Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93099 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Wasted 2 Days Already


  • This topic is locked This topic is locked
123 replies to this topic

#31 MLL

MLL

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 05 June 2006 - 08:50 PM

Still no cure. Begin to think it's a virus! Here is the report: 526_620.exe\data001;C:\526_620.exe;Trojan.Popuper;; 526_620.exe\data002;C:\526_620.exe;Trojan.Popuper;; 526_620.exe;C:\;Archive contains infected objects;Moved.; wd7gi8n.exe;C:\;Trojan.DownLoader.3945;Deleted.; 526_620.exe\data001;C:\Documents and Settings\Owner\DoctorWeb\Quarantine\526_620.exe;Trojan.Popuper;; 526_620.exe\data002;C:\Documents and Settings\Owner\DoctorWeb\Quarantine\526_620.exe;Trojan.Popuper;; 526_620.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Archive contains infected objects;Moved.; Terminator.exe;C:\hp\bin;Trojan.KillApp.30208;Deleted.; NPMySrWB.dll;C:\Program Files\Mozilla Firefox\plugins;Adware.Msearch;Incurable.Moved.; NPMYSRWB.DLL;C:\Program Files\MyWebSearchWB\bar\1.bin;Adware.Msearch;Incurable.Moved.; W6PLUGIN.DLL;C:\Program Files\MyWebSearchWB\bar\1.bin;Adware.Msearch;Incurable.Moved.; A0000006.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP1;Trojan.DownLoader.6301;Deleted.; A0000007.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP1;Trojan.DownLoader.6301;Deleted.; A0000008.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP1;Trojan.DownLoader.8073;Deleted.; A0000017.ini:nmyhf;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP1;Trojan.DownLoader.1029;Deleted.; A0000180.ini:nmyhf;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP1;Trojan.DownLoader.1029;Deleted.; A0025516.ini:nmyhf;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP100;Trojan.DownLoader.1029;Deleted.; A0025537.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP100;Probably DLOADER.Trojan;Incurable.Moved.; A0025611.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP103;Trojan.DownLoader.9440;Deleted.; A0025613.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP103;Trojan.DownLoader.9440;Deleted.; A0025615.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP103;Trojan.DownLoader.9440;Deleted.; A0025622.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP103;Trojan.Click.1211;Deleted.; A0025727.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP103;BackDoor.Generic.1219;Deleted.; A0025728.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP103;BackDoor.Generic.1219;Deleted.; A0025729.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP103;Adware.Enbrow;Incurable.Moved.; A0025730.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP103;Adware.Nexus;Incurable.Moved.; A0025731.dll;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP103;Adware.NewDotNet;Incurable.Moved.; A0025740.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP103;Adware.Surfside;Incurable.Moved.; A0025757.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP103;Trojan.DownLoader.8073;Deleted.; A0025758.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP103;Trojan.DownLoader.8073;Deleted.; A0025759.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP103;Probably DLOADER.Trojan;Incurable.Moved.; A0026743.dll;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP103;Probably MULDROP.Trojan;Incurable.Moved.; A0026752.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP103;Adware.NewDotNet;Incurable.Moved.; A0026753.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP103;Adware.NewDotNet;Incurable.Moved.; A0026755.dll;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP103;Adware.NewDotNet;Incurable.Moved.; A0026840.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP104;Probably DLOADER.Trojan;Incurable.Moved.; A0026866.exe:wmmnn;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP104;Trojan.DownLoader.1029;Deleted.; A0026867.ini:nmyhf;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP104;Trojan.DownLoader.1029;Deleted.; A0026868.INI:mdnfu;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP104;Trojan.DownLoader.1029;Deleted.; A0026876.ini:ujpdu;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP104;Trojan.Feat.2;Deleted.; A0026877.INI:yzsoc;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP104;Trojan.Feat.2;Deleted.; A0026878.DLL:jmlro;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP104;Trojan.Feat.2;Deleted.; A0026881.ini:indbc;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP104;Trojan.DownLoader.568;Deleted.; A0026882.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP104;Trojan.DownLoader.10320;Incurable.Moved.; A0026884.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP104;Adware.NewDotNet;Incurable.Moved.; A0026885.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP104;Adware.DollarRevenue;Incurable.Moved.; A0026886.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP104;Adware.DollarRevenue;Incurable.Moved.; A0026887.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP104;Trojan.DownLoader.8290;Deleted.; A0026888.dll;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP104;Adware.Lc;Incurable.Moved.; A0026889.dll;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP104;Adware.Lc;Incurable.Moved.; A0026891.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP104;Adware.ZenoSearch;Incurable.Moved.; A0026916.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP105;Probably DLOADER.Trojan;Incurable.Moved.; A0027190.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Probably DLOADER.Trojan;Incurable.Moved.; A0027221.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.DownLoader.8073;Deleted.; A0027222.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.MulDrop.2785;Deleted.; A0027223.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Adware.DollarRevenue;Incurable.Moved.; A0027224.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Adware.ClickSpring;Incurable.Moved.; A0027225.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.DownLoader.5054;Deleted.; A0027227.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.DownLoader.10308;Deleted.; A0027228.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.DownLoader.10206;Deleted.; A0027229.EXE;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Adware.NewDotNet;Incurable.Moved.; A0027230.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.MulDrop.2785;Deleted.; A0027231.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.FakeSetup;Deleted.; A0027232.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.MulDrop.2785;Deleted.; A0027233.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Adware.DollarRevenue;Incurable.Moved.; A0027234.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Adware.DollarRevenue;Incurable.Moved.; A0027235.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Adware.DollarRevenue;Incurable.Moved.; A0027238.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Adware.NewDotNet;Incurable.Moved.; A0027239.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.Popuper;Deleted.; A0027241.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Adware.Enbrow;Incurable.Moved.; A0027242.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.DownLoader.5258;Deleted.; A0027243.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.DownLoader.8073;Deleted.; A0027244.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.DownLoader.8073;Deleted.; A0027245.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.DownLoader.8073;Deleted.; A0027246.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.DownLoader.8073;Deleted.; A0027247.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.DownLoader.8073;Deleted.; A0027248.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.DownLoader.8073;Deleted.; A0027249.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.DownLoader.8073;Deleted.; A0027250.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.DownLoader.8073;Deleted.; A0027251.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.DownLoader.8073;Deleted.; A0027252.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.DownLoader.8073;Deleted.; A0027253.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.DownLoader.8073;Deleted.; A0027254.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.DownLoader.8073;Deleted.; A0027255.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.DownLoader.8073;Deleted.; A0027256.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.DownLoader.8073;Deleted.; A0027257.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.DownLoader.8073;Deleted.; A0027258.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.DownLoader.8073;Deleted.; A0027259.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.DownLoader.8073;Deleted.; A0027260.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.DownLoader.8073;Deleted.; A0027261.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.DownLoader.8073;Deleted.; A0027262.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.DownLoader.8073;Deleted.; A0027264.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.DownLoader.3216;Deleted.; A0027265.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.DownLoader.8073;Deleted.; A0027266.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.DownLoader.8073;Deleted.; A0027267.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.DownLoader.3835;Deleted.; A0027268.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.DownLoader.8073;Deleted.; A0027269.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Adware.ZenoSearch;Incurable.Moved.; A0027270.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.DownLoader.8073;Deleted.; A0027271.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.DownLoader.8073;Deleted.; A0027273.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.DownLoader.8073;Deleted.; A0027274.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.DownLoader.8073;Deleted.; A0027275.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.DownLoader.8073;Deleted.; A0027276.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Adware.ZenoSearch;Incurable.Moved.; A0027277.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.DownLoader.8073;Deleted.; A0027279.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.DownLoader.8073;Deleted.; A0027280.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.DownLoader.8073;Deleted.; A0027281.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.DownLoader.8073;Deleted.; A0027282.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.DownLoader.8073;Deleted.; A0027283.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.DownLoader.8073;Deleted.; A0027284.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.DownLoader.8073;Deleted.; A0027285.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.DownLoader.8073;Deleted.; A0027286.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.DownLoader.8073;Deleted.; A0027287.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Adware.ZenoSearch;Incurable.Moved.; A0027290.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.Click.1166;Deleted.; A0027292.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP106;Trojan.Qoologic;Deleted.;

    Advertisements

Register to Remove


#32 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 05 June 2006 - 08:59 PM

Do a search for 526_620.exe and delete all found.

Most found are in System Restore so lets clean that out also:

Note: This will remove all previous Restore Points

Turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn it back on.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Remove the Check Turn off System Restore.
Click Apply, and then click OK.

Lets see if that helps.

I'm headed to bed so will take this up tomorrow after work.

Edited by LDTate, 05 June 2006 - 09:02 PM.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#33 MLL

MLL

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 05 June 2006 - 09:10 PM

Search did not produce any 526_620.exe files. (Hidden Files search also) I'll go ahead and clean out System Restore and see what happens. Thanks for a long day, LDTate. Have a good night!

Edited by MLL, 05 June 2006 - 09:13 PM.


#34 MLL

MLL

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 06 June 2006 - 06:10 AM

Good Morning. Followed instructions in post#32. Rebooted and turned System Restore back ON. Computer appears to be normal for a good 10 minutes...nothing happened. Started browsing using Firefox....Google main page, MSN.com and then Amazon.com........pop ups reappeared!!!! :rant2: Unplugged network connections and rebooted to Safe mode. Ran SpySweeper. Found all sorts of infections. Save log. Running DrWeb. Almost done. Many files like A0007574.exe where there is no Action taken. Previous file 526_620.exe has changed to 526_6200.exe Are they mutating? Planning to do a Search for 526_6200.exe in Safe Mode and delete. Can I do a generic search like A00* and delete all exe and .dll files? There so many variants of A00*****.exe listed as Trojan.Popupers. Thanks. ****DrWeb scan completed. Moved Incurables. Saved report and rebooted to Safe Mode again. ****Searched for 526_6200.exe file. None found. Searched for 526_620* Found 526_6201.exe. Deleted it. Emptied Recycle Bin and rebooted to Safe Mode again.

Edited by MLL, 06 June 2006 - 06:26 AM.


#35 MLL

MLL

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 06 June 2006 - 06:32 AM

Here is the log from 2nd SpySweeper scan last night in Safe Mode: ******** 10:13 PM: | Start of Session, Monday, June 05, 2006 | 10:13 PM: Spy Sweeper started 10:13 PM: Sweep initiated using definitions version 691 10:13 PM: Starting Memory Sweep 10:15 PM: Memory Sweep Complete, Elapsed Time: 00:01:02 10:15 PM: Starting Registry Sweep 10:15 PM: Registry Sweep Complete, Elapsed Time:00:00:15 10:15 PM: Starting Cookie Sweep 10:15 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00 10:15 PM: Starting File Sweep 10:16 PM: Found Trojan Horse: trojan downloader matcash 10:16 PM: a0026882.exe (ID = 294587) 10:16 PM: Found Adware: visfx 10:16 PM: a0027293.exe (ID = 244295) 10:16 PM: Found Adware: enbrowser 10:16 PM: a0025729.exe (ID = 270029) 10:16 PM: Found Adware: clkoptimizer 10:16 PM: a0025730.exe (ID = 271215) 10:16 PM: Found Adware: surfsidekick 10:16 PM: a0026743.dll (ID = 302237) 10:16 PM: Found Adware: dollarrevenue 10:16 PM: a0026885.exe (ID = 302233) 10:16 PM: Found Trojan Horse: trojan-downloader-ac2 10:16 PM: a0026888.dll (ID = 276222) 10:16 PM: a0026889.dll (ID = 276222) 10:16 PM: Found Adware: zenosearchassistant 10:16 PM: a0026891.exe (ID = 293) 10:16 PM: Found Adware: purityscan 10:16 PM: a0027224.exe (ID = 296574) 10:16 PM: a0027233.exe (ID = 302231) 10:16 PM: a0027234.exe (ID = 302232) 10:16 PM: a0027235.exe (ID = 302233) 10:16 PM: a0027241.exe (ID = 244277) 10:16 PM: a0027276.exe (ID = 293) 10:16 PM: a0027287.exe (ID = 301896) 10:20 PM: a0027294.exe (ID = 270029) 10:20 PM: a0027299.exe (ID = 300281) 10:41 PM: File Sweep Complete, Elapsed Time: 00:26:32 10:41 PM: Full Sweep has completed. Elapsed time 00:27:58 10:41 PM: Traces Found: 18 10:52 PM: Removal process initiated 10:52 PM: Quarantining All Traces: clkoptimizer 10:52 PM: Quarantining All Traces: purityscan 10:52 PM: Quarantining All Traces: trojan downloader matcash 10:52 PM: Quarantining All Traces: visfx 10:52 PM: Quarantining All Traces: dollarrevenue 10:52 PM: Quarantining All Traces: enbrowser 10:52 PM: Quarantining All Traces: surfsidekick 10:52 PM: Quarantining All Traces: trojan-downloader-ac2 10:52 PM: Quarantining All Traces: zenosearchassistant 10:52 PM: Removal process completed. Elapsed time 00:00:07 ******** 10:12 PM: | Start of Session, Monday, June 05, 2006 | 10:12 PM: Spy Sweeper started 10:12 PM: Sweep initiated using definitions version 691 10:12 PM: Starting Memory Sweep 10:13 PM: Sweep Canceled 10:13 PM: Memory Sweep Complete, Elapsed Time: 00:00:47 10:13 PM: Traces Found: 0 10:13 PM: | End of Session, Monday, June 05, 2006 | ******** 10:00 PM: | Start of Session, Monday, June 05, 2006 | 10:00 PM: Spy Sweeper started 10:00 PM: Sweep initiated using definitions version 691 10:00 PM: Starting Memory Sweep 10:01 PM: Sweep Canceled 10:01 PM: Memory Sweep Complete, Elapsed Time: 00:00:23 10:01 PM: Traces Found: 0 ******** 2:11 PM: | Start of Session, Monday, June 05, 2006 | 2:11 PM: Spy Sweeper started 2:11 PM: Sweep initiated using definitions version 691 2:11 PM: Starting Memory Sweep 2:14 PM: Memory Sweep Complete, Elapsed Time: 00:03:07 2:14 PM: Starting Registry Sweep 2:14 PM: Found Adware: apropos 2:14 PM: HKLM\software\aprps\ (2 subtraces) (ID = 103741) 2:14 PM: Found Adware: coolwebsearch (cws) 2:14 PM: HKCR\clsid\{6ee714d9-32a7-986a-b54e-a994f454edd3}\ (2 subtraces) (ID = 107303) 2:14 PM: HKLM\software\classes\clsid\{6ee714d9-32a7-986a-b54e-a994f454edd3}\ (2 subtraces) (ID = 108691) 2:14 PM: Found Adware: cws-aboutblank 2:14 PM: HKCR\clsid\{8f6c5de9-fddf-569a-0a0f-fef0e3957f0f}\ (2 subtraces) (ID = 113181) 2:14 PM: HKLM\software\classes\clsid\{8f6c5de9-fddf-569a-0a0f-fef0e3957f0f}\ (2 subtraces) (ID = 114762) 2:14 PM: Found Adware: cws_ns3 2:14 PM: HKCR\clsid\{30d83f56-da50-b817-ef00-1deb557b32f8}\ (2 subtraces) (ID = 118125) 2:14 PM: HKCR\clsid\{8669abb2-7410-3460-f449-e119dca24cc4}\ (4 subtraces) (ID = 118546) 2:14 PM: HKLM\software\classes\clsid\{30d83f56-da50-b817-ef00-1deb557b32f8}\ (2 subtraces) (ID = 119994) 2:14 PM: HKLM\software\classes\clsid\{8669abb2-7410-3460-f449-e119dca24cc4}\ (4 subtraces) (ID = 120392) 2:14 PM: Found Adware: purityscan 2:14 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\conflict.1\mediaticketsinstaller.ocx (ID = 139075) 2:14 PM: Found Adware: screensavers 2:14 PM: HKLM\software\screensavers.com\ (14 subtraces) (ID = 140569) 2:14 PM: Found Adware: enbrowser 2:14 PM: HKLM\software\system\sysold\ (2 subtraces) (ID = 926808) 2:14 PM: Found Adware: command 2:14 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\0000\ (6 subtraces) (ID = 1016064) 2:14 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\ (8 subtraces) (ID = 1016072) 2:14 PM: Found Adware: marketscore 2:14 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{2cbd1bb3-9ac7-4d7f-9023-8a3e8dfb841a}\ (12 subtraces) (ID = 1141383) 2:14 PM: Found Adware: linkmaker 2:14 PM: HKCR\fseytdc.ariaqudok\ (3 subtraces) (ID = 1180460) 2:14 PM: HKCR\fseytdc.yvakt\ (3 subtraces) (ID = 1180468) 2:14 PM: HKLM\software\classes\fseytdc.ariaqudok\ (3 subtraces) (ID = 1180510) 2:14 PM: HKLM\software\classes\fseytdc.yvakt\ (3 subtraces) (ID = 1180518) 2:14 PM: HKU\S-1-5-21-3151056399-85685617-3384630467-1003\software\system\sysuid\ (1 subtraces) (ID = 731748) 2:14 PM: Registry Sweep Complete, Elapsed Time:00:00:15 2:14 PM: Starting Cookie Sweep 2:14 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00 2:14 PM: Starting File Sweep 2:19 PM: Found Trojan Horse: trojan-dropper-agenthl 2:19 PM: vsl03.exe (ID = 297448) 2:19 PM: vsl05.exe (ID = 299775) 2:21 PM: pf78.exe (ID = 244430) 2:22 PM: jiub5f27y.hhy (ID = 276229) 2:27 PM: Found Adware: targetsaver 2:27 PM: class-barrel (ID = 78229) 2:32 PM: vocabulary (ID = 78283) 2:41 PM: Found Adware: directrevenue-abetterinternet 2:41 PM: belt.inf (ID = 83154) 2:41 PM: backup-20060605-101804-258.inf (ID = 74756) 2:41 PM: Found Adware: java byteverify 2:41 PM: classload.jar-1f8050ce-6aa381c3.zip (ID = 64823) 2:42 PM: File Sweep Complete, Elapsed Time: 00:27:33 2:42 PM: Full Sweep has completed. Elapsed time 00:31:01 2:42 PM: Traces Found: 106 2:43 PM: Removal process initiated 2:43 PM: Quarantining All Traces: cws_ns3 2:43 PM: Quarantining All Traces: cws-aboutblank 2:43 PM: Quarantining All Traces: directrevenue-abetterinternet 2:43 PM: Quarantining All Traces: purityscan 2:43 PM: Quarantining All Traces: apropos 2:43 PM: Quarantining All Traces: coolwebsearch (cws) 2:43 PM: Quarantining All Traces: enbrowser 2:43 PM: Quarantining All Traces: linkmaker 2:43 PM: Quarantining All Traces: marketscore 2:43 PM: Quarantining All Traces: trojan-dropper-agenthl 2:43 PM: Quarantining All Traces: command 2:43 PM: Quarantining All Traces: java byteverify 2:43 PM: Quarantining All Traces: screensavers 2:43 PM: Quarantining All Traces: targetsaver 2:44 PM: Removal process completed. Elapsed time 00:01:01 3:00 PM: The Spy Communication shield has blocked access to: paypopup.com 3:00 PM: The Spy Communication shield has blocked access to: paypopup.com 3:00 PM: The Spy Communication shield has blocked access to: paypopup.com 3:00 PM: The Spy Communication shield has blocked access to: paypopup.com 3:01 PM: The Spy Communication shield has blocked access to: paypopup.com 3:01 PM: The Spy Communication shield has blocked access to: paypopup.com 3:01 PM: The Spy Communication shield has blocked access to: paypopup.com 3:01 PM: The Spy Communication shield has blocked access to: paypopup.com 3:01 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com 3:01 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com 3:01 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com 3:01 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com 3:01 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com 3:01 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com 3:01 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com 3:01 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com 3:35 PM: The Spy Communication shield has blocked access to: count.exitexchange.com 3:35 PM: The Spy Communication shield has blocked access to: count.exitexchange.com 3:35 PM: The Spy Communication shield has blocked access to: count.exitexchange.com 3:35 PM: The Spy Communication shield has blocked access to: count.exitexchange.com 3:53 PM: The Spy Communication shield has blocked access to: paypopup.com 3:53 PM: The Spy Communication shield has blocked access to: paypopup.com 3:53 PM: The Spy Communication shield has blocked access to: paypopup.com 3:53 PM: The Spy Communication shield has blocked access to: paypopup.com 3:53 PM: The Spy Communication shield has blocked access to: paypopup.com 3:53 PM: The Spy Communication shield has blocked access to: paypopup.com 3:53 PM: The Spy Communication shield has blocked access to: paypopup.com 3:53 PM: The Spy Communication shield has blocked access to: paypopup.com 4:39 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com 4:39 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com 4:39 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com 4:39 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com 4:39 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com 4:39 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com 4:39 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com 4:39 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com 4:53 PM: The Spy Communication shield has blocked access to: count.exitexchange.com 4:53 PM: The Spy Communication shield has blocked access to: count.exitexchange.com 4:53 PM: The Spy Communication shield has blocked access to: count.exitexchange.com 4:53 PM: The Spy Communication shield has blocked access to: count.exitexchange.com 5:21 PM: The Spy Communication shield has blocked access to: count.exitexchange.com 5:21 PM: The Spy Communication shield has blocked access to: count.exitexchange.com 5:21 PM: The Spy Communication shield has blocked access to: count.exitexchange.com 5:21 PM: The Spy Communication shield has blocked access to: count.exitexchange.com 5:21 PM: The Spy Communication shield has blocked access to: count.exitexchange.com 5:21 PM: The Spy Communication shield has blocked access to: count.exitexchange.com 5:21 PM: The Spy Communication shield has blocked access to: count.exitexchange.com 5:21 PM: The Spy Communication shield has blocked access to: count.exitexchange.com 5:44 PM: The Spy Communication shield has blocked access to: count.exitexchange.com 5:44 PM: The Spy Communication shield has blocked access to: count.exitexchange.com 5:44 PM: The Spy Communication shield has blocked access to: count.exitexchange.com 5:44 PM: The Spy Communication shield has blocked access to: count.exitexchange.com 6:07 PM: The Spy Communication shield has blocked access to: count.exitexchange.com 6:07 PM: The Spy Communication shield has blocked access to: count.exitexchange.com 6:07 PM: The Spy Communication shield has blocked access to: count.exitexchange.com 6:07 PM: The Spy Communication shield has blocked access to: count.exitexchange.com 6:18 PM: The Spy Communication shield has blocked access to: count.exitexchange.com 6:18 PM: The Spy Communication shield has blocked access to: count.exitexchange.com 6:18 PM: The Spy Communication shield has blocked access to: count.exitexchange.com 6:18 PM: The Spy Communication shield has blocked access to: count.exitexchange.com 6:30 PM: The Spy Communication shield has blocked access to: count.exitexchange.com 6:30 PM: The Spy Communication shield has blocked access to: count.exitexchange.com 6:30 PM: The Spy Communication shield has blocked access to: count.exitexchange.com 6:30 PM: The Spy Communication shield has blocked access to: count.exitexchange.com 6:53 PM: The Spy Communication shield has blocked access to: count.exitexchange.com 6:53 PM: The Spy Communication shield has blocked access to: count.exitexchange.com 6:53 PM: The Spy Communication shield has blocked access to: count.exitexchange.com 6:53 PM: The Spy Communication shield has blocked access to: count.exitexchange.com ******** 2:08 PM: | Start of Session, Monday, June 05, 2006 | 2:08 PM: Spy Sweeper started 2:10 PM: Your spyware definitions have been updated. 2:11 PM: | End of Session, Monday, June 05, 2006 |

#36 MLL

MLL

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 06 June 2006 - 06:35 AM

Here is the report from Dr.Web after second scan in Safe Mode 10 minutes ago: 526_6200.exe\data001;C:\Documents and Settings\Owner\DoctorWeb\Quarantine\526_6200.exe;Trojan.Popuper;; 526_6200.exe\data002;C:\Documents and Settings\Owner\DoctorWeb\Quarantine\526_6200.exe;Trojan.Popuper;; 526_6200.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Archive contains infected objects;Moved.; A0007574.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Probably DLOADER.Trojan;Incurable.Moved.; A0007647.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Probably DLOADER.Trojan;Incurable.Moved.; A0007657.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Probably DLOADER.Trojan;Incurable.Moved.; A0008657.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Probably DLOADER.Trojan;Incurable.Moved.; A0008710.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Probably DLOADER.Trojan;Incurable.Moved.; A0008723.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Probably DLOADER.Trojan;Incurable.Moved.; A0009108.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Probably DLOADER.Trojan;Incurable.Moved.; A0010102.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Probably DLOADER.Trojan;Incurable.Moved.; A0010288.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Probably DLOADER.Trojan;Incurable.Moved.; A0010310.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Probably DLOADER.Trojan;Incurable.Moved.; A0010320.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Probably DLOADER.Trojan;Incurable.Moved.; A0010653.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Probably DLOADER.Trojan;Incurable.Moved.; A0010968.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Probably DLOADER.Trojan;Incurable.Moved.; A0013152.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Probably DLOADER.Trojan;Incurable.Moved.; A0013238.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Probably DLOADER.Trojan;Incurable.Moved.; A0014238.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Probably DLOADER.Trojan;Incurable.Moved.; A0017522.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Probably DLOADER.Trojan;Incurable.Moved.; A0018528.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Probably DLOADER.Trojan;Incurable.Moved.; A0018933.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Probably DLOADER.Trojan;Incurable.Moved.; A0019933.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Probably DLOADER.Trojan;Incurable.Moved.; A0020933.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Probably DLOADER.Trojan;Incurable.Moved.; A0021252.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Probably DLOADER.Trojan;Incurable.Moved.; A0021297.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Probably DLOADER.Trojan;Incurable.Moved.; A0021323.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Probably DLOADER.Trojan;Incurable.Moved.; A0021795.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Probably DLOADER.Trojan;Incurable.Moved.; A0022469.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Probably DLOADER.Trojan;Incurable.Moved.; A0023414.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Probably DLOADER.Trojan;Incurable.Moved.; A0024408.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Probably DLOADER.Trojan;Incurable.Moved.; A0024430.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Probably DLOADER.Trojan;Incurable.Moved.; A0025430.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Probably DLOADER.Trojan;Incurable.Moved.; A0025442.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Probably DLOADER.Trojan;Incurable.Moved.; A0025537.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Probably DLOADER.Trojan;Incurable.Moved.; A0025619.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Adware.DollarRevenue;Incurable.Moved.; A0025731.dll;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Adware.NewDotNet;Incurable.Moved.; A0025740.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Adware.Surfside;Incurable.Moved.; A0025759.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Probably DLOADER.Trojan;Incurable.Moved.; A0026752.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Adware.NewDotNet;Incurable.Moved.; A0026753.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Adware.NewDotNet;Incurable.Moved.; A0026755.dll;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Adware.NewDotNet;Incurable.Moved.; A0026840.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Probably DLOADER.Trojan;Incurable.Moved.; A0026884.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Adware.NewDotNet;Incurable.Moved.; A0026886.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Adware.DollarRevenue;Incurable.Moved.; A0026916.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Probably DLOADER.Trojan;Incurable.Moved.; A0027190.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Probably DLOADER.Trojan;Incurable.Moved.; A0027223.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Adware.DollarRevenue;Incurable.Moved.; A0027229.EXE;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Adware.NewDotNet;Incurable.Moved.; A0027238.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Adware.NewDotNet;Incurable.Moved.; A0027269.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Adware.ZenoSearch;Incurable.Moved.; A0028588.exe\data001;C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0028588.exe;Trojan.Popuper;; A0028588.exe\data002;C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0028588.exe;Trojan.Popuper;; A0028588.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Archive contains infected objects;Moved.; NPMYSRW0.DLL;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Adware.Msearch;Incurable.Moved.; NPMySrWB.dll;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Adware.Msearch;Incurable.Moved.; uinst_cp.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Adware.CasProg;Incurable.Moved.; W6PLUGIN.DLL;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Adware.Msearch;Incurable.Moved.; A0000004.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP1;Adware.Nexus;Incurable.Moved.; A0000005.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP1;Adware.ClickSpring;Incurable.Moved.; A0000006.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP1;Trojan.DownLoader.10320;Incurable.Moved.; A0000007.exe\data001;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP1\A0000007.exe;Trojan.Popuper;; A0000007.exe\data002;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP1\A0000007.exe;Trojan.Popuper;; A0000007.exe\data004;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP1\A0000007.exe;Trojan.Dyfuca;; A0000007.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP1;Archive contains infected objects;Moved.; A0000008.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP1;Adware.DollarRevenue;Incurable.Moved.; A0000009.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP1;Adware.DollarRevenue;Incurable.Moved.; A0000010.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP1;Adware.DollarRevenue;Incurable.Moved.; A0000011.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP1;Adware.DollarRevenue;Incurable.Moved.; A0000012.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP1;Adware.Enbrow;Incurable.Moved.; A0000013.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP1;Adware.Enbrow;Incurable.Moved.; A0000014.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP1;Adware.Enbrow;Incurable.Moved.; A0000015.dll;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP1;Probably MULDROP.Trojan;Incurable.Moved.; A0000016.dll;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP1;Adware.Lc;Incurable.Moved.; A0000017.dll;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP1;Adware.Lc;Incurable.Moved.; A0000018.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP1;Adware.ZenoSearch;Incurable.Moved.; A0000019.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP1;Adware.ZenoSearch;Incurable.Moved.; A0000020.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP1;Adware.ZenoSearch;Incurable.Moved.; A0000021.exe;C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP1;Adware.ZenoSearch;Incurable.Moved.;

#37 MLL

MLL

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 06 June 2006 - 06:59 AM

Hi LDTate, I complete a Search for A00*****.exe files. Found them all quarantined. Deleted, Emptied Recycle Bin and Rebooted in Safe Mode. Awaiting instructions before rebooting to Normal Mode and reconnecting network.

#38 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 06 June 2006 - 10:40 AM

I'm still at work, but I'd delete these folders:526_6200.exe\data001

data001
data002

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#39 MLL

MLL

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 06 June 2006 - 01:04 PM

Sorry to bother you at work, LDTate. Just reply to me when you get home. I can wait. Still in Safe Mode with network disconnected. Couldn't find the 2 files you named. How about these from the Dr.Web sweep? NPMYSRW0.DLL;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Adware.Msearch;Incurable.Moved.; NPMySrWB.dll;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Adware.Msearch;Incurable.Moved.; uinst_cp.exe;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Adware.CasProg;Incurable.Moved.; W6PLUGIN.DLL;C:\Documents and Settings\Owner\DoctorWeb\Quarantine;Adware.Msearch;Incurable.Moved.;

#40 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 06 June 2006 - 03:06 PM

Open C:\Documents and Settings\Owner\DoctorWeb\Quarantine\ <--Delete all files in the folder. Now reboot normal and lets see what happens.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

    Advertisements

Register to Remove


#41 MLL

MLL

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 06 June 2006 - 03:37 PM

Not good. Deleted quarantined files and emptied Recycle Bin. Rebooted and pop ups re-appeared. Now I have a window at the top left corner I cannot close! And the ads keep changing in that window. What next?

#42 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 06 June 2006 - 03:41 PM

Lets look at what's in the startup. click Start> Run> type in Msconfig tap enter key. look in the Startup. List everything there and point out which ones have a check next to it.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#43 MLL

MLL

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 06 June 2006 - 03:52 PM

All have checks. Sorry, cannot copy and paste. TINTSETP TINTSETP nwiz KHost KBD IMJPMIG hpsysdrv hpztsb05 hkcmd S3tray2 ps2 winpatrol ItunesHelper UnlockerAssistant Spysweeper rundll32 ctfmon msnmsgr Adobeamma Loader.exe Adobe Reader Speed Launch Device Dectector 3 NkbMonitor.exe NkvMon.exe

#44 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 06 June 2006 - 03:59 PM

All look OK there

I've never seen this happen before :scratch:

Download this one and let me know if it finds anything.
RootkitRevealer
http://www.sysintern...itRevealer.html

When it's done, go to file->save
save the logfile to the desktop, and then paste the contents here.

Edited by LDTate, 06 June 2006 - 04:00 PM.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#45 MLL

MLL

    Authentic Member

  • Authentic Member
  • PipPip
  • 70 posts

Posted 06 June 2006 - 04:27 PM

Not sure if you wanted me to uncheck Hide Standard NTFS Metadata files under Options but I did. Here is the report: C:\$AttrDef 11/16/2002 2:56 AM 2.50 KB Hidden from Windows API. C:\$BadClus 11/16/2002 2:56 AM 0 bytes Hidden from Windows API. C:\$BadClus:$Bad 11/16/2002 2:56 AM 13.68 GB Hidden from Windows API. C:\$Bitmap 11/16/2002 2:56 AM 1.64 MB Hidden from Windows API. C:\$Boot 11/16/2002 2:56 AM 8.00 KB Hidden from Windows API. C:\$Extend 11/16/2002 2:56 AM 0 bytes Hidden from Windows API. C:\$Extend\$ObjId 11/16/2002 2:57 AM 0 bytes Hidden from Windows API. C:\$Extend\$Quota 11/16/2002 2:57 AM 0 bytes Hidden from Windows API. C:\$Extend\$Reparse 11/16/2002 2:57 AM 0 bytes Hidden from Windows API. C:\$LogFile 11/16/2002 2:56 AM 64.00 MB Hidden from Windows API. C:\$MFT 11/16/2002 2:56 AM 85.51 MB Hidden from Windows API. C:\$MFTMirr 11/16/2002 2:56 AM 4.00 KB Hidden from Windows API. C:\$Secure 11/16/2002 2:56 AM 0 bytes Hidden from Windows API. C:\$UpCase 11/16/2002 2:56 AM 128.00 KB Hidden from Windows API. C:\$Volume 11/16/2002 2:56 AM 0 bytes Hidden from Windows API. D: 0 bytes Error mounting volume H:\$AttrDef 4/2/2006 7:23 PM 2.50 KB Hidden from Windows API. H:\$BadClus 4/2/2006 7:23 PM 0 bytes Hidden from Windows API. H:\$BadClus:$Bad 4/2/2006 7:23 PM 186.31 GB Hidden from Windows API. H:\$Bitmap 4/2/2006 7:23 PM 5.82 MB Hidden from Windows API. H:\$Boot 4/2/2006 7:23 PM 8.00 KB Hidden from Windows API. H:\$Extend 4/2/2006 7:23 PM 0 bytes Hidden from Windows API. H:\$Extend\$ObjId 4/2/2006 7:23 PM 0 bytes Hidden from Windows API. H:\$Extend\$Quota 4/2/2006 7:23 PM 0 bytes Hidden from Windows API. H:\$Extend\$Reparse 4/2/2006 7:23 PM 0 bytes Hidden from Windows API. H:\$LogFile 4/2/2006 7:23 PM 64.00 MB Hidden from Windows API. H:\$MFT 4/2/2006 7:23 PM 5.14 MB Hidden from Windows API. H:\$MFTMirr 4/2/2006 7:23 PM 4.00 KB Hidden from Windows API. H:\$Secure 4/2/2006 7:23 PM 0 bytes Hidden from Windows API. H:\$UpCase 4/2/2006 7:23 PM 128.00 KB Hidden from Windows API. H:\$Volume 4/2/2006 7:23 PM 0 bytes Hidden from Windows API.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users