Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91983 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

I think I have a Phish problem?


  • This topic is locked This topic is locked
28 replies to this topic

#1 changasnr

changasnr

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 04 March 2007 - 11:37 PM

My mom is trying to log into her ebay account, and it keeps redirecting her to a web address with "HTTPS" which I can tell is wrong. Also the copyright on the bottom is 1985-005 and I know that ebay updates every year. Here is copy of my hijack this log. Any help on how to get rid of this would be appreciated.
P.S> it also doesn't let us log into myspace.com
Logfile of HijackThis v1.99.1
Scan saved at 9:14:30 PM, on 3/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Compaq Organize.lnk = ?
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs:
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    Advertisements

Register to Remove


#2 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,173 posts

Posted 17 March 2007 - 07:38 AM

Hello and welcome to the forum. Sorry about the delay in responding :( If you still need help, Scan again with HijackThis, and copy/paste" a new log file into this thread. Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#3 changasnr

changasnr

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 19 March 2007 - 11:45 AM

Thank you for your response. Since this was posted, I have run webcureit MD in safe mode and done a scan. After that, I did a hijack this scan and removed two things that were not supposed to be there. I ran webcureit MD again yesterday, and it comes up with about three things that it says are incurable. I tried to move them, but it does not let me. The computer at this point is running ok, but I am not sure if those "incurables" will infect it again. Norton is having a field day everytime we log into the internet! It keeps popping up with things that are trying to come through. I am currently not on my home computer, but I can run a hijack this log and paste it here later on today. Thank you for your response.

#4 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,173 posts

Posted 19 March 2007 - 03:36 PM

I ran webcureit MD again yesterday, and it comes up with about three things that it says are incurable.

Does it gine the location and file name for those?

Please post a new HijackThis log.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#5 changasnr

changasnr

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 19 March 2007 - 07:08 PM

My father told me when I got home that he went to his email and logged in, and norton popped up twice advising that there was trojans trying to get in. He managed to catch one but not the other. I just ran another webcureit MD, and also added spywareblaster to the computer. Here is the latest hijack this log. Thank you for your help.

Logfile of HijackThis v1.99.1
Scan saved at 5:03:13 PM, on 3/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\lsasss.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Documents and Settings\Compaq_Owner\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {b5aa3783-578e-4729-a0aa-5e31d1cb214e} - C:\WINDOWS\system32\icwsrv.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\system32\lsasss.exe
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\urrrss.dll",setvm
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs:
O20 - Winlogon Notify: icwsrv - C:\WINDOWS\SYSTEM32\icwsrv.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#6 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,173 posts

Posted 19 March 2007 - 07:25 PM

This infection is a bad one:

Turns off anti-virus applications
Allows others to access the computer
Steals information
Downloads code from the internet
Reduces system security
Records keystrokes

http://www.sophos.co.../w32rbotxw.html


First off all, you need to be informed that your computer might be seriously compromised, you have a trojan of the Rbot/Sbot family. You must be aware that if you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications)

I will try to help clean it but can't promise it will be totally clean.

Please do not reboot unless I ask you to.

Please go to http://virusscan.jotti.org , click on Browse, and upload the following file for analysis:

C:\WINDOWS\system32\lsasss.exe

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.


If Jotti is too busy you can try these.

http://www.kaspersky...anforvirus.html


http://www.virustota.../en/indexf.html

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#7 changasnr

changasnr

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 19 March 2007 - 07:49 PM

here are the results of the scan you had me do... thanks again for your help...this sounds really bad!! Scan taken on 20 Mar 2007 01:45:17 (GMT) AntiVir Found TR/Agent.37102 ArcaVir Found nothing Avast Found nothing AVG Antivirus Found Downloader.Generic3.ZJQ BitDefender Found DeepScan:Generic.Malware.SP!Pk!.606E7E81 ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found probably a variant of Win32/TrojanDownloader.Agent.AWF (probable variant) Norman Virus Control Found W32/DLoader.CKHS Panda Antivirus Found Trj/KillAV.FG VirusBuster Found nothing VBA32 Found Trojan-Downloader.Obfuscated.1 (paranoid heuristics) (probable variant)

#8 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,173 posts

Posted 19 March 2007 - 07:53 PM

looking at the scan

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#9 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,173 posts

Posted 19 March 2007 - 07:58 PM

Select the online scan.
Panda ActiveScan-Free online scanner,
Select NO I do not want to receive marketing information from Panda Software and/or its International Representatives where applicable.

Place a check in all the box's
http://www.pandasoft..._principal.htm#
Save the report and post it back here please, if there are any that it is unable to deal with.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#10 changasnr

changasnr

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 19 March 2007 - 08:12 PM

It is scanning right now. does it bring up a report when it is done?

    Advertisements

Register to Remove


#11 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,173 posts

Posted 19 March 2007 - 08:19 PM

Yes it should

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#12 changasnr

changasnr

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 19 March 2007 - 08:30 PM

ok, I will post it as soon as it is done. It is still running.

#13 changasnr

changasnr

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 19 March 2007 - 09:53 PM

here are the results of the panda scan. It looks like there was a lot of things that could not be disinfected. Any advice would be greatly appreciated. Thanks again. Incident Status Location Virus:Trj/KillAV.FG Disinfected Operating system Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\urrrss.dll Virus:trj/torpig.a Disinfected Operating system Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Netscape\NSB\Profiles\9mp1v10x.default\cookies.txt[.advertising.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Netscape\NSB\Profiles\9mp1v10x.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Compaq_Owner\Application Data\Netscape\NSB\Profiles\9mp1v10x.default\cookies.txt[.2o7.net/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ad.yieldmanager[1].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@advertising[2].txt Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@as-eu.falkag[2].txt Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@as-us.falkag[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@atdmt[2].txt Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@azjmp[1].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@casalemedia[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@com[1].txt Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@data.coremetrics[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@doubleclick[1].txt Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@errorsafe[2].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@fastclick[1].txt Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@findwhat[1].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@mediaplex[1].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@questionmarket[2].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@realmedia[1].txt Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@stats1.reliablestats[1].txt Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@statse.webtrendslive[1].txt Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@systemdoctor[2].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@trafficmp[2].txt Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@winantivirus[2].txt Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.burstbeacon[1].txt Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.winantivirus[1].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@zedo[2].txt Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\tmp332.tmp.exe Virus:Trj/KillAV.FG Disinfected C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\49A3CH23\3b4fb7022302f5a1fe478d411d462b99[1] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Guest\Cookies\guest@ads.pointroll[1].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Tess\Application Data\Netscape\NSB\Profiles\hwwdh6wg.default\cookies.txt[.advertising.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Tess\Application Data\Netscape\NSB\Profiles\hwwdh6wg.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Tess\Application Data\Netscape\NSB\Profiles\hwwdh6wg.default\cookies.txt[.2o7.net/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Tess\Application Data\Netscape\NSB\Profiles\hwwdh6wg.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Tess\Cookies\tess@2o7[1].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Tess\Cookies\tess@ad.yieldmanager[2].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Tess\Cookies\tess@adrevolver[2].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Tess\Cookies\tess@adrevolver[3].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Tess\Cookies\tess@ads.pointroll[1].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Tess\Cookies\tess@advertising[2].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Tess\Cookies\tess@atdmt[2].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Tess\Cookies\tess@atwola[1].txt Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Tess\Cookies\tess@bluestreak[1].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Tess\Cookies\tess@casalemedia[2].txt Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Tess\Cookies\tess@citi.bridgetrack[1].txt Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Tess\Cookies\tess@citi.bridgetrack[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Tess\Cookies\tess@com[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Tess\Cookies\tess@doubleclick[1].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Tess\Cookies\tess@drivecleaner[1].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Tess\Cookies\tess@fastclick[2].txt Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Tess\Cookies\tess@findwhat[1].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Tess\Cookies\tess@mediaplex[2].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Tess\Cookies\tess@overture[1].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Tess\Cookies\tess@questionmarket[2].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Tess\Cookies\tess@realmedia[2].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Tess\Cookies\tess@statcounter[1].txt Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Tess\Cookies\tess@tradedoubler[1].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Tess\Cookies\tess@trafficmp[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Tess\Cookies\tess@tribalfusion[1].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Tess\Cookies\tess@www.drivecleaner[2].txt Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe Spyware:Spyware/PeoplePC Not disinfected C:\Program Files\Online Services\PeoplePC\ISP5900\Dll\RAS.DLL Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\S-1-5-21-1571863391-2907473079-752996477-1009\Dc144.txt Spyware:Cookie/Advertising Not disinfected C:\RECYCLER\S-1-5-21-1571863391-2907473079-752996477-1009\Dc145.txt Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\ssrpmk.dll Virus:Trj/KillAV.FG Disinfected C:\WINDOWS\system32\bak\lsasss.exe Virus:Trj/KillAV.FG Disinfected C:\WINDOWS\system32\lsasss.exe1174352751 Virus:Trj/Agent.CHF Disinfected C:\WINDOWS\system32\mljjgda.dll Virus:Trj/Agent.EOY Disinfected C:\WINDOWS\Temp\clea238245.dll Virus:Trj/Agent.EOY Disinfected C:\WINDOWS\Temp\clea8887d5e.dll

#14 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,173 posts

Posted 20 March 2007 - 05:50 AM

Sorry my hard drive crashed last night at home.
I'm at work now so won't be able to do much.

This one is OK.
C:\hp\bin\KillIt.exe


Lets try cleaning up the cookies and temp ones:
Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.


(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time.


Now run the panda scan again if you will and post results.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#15 changasnr

changasnr

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 20 March 2007 - 09:17 PM

LD; This is now so much worse!! I ran the ATF cleaner, and when I went to log into the panda scan, all of a sudden the computer turned off! When it came back up, it wouldn't let me log in telling me to insert a disk in F: ther is no F on my dads comp! I went to log in with last good known configuration and managed to get back into the system. When I tried to open internet explorer, it continously redirects me to some malware cure website. I am currently running another cure it, but it is telling me that the hijack this is infected?

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users