINDOWS\dahotfix.log=>:vhjgdr:$DATA Infected Trojan.Downloader.Winshow.AK
C:\WINDOWS\dahotfix.log=>:vhjgdr:$DATA Disinfection failed
C:\WINDOWS\dahotfix.log=>:vhjgdr:$DATA Move failed
C:\WINDOWS\dahotfix.log=>:eshnmg:$DATA Infected Trojan.Downloader.Winshow.AK
C:\WINDOWS\dahotfix.log=>:eshnmg:$DATA Disinfection failed
C:\WINDOWS\dahotfix.log=>:eshnmg:$DATA Move failed
C:\WINDOWS\DtcInstall.log=>:rtpdem:$DATA Infected Trojan.Downloader.Winshow.AK
C:\WINDOWS\DtcInstall.log=>:rtpdem:$DATA Disinfection failed
C:\WINDOWS\DtcInstall.log=>:rtpdem:$DATA Move failed
C:\WINDOWS\Gone Fishing.bmp=>:eek:ghcxi:$DATA Infected Trojan.Downloader.Agent.BC
C:\WINDOWS\Gone Fishing.bmp=>:eek:ghcxi:$DATA Disinfection failed
C:\WINDOWS\Gone Fishing.bmp=>:eek:ghcxi:$DATA Move failed
C:\WINDOWS\iis6.log=>:rqxwvu:$DATA Infected Trojan.Downloader.Winshow.AK
C:\WINDOWS\iis6.log=>:rqxwvu:$DATA Disinfection failed
C:\WINDOWS\iis6.log=>:rqxwvu:$DATA Move failed
C:\WINDOWS\isina.log=>:ktcuke:$DATA Infected Trojan.Downloader.Winshow.AK
C:\WINDOWS\isina.log=>:ktcuke:$DATA Disinfection failed
C:\WINDOWS\isina.log=>:ktcuke:$DATA Move failed
C:\WINDOWS\JCLLLIOO.ini=>:agmsgn:$DATA Infected Trojan.Downloader.Agent.BQ
C:\WINDOWS\JCLLLIOO.ini=>:agmsgn:$DATA Disinfection failed
C:\WINDOWS\JCLLLIOO.ini=>:agmsgn:$DATA Move failed
C:\WINDOWS\KB821557.log=>:kpqgi:$DATA Infected Trojan.Downloader.Agent.BC
C:\WINDOWS\KB821557.log=>:kpqgi:$DATA Disinfection failed
C:\WINDOWS\KB821557.log=>:kpqgi:$DATA Move failed
C:\WINDOWS\KB821557.log=>:bybduu:$DATA Infected Trojan.Downloader.Winshow.AK
C:\WINDOWS\KB821557.log=>:bybduu:$DATA Disinfection failed
C:\WINDOWS\KB821557.log=>:bybduu:$DATA Move failed
C:\WINDOWS\KB821557.log=>:aoligj:$DATA Infected Trojan.Downloader.Agent.BQ
C:\WINDOWS\KB821557.log=>:aoligj:$DATA Disinfection failed
C:\WINDOWS\KB821557.log=>:aoligj:$DATA Move failed
C:\WINDOWS\KB823182.log=>:rwrxjr:$DATA Infected Trojan.Downloader.Agent.BC
C:\WINDOWS\KB823182.log=>:rwrxjr:$DATA Disinfection failed
C:\WINDOWS\KB823182.log=>:rwrxjr:$DATA Move failed
C:\WINDOWS\KB823559.log=>:frsfyd:$DATA Infected Trojan.Downloader.Agent.BC
C:\WINDOWS\KB823559.log=>:frsfyd:$DATA Disinfection failed
C:\WINDOWS\KB823559.log=>:frsfyd:$DATA Move failed
C:\WINDOWS\KB824141.log=>:dqbtd:$DATA Infected Trojan.Downloader.Agent.BC
C:\WINDOWS\KB824141.log=>:dqbtd:$DATA Disinfection failed
C:\WINDOWS\KB824141.log=>:dqbtd:$DATA Move failed
C:\WINDOWS\KB837001.log=>:mxtaqi:$DATA Infected Trojan.Downloader.Agent.BQ
C:\WINDOWS\KB837001.log=>:mxtaqi:$DATA Disinfection failed
C:\WINDOWS\KB837001.log=>:mxtaqi:$DATA Move failed
C:\WINDOWS\KB839643.log=>:gjmez:$DATA Infected Trojan.Downloader.Agent.BQ
C:\WINDOWS\KB839643.log=>:gjmez:$DATA Disinfection failed
C:\WINDOWS\KB839643.log=>:gjmez:$DATA Move failed
C:\WINDOWS\KB873339.log=>:nsbrdu:$DATA Infected Trojan.Downloader.Winshow.AK
C:\WINDOWS\KB873339.log=>:nsbrdu:$DATA Disinfection failed
C:\WINDOWS\KB873339.log=>:nsbrdu:$DATA Move failed
C:\WINDOWS\KB873376.log=>:hokgan:$DATA Infected Trojan.Downloader.Agent.Z
C:\WINDOWS\KB873376.log=>:hokgan:$DATA Disinfection failed
C:\WINDOWS\KB873376.log=>:hokgan:$DATA Move failed
C:\WINDOWS\KB888113.log=>:pdblid:$DATA Infected Trojan.Downloader.Agent.BQ
C:\WINDOWS\KB888113.log=>:pdblid:$DATA Disinfection failed
C:\WINDOWS\KB888113.log=>:pdblid:$DATA Move failed
C:\WINDOWS\KB888113.log=>:pdbli:$DATA Infected Trojan.Downloader.Agent.BC
C:\WINDOWS\KB888113.log=>:pdbli:$DATA Disinfection failed
C:\WINDOWS\KB888113.log=>:pdbli:$DATA Move failed
C:\WINDOWS\KB890175.log=>:adpcpe:$DATA Infected Trojan.Downloader.Agent.BQ
C:\WINDOWS\KB890175.log=>:adpcpe:$DATA Disinfection failed
C:\WINDOWS\KB890175.log=>:adpcpe:$DATA Move failed
C:\WINDOWS\KB892944.log=>:zende:$DATA Infected Trojan.Downloader.Agent.BQ
C:\WINDOWS\KB892944.log=>:zende:$DATA Disinfection failed
C:\WINDOWS\KB892944.log=>:zende:$DATA Move failed
C:\WINDOWS\msmqinst.log=>:gxfkgq:$DATA Infected Trojan.Downloader.Agent.BQ
C:\WINDOWS\msmqinst.log=>:gxfkgq:$DATA Disinfection failed
C:\WINDOWS\msmqinst.log=>:gxfkgq:$DATA Move failed
C:\WINDOWS\ntbtlog.txt=>:pzolbo:$DATA Infected Trojan.Downloader.Winshow.AK
C:\WINDOWS\ntbtlog.txt=>:pzolbo:$DATA Disinfection failed
C:\WINDOWS\ntbtlog.txt=>:pzolbo:$DATA Move failed
C:\WINDOWS\ocgen.log=>:eek:vhqum:$DATA Infected Trojan.Downloader.Agent.BQ
C:\WINDOWS\ocgen.log=>:eek:vhqum:$DATA Disinfection failed
C:\WINDOWS\ocgen.log=>:eek:vhqum:$DATA Move failed
C:\WINDOWS\ocgen.log=>:deiyi:$DATA Infected Trojan.Downloader.Agent.BQ
C:\WINDOWS\ocgen.log=>:deiyi:$DATA Disinfection failed
C:\WINDOWS\ocgen.log=>:deiyi:$DATA Move failed
C:\WINDOWS\Prairie Wind.bmp=>:uossmz:$DATA Infected Trojan.Downloader.Agent.BC
C:\WINDOWS\Prairie Wind.bmp=>:uossmz:$DATA Disinfection failed
C:\WINDOWS\Prairie Wind.bmp=>:uossmz:$DATA Move failed
C:\WINDOWS\pss\win.ini.backup=>:ymxgse:$DATA Infected Trojan.Downloader.Agent.BC
C:\WINDOWS\pss\win.ini.backup=>:ymxgse:$DATA Disinfection failed
C:\WINDOWS\pss\win.ini.backup=>:ymxgse:$DATA Move failed
C:\WINDOWS\Q329048.log=>:hesxsz:$DATA Infected Trojan.Downloader.Winshow.AK
C:\WINDOWS\Q329048.log=>:hesxsz:$DATA Disinfection failed
C:\WINDOWS\Q329048.log=>:hesxsz:$DATA Move failed
C:\WINDOWS\Q329441.log=>:nkhjj:$DATA Infected Trojan.Downloader.Agent.BC
C:\WINDOWS\Q329441.log=>:nkhjj:$DATA Disinfection failed
C:\WINDOWS\Q329441.log=>:nkhjj:$DATA Move failed
C:\WINDOWS\Q329834.log=>:wwtkn:$DATA Infected Trojan.Downloader.Agent.BC
C:\WINDOWS\Q329834.log=>:wwtkn:$DATA Disinfection failed
C:\WINDOWS\Q329834.log=>:wwtkn:$DATA Move failed
C:\WINDOWS\Q329834.log=>:cynzhw:$DATA Infected Trojan.Downloader.Winshow.AK
C:\WINDOWS\Q329834.log=>:cynzhw:$DATA Disinfection failed
C:\WINDOWS\Q329834.log=>:cynzhw:$DATA Move failed
C:\WINDOWS\Q811630.log=>:hpedj:$DATA Infected Trojan.Downloader.Agent.BQ
C:\WINDOWS\Q811630.log=>:hpedj:$DATA Disinfection failed
C:\WINDOWS\Q811630.log=>:hpedj:$DATA Move failed
C:\WINDOWS\Q813862.log=>:thoubt:$DATA Infected Trojan.Downloader.Agent.BC
C:\WINDOWS\Q813862.log=>:thoubt:$DATA Disinfection failed
C:\WINDOWS\Q813862.log=>:thoubt:$DATA Move failed
C:\WINDOWS\Q815021.log=>:fqwqv:$DATA Infected Trojan.Downloader.Agent.BC
C:\WINDOWS\Q815021.log=>:fqwqv:$DATA Disinfection failed
C:\WINDOWS\Q815021.log=>:fqwqv:$DATA Move failed
C:\WINDOWS\Q815485.log=>:tgvtuk:$DATA Infected Trojan.Downloader.Agent.BQ
C:\WINDOWS\Q815485.log=>:tgvtuk:$DATA Disinfection failed
C:\WINDOWS\Q815485.log=>:tgvtuk:$DATA Move failed
C:\WINDOWS\Q816982.log=>:tgfred:$DATA Infected Trojan.Downloader.Agent.BC
C:\WINDOWS\Q816982.log=>:tgfred:$DATA Disinfection failed
C:\WINDOWS\Q816982.log=>:tgfred:$DATA Move failed
C:\WINDOWS\Q817606.log=>:eftpt:$DATA Infected Trojan.Downloader.Agent.BC
C:\WINDOWS\Q817606.log=>:eftpt:$DATA Disinfection failed
C:\WINDOWS\Q817606.log=>:eftpt:$DATA Move failed
C:\WINDOWS\Q828026.log=>:ddbgm:$DATA Infected Trojan.Downloader.Agent.BC
C:\WINDOWS\Q828026.log=>:ddbgm:$DATA Disinfection failed
C:\WINDOWS\Q828026.log=>:ddbgm:$DATA Move failed
C:\WINDOWS\Santa Fe Stucco.bmp=>:hzwnj:$DATA Infected Trojan.Downloader.Agent.BQ
C:\WINDOWS\Santa Fe Stucco.bmp=>:hzwnj:$DATA Disinfection failed
C:\WINDOWS\Santa Fe Stucco.bmp=>:hzwnj:$DATA Move failed
C:\WINDOWS\sessmgr.setup.log=>:visccb:$DATA Infected Trojan.Downloader.Agent.BQ
C:\WINDOWS\sessmgr.setup.log=>:visccb:$DATA Disinfection failed
C:\WINDOWS\sessmgr.setup.log=>:visccb:$DATA Move failed
C:\WINDOWS\tabletoc.log=>:xbjzdv:$DATA Infected Trojan.Downloader.Agent.BQ
C:\WINDOWS\tabletoc.log=>:xbjzdv:$DATA Disinfection failed
C:\WINDOWS\tabletoc.log=>:xbjzdv:$DATA Move failed
C:\WINDOWS\tabletoc.log=>:uofiv:$DATA Infected Trojan.Downloader.Agent.BC
C:\WINDOWS\tabletoc.log=>:uofiv:$DATA Disinfection failed
C:\WINDOWS\tabletoc.log=>:uofiv:$DATA Move failed
C:\WINDOWS\tabletoc.log=>:eyajjs:$DATA Infected Trojan.Downloader.Winshow.AK
C:\WINDOWS\tabletoc.log=>:eyajjs:$DATA Disinfection failed
C:\WINDOWS\tabletoc.log=>:eyajjs:$DATA Move failed
C:\WINDOWS\vnjtc.txt=>:gmwnt:$DATA Infected Trojan.Downloader.Agent.BQ
C:\WINDOWS\vnjtc.txt=>:gmwnt:$DATA Disinfection failed
C:\WINDOWS\vnjtc.txt=>:gmwnt:$DATA Move failed
C:\WINDOWS\War3Unin.dat=>:fpqsk:$DATA Infected Trojan.Downloader.Agent.BQ
C:\WINDOWS\War3Unin.dat=>:fpqsk:$DATA Disinfection failed
C:\WINDOWS\War3Unin.dat=>:fpqsk:$DATA Move failed
C:\WINDOWS\wiaservc.log=>:isinaa:$DATA Infected Trojan.Downloader.Agent.Z
C:\WINDOWS\wiaservc.log=>:isinaa:$DATA Disinfection failed
C:\WINDOWS\wiaservc.log=>:isinaa:$DATA Move failed
C:\WINDOWS\win.ini=>:ymxgse:$DATA Infected Trojan.Downloader.Agent.BC
C:\WINDOWS\win.ini=>:ymxgse:$DATA Disinfection failed
C:\WINDOWS\win.ini=>:ymxgse:$DATA Move failed
C:\WINDOWS\WindowsUpdate.log=>:sgerb:$DATA Infected Trojan.Downloader.Agent.BQ
C:\WINDOWS\WindowsUpdate.log=>:sgerb:$DATA Disinfection failed
C:\WINDOWS\WindowsUpdate.log=>:sgerb:$DATA Move failed
C:\WINDOWS\_default.pif=>:zpctj:$DATA Infected Trojan.Downloader.Agent.BC
C:\WINDOWS\_default.pif=>:zpctj:$DATA Disinfection failed
C:\WINDOWS\_default.pif=>:zpctj:$DATA Move failed
Scanned files


< ------ bitdefender log ends here ---->


<hijackthis through Hijack This Analyzer starts here --->
====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
c:\program files\softwin\bitdefender free edition\bdmcon.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 4:33:18 PM, on 9/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE
C:\hijackthis\HijackThis.exe

O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [BDMCon] C:\Program Files\Softwin\BitDefender Free Edition\\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Free Edition\\bdnagent.exe
O4 - HKLM\..\Run: [EPSON PictureMate] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE /P17 "EPSON PictureMate" /O6 "USB001" /M "PictureMate"
O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab


End of KRC HijackThis Analyzer Log.
====================================================================
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
Hello and Welcome to TSF!

Please download these additional files/programs. Do not run them untill instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.

CleanUp!.exe - Install

Ewido Security Suite
  • Install Ewido Security Suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.
  • On the left hand side of the main screen click update.
  • Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.


'UNPLUG'/DISCONNECT YOUR COMPUTER FROM THE INTERNET WHEN YOU HAVE FINISHED DOWNLOADING


This webpage would not be available when you're carrying out the fix. Please save the following instructions in Notepad. I have customed my instructions on the assumption that you are using Notepad. It may lead to some confusion should you choose to do otherwise.

If there's anything that you don't understand, kindly ask your questions before proceeding with the fixes. There should not be any opened browsers when you are carrying out the procedures below.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Next, reboot your computer in SafeMode :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


From Control Panel->Add/Remove Programs, uninstall the following programs, if present, :
  • Need2Find

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


CLOSE ALL OTHER PROGRAMS & ALL OPENED WINDOWS


Run a scan with HiJackThis & select/tick the following & click "Fix checked" :

O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Start HijackThis & Go to Config> Misc Tools > Open ADS Spy
  1. Checkmark/tick - "Ignore Safe System Info Streams"
  2. Click the "Scan" button
  3. When it has finished scanning, checkmark/tick all that it found
  4. Click the "remove selected" button

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools>Folder Options> View tab.
  • Tick - Show hidden files and folder
  • Untick - Hide file extensions for known types
  • Untick - Hide protected operating system files
Click Yes to confirm & then click OK

Locate and delete the following folders, if present:
  • C:\Program Files\Need2Find\
Locate and delete the following files:
  • C:\Program Files\AIM\Sysfiles\WxBug.EXE

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider to Standard CleanUp!
3. Uncheck the following:
  • Delete Newsgroup cache
    [*]Delete Newsgroup Subscriptions
    [*]Scan local drives for temporary files
4. Click OK
5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.
* CleanUp! will not create any backups!!


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Run Ewido with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click Complete System Scan to begin scanning.
  • Click OK when prompted to clean files
With the first file it prompts to clean, select the option:
  • "Perform action on all infections"
  • .Choose clean and click OK.
Once finished, click the Save report button & save the report to your desktop

** Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete.


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


REBOOT TO NORMAL MODE


Download Trend Micro™ Anti-Spyware (by clicking the "Scan and Clean your PC" button).
  • Double-click the tmas-web-scan.exe icon
  • It will say "Loading TrendMicro definitions".
  • Click "Start Scan"
After it's done scanning, click "Scan Results"
  • Make sure all items found have a check next to them, then click "Clean Threats Now".
  • Click Exit.
Reboot your computer. I then need you to repeat the same procedure above again... using the TrendMicro tool. I need the log from the second scan/clean...NOT the first...as this will contain what’s left in the system.

In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here.


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

In your next post, please include fresh logs from:
  1. HiJackThis
    [*] Antispyware.log
    [*] Ewido
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
 

·
Registered
Joined
·
30 Posts
Discussion Starter · #3 ·
no entry for nd2fnbar.dll in hijackthis

The instructions state
Run a scan with HiJackThis & select/tick the following & click "Fix checked" :

O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL


I did the scan but no entry for nd2fnbar.dll shows up.
Do I just skip this step and continue on with the Open ADS Spy step?

Miki
 

·
Registered
Joined
·
30 Posts
let's try this again..see attachment

hope this works..I had missed hitting the "upload" button after browsing for the attachment. sorry.

Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender Free Edition\bdmcon.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 9:22:50 PM, on 9/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE
C:\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [BDMCon] C:\Program Files\Softwin\BitDefender Free Edition\\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Free Edition\\bdnagent.exe
O4 - HKLM\..\Run: [EPSON PictureMate] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE /P17 "EPSON PictureMate" /O6 "USB001" /M "PictureMate"
O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe


End of KRC HijackThis Analyzer Log.
====================================================================


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:09:07 AM, 9/10/2005
+ Report-Checksum: 459029AC

+ Scan result:

C:\Documents and Settings\Miki Moore.MIKIHOME\Cookies\miki [email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Miki Moore.MIKIHOME\Cookies\miki [email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Miki Moore.MIKIHOME\Cookies\miki [email protected][1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Miki Moore.MIKIHOME\Cookies\miki [email protected][1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Miki Moore.MIKIHOME\Cookies\miki [email protected][1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup


::Report End
 

Attachments

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
Have HijackThis Fix this:

O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA


Perform an online scan with Internet Explorer with Kaspersky WebScanner

Next Click on Launch Kaspersky Anti-Virus Web Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:
        • Standard
      • Scan Options:
        • Scan Archives
        • Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
Copy and paste that information in your next post along with a new HJT log

* Turn off the real time scanner of any existing antivirus program while performing the online scan
 

·
Registered
Joined
·
30 Posts
Discussion Starter · #9 ·
can't install Kaspersky WebScanner

I've tried to install/run Kaspersky Anti-Virus Webscanner.
It fails to install the ACtiveX component. When I click
on the "Install Active X.." it loads some stuff and then
displays the 'agreement' page again but without
the Agree/Disagree buttons at the bottom.
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
Since Kaspersky didnt work for you, let's use Panda instead

Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
  2. Click Scan Now
  3. Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
  • Click on see report. Then click Save report
Post the contents of the report in your next reply

*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan
 

·
Registered
Joined
·
30 Posts
Discussion Starter · #11 ·
panda results

Incident Status Location

Adware:Adware/IST.ISTBar No disinfected C:\Documents and Settings\Miki Moore.MIKIHOME\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3cc46f89-3b0cf5a2.zip[InstallerApplet.class]
Adware:Adware/IST.YourSiteBar No disinfected C:\Documents and Settings\Miki Moore.MIKIHOME\Local Settings\Temporary Internet Files\Content.IE5\4PEZ4TQ7\CAA9OBYR.HTM
Adware:Adware/Lop No disinfected C:\Program Files\load vga bib\Cdrom Spam Eggs.exe
Adware:Adware/BrilliantDigitalNo disinfected C:\RECYCLER\S-1-5-21-1078081533-436374069-725345543-500\Dc10\bdcore.dll
Adware:adware/twain-tech No disinfected C:\WINDOWS\smdat32m.sys
Adware:adware/savenow No disinfected C:\WINDOWS\SYSTEM32\ap2nqrd4.dat
Adware:adware/sahagent No disinfected C:\WINDOWS\SYSTEM32\bqrufs5f.dat
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Hello miki,

Download KillBox http://www.greyknight17.com/spy/KillBox.exe.

Reboot into Safe Mode.(tapping F8 or F5)

Copy the file names below to the clipboard by highlighting them and pressing Ctrl-C:

C:\WINDOWS\smdat32m.sys
C:\WINDOWS\SYSTEM32\ap2nqrd4.dat
C:\WINDOWS\SYSTEM32\bqrufs5f.dat
C:\Program Files\load vga bib\Cdrom Spam Eggs.exe
C:\RECYCLER\S-1-5-21-1078081533-436374069-725345543-500\Dc10\bdcore.dll


Start KillBox.
Go to the File menu, and choose Paste from Clipboard.
Verify that you've done this properly by clicking the dropdown-arrow next to the Full Path of File to Delete field. The filenames you pasted will be found in there.
Select/tick the following:
* Delete on Reboot
* End Explorer Shell While Killing File
* Unregister.dll Before Deleting" if it's not grayed out.
Click the RED X button.

Click [Yes] at the 'Delete on Reboot' prompt. Click [No] at the Pending Operations prompt.

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

load vga bib

Delete the following folders:

C:\Program Files\load vga bib
C:\Documents and Settings\Miki Moore.MIKIHOME\Local Settings\Temporary Internet Files\Content.IE5\4PEZ4TQ7

Empty your Recycle Bin.

Click on Start->Settings->Control Panel->Java Plug-in and click on the Cache tab. Then click on the Clear button and hit OK.

Reboot into Normal Mode. Run another scan with Panda and post the results here along with a new HijackThis log.
 
1 - 12 of 12 Posts
Status
Not open for further replies.
Top