Edited by mp62, 22 June 2006 - 06:10 PM.
mp62
#16
Posted 22 June 2006 - 06:09 PM
Register to Remove
#17
Posted 23 June 2006 - 08:51 AM
Does this file exist? Can you navigate and find it?
To me it seemed that Killbox should have captured it, but the Kapersky scan still showed it as present down at the bottom of the scans you posted. Now Avenger gives an error-- it is as though the file does not exist.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gdnUS2218.exe
Let's try a different scan.
======
Panda Active Scan
Please go to Panda ActiveScan.
Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Free TrendMicro Housecall scan:
You'll need to use Internet Explorer or Netscape browsers to run this scan.
Vist the TrendMicro Housecall website.
- Select your country from the drop-down list and click "Go".
- Choose "Yes" at the ActiveX Security Warning prompt.
- Please wait while the Housecall engine is updated.
- Select the drives to be scanned by placing a check in their respective boxes.
- Check the "Auto Clean" box.
- Click "SCAN" in order to begin scanning your system.
- Please be patient while Housecall scans your system for malicious files.
- If not auto-cleaned, remove anything it finds.
- Click "Close" to exit the Housecall scanner.
- Choose "Yes" at the HouseCall message prompt.
Edited by Susan528, 23 June 2006 - 08:54 AM.
Proud member of ASAP since 2005
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Come join us in the Class Room and learn how.
#18
Posted 24 June 2006 - 09:34 AM
Incident Status Location
Adware:adware/emediacodec Not disinfected C:\Documents and Settings\All Users\Desktop\Security Troubleshooting.url
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.2o7.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.com.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Peel Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.peel.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.atwola.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.ccbill.com/]
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.entrepreneur.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.anm.co.uk/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.go.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.ath.belnk.com/]
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.ct.360i.com/]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.tickle.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Mike\Cookies\mike@2o7[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Mike\Cookies\mike@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Mike\Cookies\mike@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Mike\Cookies\mike@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Mike\Cookies\mike@doubleclick[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Mike\Cookies\mike@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Mike\Cookies\mike@perf.overture[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Mike\Cookies\mike@serving-sys[2].txt
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\Mike\Desktop\PopularScreenSaversFFSetup2.0.3.26.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Mike\Desktop\SmitfraudFix\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Mike\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/SpywareQuake Not disinfected C:\Documents and Settings\Mike\Local Settings\Temp\temp.fr6CA9\Spyware-Quake.exe
===============================================================
Trend Micro Before Cleaning:
===================================================================
ADWARE_OSKAEDUCATIONALSYSTEMS
1 Infections
Transfering information about this grayware/spyware...
General information about this type of grayware/spyware.
There is currently no more information available for this grayware/spyware...
General information about this type of grayware/spyware.
Aliasnames: no more aliase names known
Platform: Not specified
First occurence: Not specified
General risk rate Very lowLowMediumHigh
General information about this type of grayware/spyware.
Some infections of this grayware/spyware could not be removed automatically!
Click here to receive instructions on how to remove this type of infection manually.
Cleanup options Clean all detected infections automatically
Select an individual action for each detected infection
Files infected by this grayware/spywareSelecting this line will take no action on the infection Selecting this column will clean the infectionWarning: Selecting this column will delete the infection (e.g. the infected file) from your hard diskFiles infected by this grayware/spywareThis will display all the files infected by the above grayware/malware.ReasonThis column indicates the reason why cleanup failed.The system denied access to the fileThe current pattern does not support cleanup
ADWARE_ISTBAR
1 Infections
Transfering information about this grayware/spyware...
General information about this type of grayware/spyware.
There is currently no more information available for this grayware/spyware...
General information about this type of grayware/spyware.
This adware is a plugin that can monitor or manipulate a user's Internet activity, usually posing as a toolbar or a search aid in the Internet browser. It modifies the r...
Aliasnames: Adware-ISTBar (McAfee); Adware.Istbar (Symantec); Trojan-Downloader.JS.IstBar.k, Trojan-Downloader.JS.IstBar.ai (Kaspersky); Win32/Startpage.OU trojan, Win32/SillyDL.3328!Trojan, Win32/Startpage.JS trojan (CAV)
Platform: Not specified
First occurence: Not specified
General risk rate Very lowLowMediumHigh
General information about this type of grayware/spyware.
This adware is a plugin that can monitor or manipulate a user's Internet activity, usually posing as a toolbar or a search aid in the Internet browser. It modifies the registry to be able to run at every Windows startup.
It either has a deceptive, or it does not have, an End-User License Agreement (EULA).
This adware modifies Internet security settings (such as the Trusted and Restricted sites), as well as Internet browser settings (such as the start and search pages).
It adds unwanted shortcuts, favorites, or icons on the affected system or an Internet browser.
It also generates pop-up advertisements and has the ability to retrieve and install additional adware or spyware on the affected system.
Furthermore, this adware creates dial-up settings without a user's knowledge or consent.
Some infections of this grayware/spyware could not be removed automatically!
Click here to receive instructions on how to remove this type of infection manually.
Cleanup options Clean all detected infections automatically
Select an individual action for each detected infection
Files infected by this grayware/spywareSelecting this line will take no action on the infection Selecting this column will clean the infectionWarning: Selecting this column will delete the infection (e.g. the infected file) from your hard diskFiles infected by this grayware/spywareThis will display all the files infected by the above grayware/malware.ReasonThis column indicates the reason why cleanup failed.The system denied access to the fileThe current pattern does not support cleanup
ADWARE_ZAPCHAST
1 Infections
Transfering information about this grayware/spyware...
General information about this type of grayware/spyware.
There is currently no more information available for this grayware/spyware...
General information about this type of grayware/spyware.
This adware generates pop-up advertisements.
Aliasnames: Trojan-Downloader.Win32.Zlob.IG (Ikarus)
Platform: Not specified
First occurence: Not specified
General risk rate Very lowLowMediumHigh
General information about this type of grayware/spyware.
This adware generates pop-up advertisements.
Some infections of this grayware/spyware could not be removed automatically!
Click here to receive instructions on how to remove this type of infection manually.
Cleanup options Clean all detected infections automatically
Select an individual action for each detected infection
Files infected by this grayware/spywareSelecting this line will take no action on the infection Selecting this column will clean the infectionWarning: Selecting this column will delete the infection (e.g. the infected file) from your hard diskFiles infected by this grayware/spywareThis will display all the files infected by the above grayware/malware.ReasonThis column indicates the reason why cleanup failed.The system denied access to the fileThe current pattern does not support cleanup
ADWARE_FUNWEBPRODUCTS
1 Infections
Transfering information about this grayware/spyware...
General information about this type of grayware/spyware.
There is currently no more information available for this grayware/spyware...
General information about this type of grayware/spyware.
Aliasnames: no more aliase names known
Platform: Not specified
First occurence: Not specified
General risk rate Very lowLowMediumHigh
General information about this type of grayware/spyware.
Some infections of this grayware/spyware could not be removed automatically!
Click here to receive instructions on how to remove this type of infection manually.
Cleanup options Clean all detected infections automatically
Select an individual action for each detected infection
Files infected by this grayware/spywareSelecting this line will take no action on the infection Selecting this column will clean the infectionWarning: Selecting this column will delete the infection (e.g. the infected file) from your hard diskFiles infected by this grayware/spywareThis will display all the files infected by the above grayware/malware.ReasonThis column indicates the reason why cleanup failed.The system denied access to the fileThe current pattern does not support cleanup
TSPY_PUPER
1 Infections
Transfering information about this grayware/spyware...
General information about this type of grayware/spyware.
There is currently no more information available for this grayware/spyware...
General information about this type of grayware/spyware.
Aliasnames: no more aliase names known
Platform: Not specified
First occurence: Not specified
General risk rate Very lowLowMediumHigh
General information about this type of grayware/spyware.
Some infections of this grayware/spyware could not be removed automatically!
Click here to receive instructions on how to remove this type of infection manually.
Cleanup options Clean all detected infections automatically
Select an individual action for each detected infection
Files infected by this grayware/spywareSelecting this line will take no action on the infection Selecting this column will clean the infectionWarning: Selecting this column will delete the infection (e.g. the infected file) from your hard diskFiles infected by this grayware/spywareThis will display all the files infected by the above grayware/malware.ReasonThis column indicates the reason why cleanup failed.The system denied access to the fileThe current pattern does not support cleanup
SPYWARE_TRAK_VISLOG.210
1 Infections
Transfering information about this grayware/spyware...
General information about this type of grayware/spyware.
There is currently no more information available for this grayware/spyware...
General information about this type of grayware/spyware.
Aliasnames: no more aliase names known
Platform: Not specified
First occurence: Not specified
General risk rate Very lowLowMediumHigh
General information about this type of grayware/spyware.
Some infections of this grayware/spyware could not be removed automatically!
Click here to receive instructions on how to remove this type of infection manually.
Cleanup options Clean all detected infections automatically
Select an individual action for each detected infection
Files infected by this grayware/spywareSelecting this line will take no action on the infection Selecting this column will clean the infectionWarning: Selecting this column will delete the infection (e.g. the infected file) from your hard diskFiles infected by this grayware/spywareThis will display all the files infected by the above grayware/malware.ReasonThis column indicates the reason why cleanup failed.The system denied access to the fileThe current pattern does not support cleanup
ADWARE_BHO_MYWAY
1 Infections
Transfering information about this grayware/spyware...
General information about this type of grayware/spyware.
There is currently no more information available for this grayware/spyware...
General information about this type of grayware/spyware.
This adware is a plugin that can monitor or manipulate a user's Internet activity, usually posing as a toolbar or a search aid in the Internet browser.
Aliasnames: MySearch, Adware-MWS (NAI); AdWare.ToolBar.MyWay.B (Ikarus)
Platform: Windows
First occurence: Not specified
General risk rate Very lowLowMediumHigh
General information about this type of grayware/spyware.
This adware is a plugin that can monitor or manipulate a user's Internet activity, usually posing as a toolbar or a search aid in the Internet browser.
Some infections of this grayware/spyware could not be removed automatically!
Click here to receive instructions on how to remove this type of infection manually.
Cleanup options Clean all detected infections automatically
Select an individual action for each detected infection
Files infected by this grayware/spywareSelecting this line will take no action on the infection Selecting this column will clean the infectionWarning: Selecting this column will delete the infection (e.g. the infected file) from your hard diskFiles infected by this grayware/spywareThis will display all the files infected by the above grayware/malware.ReasonThis column indicates the reason why cleanup failed.The system denied access to the fileThe current pattern does not support cleanup
ADWARE_IBIS.WEBSEARCH
1 Infections
Transfering information about this grayware/spyware...
General information about this type of grayware/spyware.
There is currently no more information available for this grayware/spyware...
General information about this type of grayware/spyware.
This adware generates pop-up advertisements.
Aliasnames: no more aliase names known
Platform: Not specified
First occurence: Not specified
General risk rate Very lowLowMediumHigh
General information about this type of grayware/spyware.
This adware generates pop-up advertisements.
Some infections of this grayware/spyware could not be removed automatically!
Click here to receive instructions on how to remove this type of infection manually.
Cleanup options Clean all detected infections automatically
Select an individual action for each detected infection
Files infected by this grayware/spywareSelecting this line will take no action on the infection Selecting this column will clean the infectionWarning: Selecting this column will delete the infection (e.g. the infected file) from your hard diskFiles infected by this grayware/spywareThis will display all the files infected by the above grayware/malware.ReasonThis column indicates the reason why cleanup failed.The system denied access to the fileThe current pattern does not support cleanup
DIALER_DIALERPLATFORM
1 Infections
Transfering information about this grayware/spyware...
General information about this type of grayware/spyware.
There is currently no more information available for this grayware/spyware...
General information about this type of grayware/spyware.
This dialer generates pop-up advertisements. It also creates dial-up settings without the user's permission or intervention.
Aliasnames: Win32/Porndial.G.Trojan (PestPatrol); Win32:Trojan-gen. Other (Alwil); Dialer.22.U (Grisoft)
Platform: Not specified
First occurence: Not specified
General risk rate Very lowLowMediumHigh
General information about this type of grayware/spyware.
This dialer generates pop-up advertisements. It also creates dial-up settings without the user's permission or intervention.
Some infections of this grayware/spyware could not be removed automatically!
Click here to receive instructions on how to remove this type of infection manually.
Cleanup options Clean all detected infections automatically
Select an individual action for each detected infection
Files infected by this grayware/spywareSelecting this line will take no action on the infection Selecting this column will clean the infectionWarning: Selecting this column will delete the infection (e.g. the infected file) from your hard diskFiles infected by this grayware/spywareThis will display all the files infected by the above grayware/malware.ReasonThis column indicates the reason why cleanup failed.The system denied access to the fileThe current pattern does not support cleanup
ADW_WEBSEARCH.T
1 Infections
Transfering information about this grayware/spyware...
General information about this type of grayware/spyware.
There is currently no more information available for this grayware/spyware...
General information about this type of grayware/spyware.
This adware installs itself as a Browser Helper Object (BHO) to enable itself to run automatically whenever an Internet Explorer (IE) browser is opened. When an affected...
Aliasnames: no more aliase names known
Platform: Windows 95, 98, ME, NT, 2000, XP
First occurence: Not specified
General risk rate Very lowLowMediumHigh
General information about this type of grayware/spyware.
This adware installs itself as a Browser Helper Object (BHO) to enable itself to run automatically whenever an Internet Explorer (IE) browser is opened. When an affected user inputs an invalid URL in the IE browser, the connection is redirected to the following search engine Web site:
http://www.mywebsearch.com/
It installs components, which include programs that display advertisements based on the user's Internet browsing habits.
Some infections of this grayware/spyware could not be removed automatically!
Click here to receive instructions on how to remove this type of infection manually.
Cleanup options Clean all detected infections automatically
Select an individual action for each detected infection
Files infected by this grayware/spywareSelecting this line will take no action on the infection Selecting this column will clean the infectionWarning: Selecting this column will delete the infection (e.g. the infected file) from your hard diskFiles infected by this grayware/spywareThis will display all the files infected by the above grayware/malware.ReasonThis column indicates the reason why cleanup failed.The system denied access to the fileThe current pattern does not support cleanup
TITLE_OF_GRAYWARE
0 Infections
Transfering information about this grayware/spyware...
General information about this type of grayware/spyware.
There is currently no more information available for this grayware/spyware...
General information about this type of grayware/spyware.
Aliasnames: no more aliase names known
Platform: Not specified
First occurence: Not specified
General risk rate Very lowLowMediumHigh
General information about this type of grayware/spyware.
Some infections of this grayware/spyware could not be removed automatically!
Click here to receive instructions on how to remove this type of infection manually.
Cleanup options Clean all detected infections automatically
Select an individual action for each detected infection
Files infected by this grayware/spywareSelecting this line will take no action on the infection Selecting this column will clean the infectionWarning: Selecting this column will delete the infection (e.g. the infected file) from your hard diskFiles infected by this grayware/spywareThis will display all the files infected by the above grayware/malware.ReasonThis column indicates the reason why cleanup failed.The system denied access to the fileThe current pattern does not support cleanup
HTTP cookies
8 Detected
Cookies are generally used to save user-specific data from Internet transactions with a Web server via a browser. The cookies listed below are "profiling cookies" that are only used to monitor your Internet usage.
Cleanup options Remove all detected cookies
Select individual action for each detected cookie
Keep this cookieRemove this cookieCookiesThe cookies displayed here are classified as potentially malicious.ReasonThis column indicates the reason why cleanup failed.The system denied access to the cookieThe current pattern does not support removal
Detected vulnerabilities
ASP.NET Path Validation Vulnerability (887219)
Transfering more information about this vulnerability...
An error occured while trying to retrieve more information about this vulnerability. There is currently no more information available.
A vulnerability in ASP.NET allows an attacker to bypass the security of an ASP.NET Web site, and access a machine. The attacker gains unauthorized access to some areas of the said...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft .NET Framework 1.0
Microsoft .NET Framework 1.1
Malware exploiting this vulnerability: unknown
A vulnerability in ASP.NET allows an attacker to bypass the security of an ASP.NET Web site, and access a machine. The attacker gains unauthorized access to some areas of the said Web site, and is able to control it accordingly. The actions that the attacker could take would depend on the specific content being protected.
More information about this vulnerability and its elimination.
Vulnerabilities in Microsoft Word May Lead to Remote Code Execution (890169)
Transfering more information about this vulnerability...
An error occured while trying to retrieve more information about this vulnerability. There is currently no more information available.
This update resolves two newly-discovered vulnerabilities in Microsoft Word that could allow an attacker to run arbitrary code on a users system. If a user is logged on with administrative p...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Office Word 2003
Microsoft Word 2000
Microsoft Word 2002
Microsoft Works Suite 2001
Microsoft Works Suite 2002
Microsoft Works Suite 2003
Microsoft Works Suite 2004
Malware exploiting this vulnerability: unknown
This update resolves two newly-discovered vulnerabilities in Microsoft Word that could allow an attacker to run arbitrary code on a users system. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges.
More information about this vulnerability and its elimination.
Vulnerability in TNEF Decoding in Microsoft Outlook and Microsoft Exchange Could Allow Remote Code Execution (902412)
Transfering more information about this vulnerability...
An error occured while trying to retrieve more information about this vulnerability. There is currently no more information available.
This update resolves a newly-discovered, privately-reported vulnerability that can allow a remote malicious user to run arbitrary codes on an affected system. A vulnerability that exi...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Exchange 2000 Server Service Pack 3
Microsoft Exchange Server 5.0 Service Pack 2
Microsoft Exchange Server 5.5 Service Pack 4
Microsoft Office 2000
Microsoft Office 2000 Service Pack 3
Microsoft Office 2003
Microsoft Office 2003 Service Pack 1
Microsoft Office XP
Microsoft Office XP Service Pack 3
Microsoft Outlook 2000
Microsoft Outlook 2002
Malware exploiting this vulnerability: unknown
This update resolves a newly-discovered, privately-reported vulnerability that can allow a remote malicious user to run arbitrary codes on an affected system. A vulnerability that exists in Microsoft Outlook and Microsoft Exchange Server allows remote code execution because of the way they decode the Transport Neutral Encapsulation Format (TNEF) in the MIME attachment.
More information about this vulnerability and its elimination.
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (905413)
Transfering more information about this vulnerability...
An error occured while trying to retrieve more information about this vulnerability. There is currently no more information available.
If a user is logged on with administrative user rights on vulnerable versions of Microsoft Office, a malicious user who successfully exploits this vulnerability may take com...
==================================================================
Trend Micro After Cleaning:
==================================================================
Detected grayware/spyware
Note: Complete removal of the grayware listed below failed! If you require general hints and tips to solve the problem, please click here. Grayware specific information is available from the relevant grayware section.
ADWARE_IBIS.WEBSEARCH
1 Infections
Transfering information about this grayware/spyware...
General information about this type of grayware/spyware.
There is currently no more information available for this grayware/spyware...
General information about this type of grayware/spyware.
This adware generates pop-up advertisements.
Aliasnames: no more aliase names known
Platform: Not specified
First occurence: Not specified
General risk rate Very lowLowMediumHigh
General information about this type of grayware/spyware.
This adware generates pop-up advertisements.
Some infections of this grayware/spyware could not be removed automatically!
Click here to receive instructions on how to remove this type of infection manually.
Cleanup options Clean all detected infections automatically
Select an individual action for each detected infection
Files infected by this grayware/spywareSelecting this line will take no action on the infection Selecting this column will clean the infectionWarning: Selecting this column will delete the infection (e.g. the infected file) from your hard diskFiles infected by this grayware/spywareThis will display all the files infected by the above grayware/malware.ReasonThis column indicates the reason why cleanup failed.The system denied access to the fileThe current pattern does not support cleanup
TITLE_OF_GRAYWARE
0 Infections
Transfering information about this grayware/spyware...
General information about this type of grayware/spyware.
There is currently no more information available for this grayware/spyware...
General information about this type of grayware/spyware.
Aliasnames: no more aliase names known
Platform: Not specified
First occurence: Not specified
General risk rate Very lowLowMediumHigh
General information about this type of grayware/spyware.
Some infections of this grayware/spyware could not be removed automatically!
Click here to receive instructions on how to remove this type of infection manually.
Cleanup options Clean all detected infections automatically
Select an individual action for each detected infection
Files infected by this grayware/spywareSelecting this line will take no action on the infection Selecting this column will clean the infectionWarning: Selecting this column will delete the infection (e.g. the infected file) from your hard diskFiles infected by this grayware/spywareThis will display all the files infected by the above grayware/malware.ReasonThis column indicates the reason why cleanup failed.The system denied access to the fileThe current pattern does not support cleanup
Detected vulnerabilities
ASP.NET Path Validation Vulnerability (887219)
Transfering more information about this vulnerability...
An error occured while trying to retrieve more information about this vulnerability. There is currently no more information available.
A vulnerability in ASP.NET allows an attacker to bypass the security of an ASP.NET Web site, and access a machine. The attacker gains unauthorized access to some areas of the said...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft .NET Framework 1.0
Microsoft .NET Framework 1.1
Malware exploiting this vulnerability: unknown
A vulnerability in ASP.NET allows an attacker to bypass the security of an ASP.NET Web site, and access a machine. The attacker gains unauthorized access to some areas of the said Web site, and is able to control it accordingly. The actions that the attacker could take would depend on the specific content being protected.
More information about this vulnerability and its elimination.
Vulnerabilities in Microsoft Word May Lead to Remote Code Execution (890169)
Transfering more information about this vulnerability...
An error occured while trying to retrieve more information about this vulnerability. There is currently no more information available.
This update resolves two newly-discovered vulnerabilities in Microsoft Word that could allow an attacker to run arbitrary code on a users system. If a user is logged on with administrative p...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Office Word 2003
Microsoft Word 2000
Microsoft Word 2002
Microsoft Works Suite 2001
Microsoft Works Suite 2002
Microsoft Works Suite 2003
Microsoft Works Suite 2004
Malware exploiting this vulnerability: unknown
This update resolves two newly-discovered vulnerabilities in Microsoft Word that could allow an attacker to run arbitrary code on a users system. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges.
More information about this vulnerability and its elimination.
Vulnerability in TNEF Decoding in Microsoft Outlook and Microsoft Exchange Could Allow Remote Code Execution (902412)
Transfering more information about this vulnerability...
An error occured while trying to retrieve more information about this vulnerability. There is currently no more information available.
This update resolves a newly-discovered, privately-reported vulnerability that can allow a remote malicious user to run arbitrary codes on an affected system. A vulnerability that exi...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Exchange 2000 Server Service Pack 3
Microsoft Exchange Server 5.0 Service Pack 2
Microsoft Exchange Server 5.5 Service Pack 4
Microsoft Office 2000
Microsoft Office 2000 Service Pack 3
Microsoft Office 2003
Microsoft Office 2003 Service Pack 1
Microsoft Office XP
Microsoft Office XP Service Pack 3
Microsoft Outlook 2000
Microsoft Outlook 2002
Malware exploiting this vulnerability: unknown
This update resolves a newly-discovered, privately-reported vulnerability that can allow a remote malicious user to run arbitrary codes on an affected system. A vulnerability that exists in Microsoft Outlook and Microsoft Exchange Server allows remote code execution because of the way they decode the Transport Neutral Encapsulation Format (TNEF) in the MIME attachment.
More information about this vulnerability and its elimination.
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (905413)
Transfering more information about this vulnerability...
An error occured while trying to retrieve more information about this vulnerability. There is currently no more information available.
If a user is logged on with administrative user rights on vulnerable versions of Microsoft Office, a malicious user who successfully exploits this vulnerability may take com...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Excel 2000
Microsoft Excel 2002
Microsoft Excel 2003
Microsoft Excel 2003 Viewer
Microsoft Excel 2004 for Mac
Microsoft Excel X for Mac
Microsoft Office 2000 Multilingual User Interface Packs
Microsoft Office 2000 Service Pack 3
Microsoft Office 2003 Service Pack 1
Microsoft Office 2003 Service Pack 2
Microsoft Office 2004 for Mac
Microsoft Office X for Mac
Microsoft Office XP Multilingual User Interface Packs
Microsoft Office XP Service Pack 3
Microsoft Outlook 2000
Microsoft Outlook 2002
Microsoft Word 2000
Microsoft Word 2002
Microsoft Works Suite 2000
Microsoft Works Suite 2001
Microsoft Works Suite 2002
Microsoft Works Suite 2003
Microsoft Works Suite 2004
Microsoft Works Suite 2005
Microsoft Works Suite 2006
Microsoft PowerPoint 2000
Microsoft PowerPoint 2002
Malware exploiting this vulnerability: unknown
If a user is logged on with administrative user rights on vulnerable versions of Microsoft Office, a malicious user who successfully exploits this vulnerability may take complete control of the client workstation. The malicious user may then install programs; view, change, or delete data; or create new accounts with full user rights. Users with fewer user rights on the system based on their accounts could be less impacted than users with administrative user rights.
More information about this vulnerability and its elimination.
TITLE_OF_VULNERABILITY
Transfering more information about this vulnerability...
An error occured while trying to retrieve more information about this vulnerability. There is currently no more information available.
More information about this vulnerability and its elimination.
Affected programs and services: unknown
Malware exploiting this vulnerability: unknown
More information about this vulnerability and its elimination.
Port: is accessible
Transfering more information about this port...
An error occured while trying to retrieve more information about this port. There is currently no more information available.
Standard services over this port: Unknown
Malware exploiting this port: Unknown
Clean now » Removes all infections found on your machine, according to the options selected.
#19
Posted 26 June 2006 - 04:25 AM
Thank you for the scans. I am not sure what Trend Micro cleaned. But let's do this.
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
- Double-click ATF-Cleaner.exe to run the program.
- Under Main choose: Select All
- Click the Empty Selected button.
- Click Firefox at the top and choose:Select All
- Click the Empty Selected button.
- NOTE: If you would like to keep your saved passwords, please click
- No at the prompt.
- Click Opera at the top and choose: Select All
- Click the Empty Selected button.
- NOTE:If you would like to keep your saved passwords, please click No at the prompt.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
=========================
Don't know if this was removed or not.
MyWay Removal
Open ‘Add/Remove Programs’ in the Control Panel.
- Select the ‘My Search Bar’ (MySearch variant), ‘MyWay Speed Bar’ (MyWay) or ‘My Web Search Bar’ (MyWeb) entry
- Click ‘Remove’.
- For the MyWeb variant, be sure to also remove ‘Fun Web Products Easy Installer’
- Open My Computer, Drive C, and double-click on the Program Files folder
- Right-click and delete the folders for:
FunWebProducts
MyWebSearch
Reboot into Safe Mode: please see here if you are not sure how to do this.
Maybe these files were cleaned and do not exist anymore but please do this and check.
Using Windows Explorer, locate the following files/folders (if they exist), and delete them:
C:\Documents and Settings\All Users\Desktop\Security Troubleshooting.url<=file
C:\Documents and Settings\Mike\Desktop\PopularScreenSaversFFSetup2.0.3.26.exe<=file
C:\Documents and Settings\Mike\Local Settings\Temp\temp.fr6CA9\Spyware-Quake.exe<=file
Exit Explorer, and reboot as normal afterwards.
Please go ahead and repeat the Panda scan and the Trend Micro and reply with the results. Let's see if there are differences in results.
Also please post (reply) with a hijackthis log.
Proud member of ASAP since 2005
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Come join us in the Class Room and learn how.
#20
Posted 26 June 2006 - 08:47 PM
Incident Status Location
Adware:adware/emediacodec Not disinfected c:\program files\Media-Codec
Potentially unwanted tool:application/funweb Not disinfected hkey_current_user\software\Fun Web Products
Adware:adware/powerscan Not disinfected Windows Registry
Adware:adware/surfaccuracy Not disinfected Windows Registry
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.tickle.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.com.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.belnk.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.sexlist.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[data.coremetrics.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Peel Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.peel.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.atwola.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.ccbill.com/]
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.entrepreneur.com/]
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.anm.co.uk/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.ath.belnk.com/]
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\9wnm0pz8.default\cookies.txt[.ct.360i.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Mike\Cookies\mike@atdmt[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Mike\Cookies\mike@doubleclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Mike\Cookies\mike@mediaplex[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Mike\Desktop\SmitfraudFix\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Mike\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Spyware:Cookie/bravenetA Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq16B.tmp
Spyware:Cookie/Humanclick Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17A.tmp
Spyware:Cookie/DomainSponsor Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17A9.tmp
Spyware:Cookie/Maxserving Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq182.tmp
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq188.tmp
Spyware:Cookie/Hypercount Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A6B.tmp
Spyware:Cookie/bravenetA Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq34.tmp
Spyware:Cookie/FortuneCity Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAD45.tmp
Spyware:Cookie/Maxserving Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAD47.tmp
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAD49.tmp
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\RECYCLER\S-1-5-21-1417001333-1303643608-839522115-1003\Dc2.exe
Potentially unwanted tool:Application/Restart Not disinfected C:\WINDOWS\system32\Tools\Restart.exe
Virus:Trj/Brospy.D Disinfected Local Folders\Inbox\YOUR ACCOUNT LIMITED\PE-901-449-020.jpg.exe
Virus:Trj/Tixeno.A Disinfected Local Folders\Inbox\YOUR ACCOUNT LIMITED\PE-901-449-020.jpg.exe
Cleaned cookies and deleted files before running Trend Micro, which follows.
============================================================
Trend Micro Results June 26
Detected vulnerabilities
ASP.NET Path Validation Vulnerability (887219)
Transfering more information about this vulnerability...
An error occured while trying to retrieve more information about this vulnerability. There is currently no more information available.
A vulnerability in ASP.NET allows an attacker to bypass the security of an ASP.NET Web site, and access a machine. The attacker gains unauthorized access to some areas of the said...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft .NET Framework 1.0
Microsoft .NET Framework 1.1
Malware exploiting this vulnerability: unknown
A vulnerability in ASP.NET allows an attacker to bypass the security of an ASP.NET Web site, and access a machine. The attacker gains unauthorized access to some areas of the said Web site, and is able to control it accordingly. The actions that the attacker could take would depend on the specific content being protected.
More information about this vulnerability and its elimination.
Vulnerabilities in Microsoft Word May Lead to Remote Code Execution (890169)
Transfering more information about this vulnerability...
An error occured while trying to retrieve more information about this vulnerability. There is currently no more information available.
This update resolves two newly-discovered vulnerabilities in Microsoft Word that could allow an attacker to run arbitrary code on a users system. If a user is logged on with administrative p...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Office Word 2003
Microsoft Word 2000
Microsoft Word 2002
Microsoft Works Suite 2001
Microsoft Works Suite 2002
Microsoft Works Suite 2003
Microsoft Works Suite 2004
Malware exploiting this vulnerability: unknown
This update resolves two newly-discovered vulnerabilities in Microsoft Word that could allow an attacker to run arbitrary code on a users system. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges.
More information about this vulnerability and its elimination.
Vulnerability in TNEF Decoding in Microsoft Outlook and Microsoft Exchange Could Allow Remote Code Execution (902412)
Transfering more information about this vulnerability...
An error occured while trying to retrieve more information about this vulnerability. There is currently no more information available.
This update resolves a newly-discovered, privately-reported vulnerability that can allow a remote malicious user to run arbitrary codes on an affected system. A vulnerability that exi...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Exchange 2000 Server Service Pack 3
Microsoft Exchange Server 5.0 Service Pack 2
Microsoft Exchange Server 5.5 Service Pack 4
Microsoft Office 2000
Microsoft Office 2000 Service Pack 3
Microsoft Office 2003
Microsoft Office 2003 Service Pack 1
Microsoft Office XP
Microsoft Office XP Service Pack 3
Microsoft Outlook 2000
Microsoft Outlook 2002
Malware exploiting this vulnerability: unknown
This update resolves a newly-discovered, privately-reported vulnerability that can allow a remote malicious user to run arbitrary codes on an affected system. A vulnerability that exists in Microsoft Outlook and Microsoft Exchange Server allows remote code execution because of the way they decode the Transport Neutral Encapsulation Format (TNEF) in the MIME attachment.
More information about this vulnerability and its elimination.
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (905413)
Transfering more information about this vulnerability...
An error occured while trying to retrieve more information about this vulnerability. There is currently no more information available.
If a user is logged on with administrative user rights on vulnerable versions of Microsoft Office, a malicious user who successfully exploits this vulnerability may take com...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Excel 2000
Microsoft Excel 2002
Microsoft Excel 2003
Microsoft Excel 2003 Viewer
Microsoft Excel 2004 for Mac
Microsoft Excel X for Mac
Microsoft Office 2000 Multilingual User Interface Packs
Microsoft Office 2000 Service Pack 3
Microsoft Office 2003 Service Pack 1
Microsoft Office 2003 Service Pack 2
Microsoft Office 2004 for Mac
Microsoft Office X for Mac
Microsoft Office XP Multilingual User Interface Packs
Microsoft Office XP Service Pack 3
Microsoft Outlook 2000
Microsoft Outlook 2002
Microsoft Word 2000
Microsoft Word 2002
Microsoft Works Suite 2000
Microsoft Works Suite 2001
Microsoft Works Suite 2002
Microsoft Works Suite 2003
Microsoft Works Suite 2004
Microsoft Works Suite 2005
Microsoft Works Suite 2006
Microsoft PowerPoint 2000
Microsoft PowerPoint 2002
Malware exploiting this vulnerability: unknown
If a user is logged on with administrative user rights on vulnerable versions of Microsoft Office, a malicious user who successfully exploits this vulnerability may take complete control of the client workstation. The malicious user may then install programs; view, change, or delete data; or create new accounts with full user rights. Users with fewer user rights on the system based on their accounts could be less impacted than users with administrative user rights.
More information about this vulnerability and its elimination.
=================================================================
Hijack This
Logfile of HijackThis v1.99.1
Scan saved at 10:36:42 PM, on 6/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O3 - Toolbar: Video Professor Stay on Top - {56879C4B-B0B1-447C-9FDF-259F70BE9F76} - C:\Program Files\VideoProfessorStayOnTop\VPExplorerExtensions.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {701DC9DC-ACD5-4E94-85E3-F3F1ED68611A} (CWebClientCtl Object) - http://download.palt...ebclientctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://cdn.digitalci...illama/ampx.cab
O16 - DPF: {BD4C7EDB-A392-11D9-8BFB-0040953018D7} (PhaseCaster Widget) - http://www.streamerp...iles/phasex.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
#21
Posted 27 June 2006 - 08:52 AM
Reboot into Safe Mode: please see here if you are not sure how to do this.
Using Windows Explorer, locate the following files/folders, and delete them:
c:\program files\Media-Codec
Exit Explorer,
Empty your recycle bin
reboot as normal afterwards.
STEP 1.
======
Regscan
Please download RegScan.
Within RegScan.zip you will find the file regscan.vbs
You may have to allow this script to run or disable anti-spyware again in order for it to run.
A window will open titled RegFinder.vbs and you will see place to input search terms.
Please enter the search terms:
powerscan
After the search has completed a window titled Results.txt will open.
Please save the results and post in your next reply.
Please repeat the above for the following search terms:
Surfaccuracy
Fun Web Products
Please show all files for your system.
You will need to reverse this process when all steps are done.
Submit File to Jotti
Please click on Jotti
Use the "Browse" button and locate the following file on your computer:
C:\WINDOWS\system32\Tools\Restart.exe
Click the "Submit" button.
Please copy and post (reply) with the results
If Jotti's service load is too high, you can use the following scanner instead:
http://www.virustota...l/index_en.html
Please also check the properties of those files (right-click and select properties from the popupmenu). Look if you can find some company information, etc.
Please post (reply) with the results from the regscans, and Jotti.
Proud member of ASAP since 2005
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Come join us in the Class Room and learn how.
#22
Posted 29 June 2006 - 04:53 AM
#23
Posted 29 June 2006 - 06:20 AM
Proud member of ASAP since 2005
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Come join us in the Class Room and learn how.
#24
Posted 30 June 2006 - 06:32 PM
======
Backup Your Registry with ERUNT
- Please use the following link and scroll down to ERUNT and download it.
http://aumha.org/freeware/freeware.php - For version with the Installer:
Use the setup program to install ERUNT on your computer - For the zipped version:
Click Erunt.exe to backup your registry to the folder of your choice.
Note: to restore your registry, go to the folder and start ERDNT.exe
==========================
Then, go to start-->run
and type this in:
notepad
Paste this into the box:
REGEDIT4 [-HKEY_USERS\.DEFAULT\Software\Fun Web Products] [-HKEY_USERS\S-1-5-19\Software\Fun Web Products] [-HKEY_USERS\S-1-5-19\Software\Classes\Software\Fun Web Products] [-HKEY_USERS\S-1-5-19_Classes\Software\Fun Web Products] [-HKEY_USERS\S-1-5-20\Software\Fun Web Products] [-HKEY_USERS\S-1-5-20\Software\Classes\Software\Fun Web Products] [-HKEY_USERS\S-1-5-20_Classes\Software\Fun Web Products] [-HKEY_USERS\S-1-5-21-1417001333-1303643608-839522115-1003\Software\Fun Web Products] [-HKEY_USERS\S-1-5-21-1417001333-1303643608-839522115-1003\Software\Classes\Software\Fun Web Products] [-HKEY_USERS\S-1-5-21-1417001333-1303643608-839522115-1003_Classes\Software\Fun Web Products] [-HKEY_USERS\S-1-5-18\Software\Fun Web Products]Then click on the FILE menu and select save as
Save the file as regfix.reg. Save the file to the desktop.
IMPORTANT: make sure to save the file as "all types" and NOT as a text file
**
Now double click on regfix.reg and insert it into the registry.
Please do the Regscan again so we can check the registry
Use the search term:
Fun Web Products
Please delete the following file
C:\Windows\system32\tools\restart.exe<=file
Please reply with results from Regscan and a new hijackthis log.
Proud member of ASAP since 2005
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Come join us in the Class Room and learn how.
#25
Posted 30 June 2006 - 09:05 PM
No match to your search terms: "Fun web products" were found. The search took 47 seconds.
Logfile of HijackThis v1.99.1
Scan saved at 10:50:47 PM, on 6/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Soulseek\slsk.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\ABC\ABC.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Hijackthis\HijackThis.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O3 - Toolbar: Video Professor Stay on Top - {56879C4B-B0B1-447C-9FDF-259F70BE9F76} - C:\Program Files\VideoProfessorStayOnTop\VPExplorerExtensions.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {701DC9DC-ACD5-4E94-85E3-F3F1ED68611A} (CWebClientCtl Object) - http://download.palt...ebclientctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://cdn.digitalci...illama/ampx.cab
O16 - DPF: {BD4C7EDB-A392-11D9-8BFB-0040953018D7} (PhaseCaster Widget) - http://www.streamerp...iles/phasex.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
Register to Remove
#26
Posted 01 July 2006 - 02:05 AM
Your log appears to be clean. Please do the following:
Be sure and go to the Microsoft Update site and update all your Microsoft applications in addition to Windows so that you have the latest security patches. The Trend Micro scan indicated that there were some vulnerabilities present.
Also your Java is not up-to-date.
Uninstall Microsoft Antispyware and replace it with Microsoft Windows Defender. Microsoft Antispyware has been updated and renamed Microsoft Windows Defender. You can download the new version from http://www.microsoft...re/default.mspx
STEP 1.
======
Cleanmgr
To clean temporary files:
- Go > start > run and type cleanmgr and click OK
- Scan your system for files to remove.
- Make sure Temporary Files, Temporary Internet Files and Recycle Bin are the only things checked.
- Click OK to remove those files.
- Click Yes to confirm deletion.
======
Prefetch Folder
Open C:\Windows\Prefetch\
Delete All files in this folder but not the Prefetch folder
STEP 3.
======
System Restore for Windows XP
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
- Turn off System Restore.
- On the Desktop, right-click My Computer.
- Click Properties.
- Click the System Restore tab.
- Check Turn off System Restore.
- Click Apply, and then click OK.
Turn ON System Restore.
- On the Desktop, right-click My Computer.
- Click Properties.
- Click the System Restore tab.
- UN-Check *Turn off System Restore*.
- Click Apply, and then click OK.
STEP 4.
======
DON’T BECOME OVERCONFIDENT WITH ANTIVIRUS APPLICATIONS INSTALLED!!!
http://forum.malware...39eba6ea0b5e8ee
Stay up to date on security patches and be extremely wary of clicking on links and attachments that arrive unbidden in instant messages and e-mail.
"The number one thing the majority of the malicious code we're seeing now does is disable or delete anti-virus and other security software," Dunham said. "In a lot of cases, once the user clicks on that attachment, it's already too late."
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
- Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
- Test your Firewall - Please test your firewall and make sure it is working properly.
Test Firewall
- Visit Microsoft's Update Site Frequently - It is important that you visit Windows Updates regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
- Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
A tutorial on installing & using this product can be found here:
Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
- Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
A tutorial on installing & using this product can be found here:
Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
- Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware
- Update your Java to the latest version. Uninstall any and all versions you have listed in add/remove programs and install the latest version from here:
Java Software Java Runtime Environment Version 5.0 Update 7
http://www.java.com/...windows_xpi.jsp
- Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
- More info on how to prevent malware you can also find here (By Tony Klein)
Thank you for allowing me to assist you.
Susan
Proud member of ASAP since 2005
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Come join us in the Class Room and learn how.
#27
Posted 03 July 2006 - 05:36 PM
#28
Posted 05 July 2006 - 06:04 AM
Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.
Coyote's Installed programs for prevention:
http://forums.tomcoy...showtopic=31418
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Visit the CoyoteStore http://TomCoyote.org/coyotestore.php
Proud member of ASAP since 2005
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Come join us in the Class Room and learn how.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users