Edited by indi, 16 February 2007 - 11:25 AM.
WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93105 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
Generic.downloader.k problem
Started by
indi
, Feb 16 2007 11:23 AM
5 replies to this topic
#1
indi
-
- New Member
-
- 3 posts
New Member
Posted 16 February 2007 - 11:23 AM
Register to Remove
#2
mschroe919
-
- Visiting Fellow
-
- 2,825 posts
basic
Posted 16 February 2007 - 12:07 PM
Welcome to the TomCoyote Forums
My name is mschroe919 and I am going to read your log.
I would like to help you So if you would....
Please be patient and I will be back as soon as possible.
two questions first is the program
AVG Anti-Spyware 7.5\guard.exe
the free trial or paid version.
I would like to start on checking your pc for maleware, so
while I am off to read your log perhaps you can do a few thing.
Let’s check for Malware/Spyware on your computer which is best dealt with by spyware-removal programs used one after the other.
Spybot: Search and Destroy:
1.Download 'Spybot: Search And Destroy'. Get it here:
http://www.bleepingc...tutorial43.html
1 Next, 'Search for Updates' as the definitions are not likely to be up-to-date.
2 Close ALL windows except Spybot SD
3 Click the "Check for Problems" button
4 Click 'Fix Selected Problems' and fix only the RED items.
5 REBOOT to finish removing what Spybot SD found and clear memory
Ad-Aware SE by Lavasoft:
1. Download 'Ad-Aware SE'. Get it here:
http://www.download....0...&tag=button
2. Install according to the instructions in "How To Setup Spybot SD and Ad-Aware SE" Get it here:
http://www.tomcoyote.org/aawsb.php
3. Next, 'Check for Updates' by clicking on the 'world globe' second from the right at the top of your Ad-Aware SE window.
4. Install the updates.
5. Close ALL windows except Ad-Aware SE
6. Click on 'Start' and choose 'full scan' for a full scan.
7. [b]Quarantine anything that it finds and [b]SAVE the log file.
8.[b]REBOOT to finish removing what Ad-Aware SE found and clear memory.
[b]Please let me know if anything can not be cleaned by these utilities.
after rebooting please do this:
A great on line scan, FREE:
Please go here
http://support.f-sec.../home/ols.shtml
and do a online scan
When you get to the site the start scan is at the bottom of page
make sure you follow instruction, like downloading.
Let me know what is found. and if all was cleaned up?
After scan, reboot and post a new HijackThis log
Good luck and
Thanks mschroe919
My name is mschroe919 and I am going to read your log.
I would like to help you So if you would....
Please be patient and I will be back as soon as possible.
two questions first is the program
AVG Anti-Spyware 7.5\guard.exe
the free trial or paid version.
I would like to start on checking your pc for maleware, so
while I am off to read your log perhaps you can do a few thing.
Let’s check for Malware/Spyware on your computer which is best dealt with by spyware-removal programs used one after the other.
Spybot: Search and Destroy:
1.Download 'Spybot: Search And Destroy'. Get it here:
http://www.bleepingc...tutorial43.html
1 Next, 'Search for Updates' as the definitions are not likely to be up-to-date.
2 Close ALL windows except Spybot SD
3 Click the "Check for Problems" button
4 Click 'Fix Selected Problems' and fix only the RED items.
5 REBOOT to finish removing what Spybot SD found and clear memory
Ad-Aware SE by Lavasoft:
1. Download 'Ad-Aware SE'. Get it here:
http://www.download....0...&tag=button
2. Install according to the instructions in "How To Setup Spybot SD and Ad-Aware SE" Get it here:
http://www.tomcoyote.org/aawsb.php
3. Next, 'Check for Updates' by clicking on the 'world globe' second from the right at the top of your Ad-Aware SE window.
4. Install the updates.
5. Close ALL windows except Ad-Aware SE
6. Click on 'Start' and choose 'full scan' for a full scan.
7. [b]Quarantine anything that it finds and [b]SAVE the log file.
8.[b]REBOOT to finish removing what Ad-Aware SE found and clear memory.
[b]Please let me know if anything can not be cleaned by these utilities.
after rebooting please do this:
A great on line scan, FREE:
Please go here
http://support.f-sec.../home/ols.shtml
and do a online scan
When you get to the site the start scan is at the bottom of page
make sure you follow instruction, like downloading.
Let me know what is found. and if all was cleaned up?
After scan, reboot and post a new HijackThis log
Good luck and
Thanks mschroe919
"The most important thing about goals is having one."
"It is never too soon to be kind, for we never know how soon it will be too late. "
No Man Ever Stands So Tall As When He Stoops To Help A Child
If you wish to show your appreciation, please consider a donation to help keep us online
[url="http://"%20%20<a%20href="http://www.whatthetech.com/donate/""%20target="_blank">http://www.whatthetech.com/donate/"</a>"]Donate Here Please[/url]
Thank You
"It is never too soon to be kind, for we never know how soon it will be too late. "
No Man Ever Stands So Tall As When He Stoops To Help A Child
If you wish to show your appreciation, please consider a donation to help keep us online
[url="http://"%20%20<a%20href="http://www.whatthetech.com/donate/""%20target="_blank">http://www.whatthetech.com/donate/"</a>"]Donate Here Please[/url]
Thank You
#3
indi
-
- New Member
-
- 3 posts
New Member
Posted 16 February 2007 - 01:46 PM
Thanks a lot.
I did the Spybot and AA scan, but i wont be able to continue with the process till tomorrow, so ill post my new hijackthis log tomorrow.
Edited by indi, 16 February 2007 - 01:48 PM.
#4
mschroe919
-
- Visiting Fellow
-
- 2,825 posts
basic
Posted 16 February 2007 - 09:06 PM
okay dokay see you tomorrow.
along with th new log just tell me what if anything was found and fixed i both spybot and AA.
Also when Mcafee finds this does it quarintine it?
mschroe919
Edited by mschroe919, 16 February 2007 - 09:36 PM.
"The most important thing about goals is having one."
"It is never too soon to be kind, for we never know how soon it will be too late. "
No Man Ever Stands So Tall As When He Stoops To Help A Child
If you wish to show your appreciation, please consider a donation to help keep us online
[url="http://"%20%20<a%20href="http://www.whatthetech.com/donate/""%20target="_blank">http://www.whatthetech.com/donate/"</a>"]Donate Here Please[/url]
Thank You
"It is never too soon to be kind, for we never know how soon it will be too late. "
No Man Ever Stands So Tall As When He Stoops To Help A Child
If you wish to show your appreciation, please consider a donation to help keep us online
[url="http://"%20%20<a%20href="http://www.whatthetech.com/donate/""%20target="_blank">http://www.whatthetech.com/donate/"</a>"]Donate Here Please[/url]
Thank You
#5
indi
-
- New Member
-
- 3 posts
New Member
Posted 17 February 2007 - 09:04 AM
Im back..
According to Mcafee the file has been deleted..but i keep getting this message.
Here are the logs:
Spybot S&D log:
Microsoft.WindowsSecurityCenter.FirewallOverride: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallOverride!=dword:0
DoubleClick: Tracking cookie (Internet Explorer: Administrator) (Cookie, fixed)
MediaPlex: Tracking cookie (Internet Explorer: Administrator) (Cookie, fixed)
Zedo: Tracking cookie (Internet Explorer: Administrator) (Cookie, fixed)
AA log:
ADWARE.IEHLPR
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[24]=Regkey : clsid\{3d898c55-74cc-4b7c-b5f1-45913f368388}
obj[25]=Regkey : software\microsoft\windows\currentversion\explorer\browser helper objects\{3d898c55-74cc-4b7c-b5f1-45913f368388}
TRACKING COOKIE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[26]=IECache Entry : Cookie:administrator@revsci.net/
obj[27]=IECache Entry : Cookie:administrator@tribalfusion.com/
F-Secure log:
Result: 3 malware found
Tracking Cookie (spyware)
System (Disinfected)
System
System
--------------------------------------------------------------------------------
Statistics
Scanned:
Files: 19100
System: 3817
Not scanned: 4
Actions:
Disinfected: 1
Renamed: 0
Deleted: 0
None: 2
Submitted: 0
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{9DFF09B6-9C6C-4D7D-88CA-F80A8F1D4257}.BIN
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
G:\SYSTEM VOLUME INFORMATION\MOUNTPOINTMANAGERREMOTEDATABASE
New hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 16:57:53, on 17/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Ad Blocker\blocker.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Apps\hijackthis\HijackThis.exe
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: VS_IEHlprObj Class - {829CAB51-A4EA-4a15-87B6-4B7D0747939C} - C:\Program Files\Network Associates\VirusScan\bho.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [Ad Blocker] C:\Program Files\Ad Blocker\blocker.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {00000000-CB06-433A-9302-77436F840932} - C:\Program Files\Ad Blocker\blocker.exe
O9 - Extra 'Tools' menuitem: &Ad Blocker - {00000000-CB06-433A-9302-77436F840932} - C:\Program Files\Ad Blocker\blocker.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec...m/ols/fscax.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
According to Mcafee the file has been deleted..but i keep getting this message.
Here are the logs:
Spybot S&D log:
Microsoft.WindowsSecurityCenter.FirewallOverride: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallOverride!=dword:0
DoubleClick: Tracking cookie (Internet Explorer: Administrator) (Cookie, fixed)
MediaPlex: Tracking cookie (Internet Explorer: Administrator) (Cookie, fixed)
Zedo: Tracking cookie (Internet Explorer: Administrator) (Cookie, fixed)
AA log:
ADWARE.IEHLPR
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[24]=Regkey : clsid\{3d898c55-74cc-4b7c-b5f1-45913f368388}
obj[25]=Regkey : software\microsoft\windows\currentversion\explorer\browser helper objects\{3d898c55-74cc-4b7c-b5f1-45913f368388}
TRACKING COOKIE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[26]=IECache Entry : Cookie:administrator@revsci.net/
obj[27]=IECache Entry : Cookie:administrator@tribalfusion.com/
F-Secure log:
Result: 3 malware found
Tracking Cookie (spyware)
System (Disinfected)
System
System
--------------------------------------------------------------------------------
Statistics
Scanned:
Files: 19100
System: 3817
Not scanned: 4
Actions:
Disinfected: 1
Renamed: 0
Deleted: 0
None: 2
Submitted: 0
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{9DFF09B6-9C6C-4D7D-88CA-F80A8F1D4257}.BIN
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
G:\SYSTEM VOLUME INFORMATION\MOUNTPOINTMANAGERREMOTEDATABASE
New hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 16:57:53, on 17/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Ad Blocker\blocker.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Apps\hijackthis\HijackThis.exe
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: VS_IEHlprObj Class - {829CAB51-A4EA-4a15-87B6-4B7D0747939C} - C:\Program Files\Network Associates\VirusScan\bho.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [Ad Blocker] C:\Program Files\Ad Blocker\blocker.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {00000000-CB06-433A-9302-77436F840932} - C:\Program Files\Ad Blocker\blocker.exe
O9 - Extra 'Tools' menuitem: &Ad Blocker - {00000000-CB06-433A-9302-77436F840932} - C:\Program Files\Ad Blocker\blocker.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec...m/ols/fscax.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
Edited by indi, 17 February 2007 - 09:07 AM.
#6
little eagle
-
- Visiting Fellow
-
- 8,968 posts
spyware hawk
- Interests:spyware
Posted 24 March 2007 - 05:22 PM
Due to a lack of a responce this topic is now closed.
If you wish it reopened, please send us an email (Click for address) with a link to your thread.
Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Visit the CoyoteStore http://TomCoyote.org/coyotestore.php
To help keep your PC clean follow the recommendations here by shelf life.
If you wish it reopened, please send us an email (Click for address) with a link to your thread.
Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Visit the CoyoteStore http://TomCoyote.org/coyotestore.php
To help keep your PC clean follow the recommendations here by shelf life.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
