Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91601 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

HELP! Trojans! Agent,HBO,Wopla,Dropper,Downloader and Darksma


  • This topic is locked This topic is locked
1 reply to this topic

#1 Asylum_Witch

Asylum_Witch

    New Member

  • New Member
  • Pip
  • 2 posts

Posted 18 March 2007 - 10:38 AM

Hi.

I will be brief to help simplify your assisting me. (Hope that helps!)

Problem: My computer started having major advertising pop-ups, hijacking of internet explorer to virus response websites and slow response time on computer programs with frequent freezing online and offline of programs. I had to ‘update’ (using Windows installation CD) to get function of my computer back after it crashed (unable to start/load Windows, move or turn off computer). Ran ‘Windows update’ and computer is now back-up but still seriously infected.

System: I am running Window XP Pro

Malware found: Multiple Trojans; Win32Agent - BHO, Proxy.Win32.Wopla.ag - Dropper.Win32.Small.avu - Downloader.Win32.Agent.bjk. Also Darksma Downloader and too many tracking cookies to count!

Security Programs: I used a free version of Norton with NO success and have since removed Norton completely. I used Yahoo Spyware without results as well. I have computer security set to medium-high and Microsoft updates are automatic.


*I have read the FAQ and the post, “Hijacked Users - Start here“.

I have followed the instructions as described and here is what I have downloaded and used so far or sites I used online scans:

AVG Anti Spyware 7.5
Spybot Search & Destroy
Kaspersky Online Scan
F-Secure Online Scan
Trojan Hunter
HijackThis is version 1.99.1
(Log included with this post)

*I installed, updated, scanned, and used the repair option on AVG & Spybot only. I used all other programs before I ran the HijackThis scan for your review. I have the other scan logs available at your request from F-Secure and Trojan Hunter.

Thank you in advance for your invaluable assistance.

Asylum Witch (aka Nikki)

PS Started cleanup with F_Secure but stopped it. I wasn't sure if I was supposed to clean it or not? Anyway, I edited because I did another HijackThis scan (included) and also posted the scan from F-Secure. I wanted you to have current info. Thanks!!!!


Logfile of HijackThis v1.99.1Scan saved at 1:18:16 PM, on 3/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Nik\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
C:\DOCUME~1\Nik\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Nik\My Documents\Unzipped\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - A® - (no file)
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {48e2a62c-4737-4ac8-9e46-99477d0de9d5} - C:\WINDOWS\system32\csc5en.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - ¸@® - (no file)
O2 - BHO: (no name) - ˆ@® - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\system32\lsasss.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: MSWin-1944338964.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1174029941634
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1174029922367
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec...m/ols/fscax.cab
O20 - AppInit_DLLs: c:\windows\system32\ddcdefe.dll
O20 - Winlogon Notify: csc5en - C:\WINDOWS\SYSTEM32\csc5en.dll
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users.WINDOWS\Documents\Settings\partnership.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: ieupdater21 (Microsoft IEUpdater21) - Unknown owner - C:\Documents and Settings\Nik\ie_updater.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe


F-Secure Scan Results

Result: 39 malware found
Suspicious_F.gen.dropper (virus)
C:\DOCUMENTS AND SETTINGS\NIK\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ENYZU5AN\FILE1[1].EXE (Submitted)
C:\DOCUMENTS AND SETTINGS\NIK\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\7VXFV5G8\FILE1[1].EXE (Submitted)
Tracking Cookie (spyware)
System (Disinfected)
System (Submitted)
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
Trojan-Downloader.Win32.Agent.bjk (virus)
C:\DOCUMENTS AND SETTINGS\NIK\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\4T2Z8XIN\LIENTNSTALLER15_02[1] (Renamed & Submitted)
Trojan-Dropper.Win32.Small.avu (virus)
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\RJ2L45O7\LOADER[1] (Renamed & Submitted)
Trojan-Proxy.Win32.Wopla.ag (virus)
C:\WINDOWS\SYSTEM32\KOOS.EXE
C:\WINDOWS\SYSTEM32\KPROF
C:\WINDOWS\SYSTEM32\POOF
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ZIV5OJXB\PACKED_INSTALLER_CNA[1] (Renamed & Submitted)
Trojan.Win32.Agent.agv (virus)
C:\WINDOWS\HGFCAY.DLL (Renamed & Submitted)
C:\WINDOWS\SYSTEM32\CSC5EN.DLL (Renamed & Submitted)
C:\WINDOWS\SYSTEM32\TMP2C6.TMP.DLL (Renamed & Submitted)
C:\DOCUMENTS AND SETTINGS\NIK\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\1GSVD9SP\MACME20070305[1] (Renamed & Submitted)
C:\DOCUMENTS AND SETTINGS\NIK\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\0J5FMYJ1\######[1] (Renamed & Submitted)
Trojan.Win32.BHO.al (virus)
C:\WINDOWS\SYSTEM32\SHDOCVS.DLL (Renamed & Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 28316
System: 4215
Not scanned: 5
Actions:
Disinfected: 1
Renamed: 9
Deleted: 0
None: 29
Submitted: 12
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{6631F6A4-9D05-49E9-A4E7-24C2C5695C72}.BIN
C:\DOCUMENTS AND SETTINGS\ALL USERS.WINDOWS\DOCUMENTS\SETTINGS\PARTNERSHIP.DLL

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure Libra: 2.4.2, 2007-03-16
F-Secure AVP: 7.0.171, 2007-03-16
F-Secure Orion: 1.2.37, 2007-03-16
F-Secure Blacklight: 1.0.53, 0000-00-00
F-Secure Draco: 1.0.35, 0260-02-44
F-Secure Pegasus: 1.19.0, 2007-02-14
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2006 Product support |Send virus sample to F-Secure



KASPERSKY ONLINE SCANNER REPORT
Saturday, March 17, 2007 7:42:19 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 17/03/2007
Kaspersky Anti-Virus database records: 266545


Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 49931
Number of viruses found 5
Number of infected objects 17 / 0
Number of suspicious objects 0
Duration of the scan process 01:56:02

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\LiveUpdate\2007-03-16_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

C:\Documents and Settings\All Users.WINDOWS\Documents\Settings\partnership.dll Object is locked skipped

C:\Documents and Settings\Gradillas Computer\My Documents\desktop.ini Object is locked skipped

C:\Documents and Settings\Gradillas Computer\My Documents\My Music\Desktop.ini Object is locked skipped

C:\Documents and Settings\Gradillas Computer\My Documents\My Music\Sample Music.lnk Object is locked skipped

C:\Documents and Settings\Gradillas Computer\My Documents\My Pictures\Desktop.ini Object is locked skipped

C:\Documents and Settings\Gradillas Computer\My Documents\My Pictures\Mom\2me cut.png Object is locked skipped

C:\Documents and Settings\Gradillas Computer\My Documents\My Pictures\Mom\Blk Wht to Dhruba.JPG Object is locked skipped

C:\Documents and Settings\Gradillas Computer\My Documents\My Pictures\Mom\d cut.png Object is locked skipped

C:\Documents and Settings\Gradillas Computer\My Documents\My Pictures\Mom\Dhruba & Nikki.jpg Object is locked skipped

C:\Documents and Settings\Gradillas Computer\My Documents\My Pictures\Mom\Dhruba & Nikki.png Object is locked skipped

C:\Documents and Settings\Gradillas Computer\My Documents\My Pictures\Mom\Dhuba2.JPG Object is locked skipped

C:\Documents and Settings\Gradillas Computer\My Documents\My Pictures\Mom\Judy's 1 016.JPG Object is locked skipped

C:\Documents and Settings\Gradillas Computer\My Documents\My Pictures\Mom\Judy's 1 019.JPG Object is locked skipped

C:\Documents and Settings\Gradillas Computer\My Documents\My Pictures\Mom\me cut.png Object is locked skipped

C:\Documents and Settings\Gradillas Computer\My Documents\My Pictures\Mom\nepal-03-032.jpg Object is locked skipped

C:\Documents and Settings\Gradillas Computer\My Documents\My Pictures\Mom\Nikki & Dhruba 2.bmp Object is locked skipped

C:\Documents and Settings\Gradillas Computer\My Documents\My Pictures\Mom\Nikki & Dhruba 2.jpg Object is locked skipped

C:\Documents and Settings\Gradillas Computer\My Documents\My Pictures\Mom\Nikki & Dhruba.jpg Object is locked skipped

C:\Documents and Settings\Gradillas Computer\My Documents\My Pictures\Mom\Nikki 4th of July 2006.JPG Object is locked skipped

C:\Documents and Settings\Gradillas Computer\My Documents\My Pictures\Mom\Nikki.JPG Object is locked skipped

C:\Documents and Settings\Gradillas Computer\My Documents\My Pictures\Mom\ph2040682620094844616.jpg Object is locked skipped

C:\Documents and Settings\Gradillas Computer\My Documents\My Pictures\Mom\ph2516720460094844616.jpg Object is locked skipped

C:\Documents and Settings\Gradillas Computer\My Documents\My Pictures\Mom\plum.bmp Object is locked skipped

C:\Documents and Settings\Gradillas Computer\My Documents\My Pictures\Mom\Thumbs.db Object is locked skipped

C:\Documents and Settings\Gradillas Computer\My Documents\My Pictures\Mom\us at market.jpg Object is locked skipped

C:\Documents and Settings\Gradillas Computer\My Documents\My Pictures\Mom\us temple.png Object is locked skipped

C:\Documents and Settings\Gradillas Computer\My Documents\My Pictures\Picture\Nikki Video.mpg Object is locked skipped

C:\Documents and Settings\Gradillas Computer\My Documents\My Pictures\Picture\Picture 001.mpg Object is locked skipped

C:\Documents and Settings\Gradillas Computer\My Documents\My Pictures\Picture\Thumbs.db Object is locked skipped

C:\Documents and Settings\Gradillas Computer\My Documents\My Pictures\Sample Pictures.lnk Object is locked skipped

C:\Documents and Settings\Gradillas Computer\My Documents\My Pictures\Thumbs.db Object is locked skipped

C:\Documents and Settings\Gradillas Computer\My Documents\wbsamp5.exe Object is locked skipped

C:\Documents and Settings\Gradillas Computer\My Documents\Webshots Data\album-10001\album.txt Object is locked skipped

C:\Documents and Settings\Gradillas Computer\My Documents\Webshots Data\album-10001\ph59442.wb1 Object is locked skipped

C:\Documents and Settings\Gradillas Computer\My Documents\Webshots Data\album-10001\photos.txt Object is locked skipped

C:\Documents and Settings\Gradillas Computer\My Documents\Webshots Data\album-10001\th59442.wb1 Object is locked skipped

C:\Documents and Settings\Gradillas Computer\My Documents\Webshots Data\album-10002\album.txt Object is locked skipped

C:\Documents and Settings\Gradillas Computer\My Documents\Webshots Data\album-10002\photos.txt Object is locked skipped

C:\Documents and Settings\Gradillas Computer\My Documents\Webshots Data\album-10002\Thumbs.db Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\RJ2L45O7\loader[1] Infected: Trojan-Dropper.Win32.Small.avu skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZIV5OJXB\packed_installer_cna[1] Infected: Trojan-Proxy.Win32.Wopla.ag skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Nik\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Nik\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\Nik\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped

C:\Documents and Settings\Nik\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Nik\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Nik\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNSD.XML Object is locked skipped

C:\Documents and Settings\Nik\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Nik\Local Settings\History\History.IE5\MSHist012007031720070318\index.dat Object is locked skipped

C:\Documents and Settings\Nik\Local Settings\Temp\Perflib_Perfdata_8c.dat Object is locked skipped

C:\Documents and Settings\Nik\Local Settings\Temp\tmp1.tmp.exe Infected: Trojan.Win32.Agent.agv skipped

C:\Documents and Settings\Nik\Local Settings\Temp\tmp1B5.tmp.exe Infected: Trojan-Downloader.Win32.Agent.bjk skipped

C:\Documents and Settings\Nik\Local Settings\Temp\tmp2C6.tmp.exe Infected: Trojan.Win32.Agent.agv skipped

C:\Documents and Settings\Nik\Local Settings\Temp\tmp310.tmp.exe Infected: Trojan.Win32.Agent.agv skipped

C:\Documents and Settings\Nik\Local Settings\Temp\tmp4DE.tmp.exe Infected: Trojan.Win32.Agent.agv skipped

C:\Documents and Settings\Nik\Local Settings\Temp\~DF4483.tmp Object is locked skipped

C:\Documents and Settings\Nik\Local Settings\Temp\~DF4488.tmp Object is locked skipped

C:\Documents and Settings\Nik\Local Settings\Temp\~DF95B.tmp Object is locked skipped

C:\Documents and Settings\Nik\Local Settings\Temporary Internet Files\Content.IE5\0J5FMYJ1\######[1] Infected: Trojan.Win32.Agent.agv skipped

C:\Documents and Settings\Nik\Local Settings\Temporary Internet Files\Content.IE5\1GSVD9SP\macme20070305[1] Infected: Trojan.Win32.Agent.agv skipped

C:\Documents and Settings\Nik\Local Settings\Temporary Internet Files\Content.IE5\4T2Z8XIN\lientnstaller15_02[1] Infected: Trojan-Downloader.Win32.Agent.bjk skipped

C:\Documents and Settings\Nik\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Nik\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Nik\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\hgfcay.dll Infected: Trojan.Win32.Agent.agv skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{A1F93590-8679-4282-97E2-E257AD5BE286}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\csc5en.dll Infected: Trojan.Win32.Agent.agv skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\shdocvs.dll Infected: Trojan.Win32.BHO.al skipped

C:\WINDOWS\system32\tmp2C6.tmp.dll Infected: Trojan.Win32.Agent.agv skipped

C:\WINDOWS\system32\update0.exe Infected: Trojan-Proxy.Win32.Wopla.ag skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\ursspm.dll Infected: Trojan.Win32.Agent.agv skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\WINDOWS\__delete_on_reboot__s_s_t_r_r_r_._d_l_l_ Infected: Trojan.Win32.Agent.agv skipped

Scan process completed.


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:59:30 PM 3/16/2007

+ Scan result:



C:\Documents and Settings\Nik\Local Settings\Temporary Internet Files\Content.IE5\DC4RD9SD\search_dropdown[1].js -> Downloader.Agent.bp : No action taken.
C:\WINDOWS\system32\update0.exe -> Proxy.Wopla.ag : No action taken.
C:\Documents and Settings\Nik\Cookies\nik@247realmedia[1].txt -> TrackingCookie.247realmedia : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq22.tmp -> TrackingCookie.247realmedia : No action taken.
C:\Documents and Settings\Gradillas Computer\Cookies\gradillas computer@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\Cookies\nik@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\Cookies\nik@buildabear.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq349.tmp -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Nik\Cookies\nik@aavalue[2].txt -> TrackingCookie.Aavalue : No action taken.
C:\Documents and Settings\Nik\Cookies\nik@grouplotto.aavalue[2].txt -> TrackingCookie.Aavalue : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\Cookies\nik@adbrite[1].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\Cookies\nik@ads.addynamix[1].txt -> TrackingCookie.Addynamix : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\Cookies\nik@adrevolver[1].txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\Cookies\nik@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq24.tmp -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\Cookies\nik@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq34C.tmp -> TrackingCookie.Atdmt : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25.tmp -> TrackingCookie.Bfast : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\Cookies\nik@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\Cookies\nik@casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq34D.tmp -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Nik\Cookies\nik@com[1].txt -> TrackingCookie.Com : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq26.tmp -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Nik\Cookies\nik@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\Nik\Cookies\nik@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\Cookies\nik@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq34F.tmp -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\Cookies\nik@e-2dj6waliamdzoaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\Cookies\nik@e-2dj6wamyghdzscp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\Cookies\nik@e-2dj6wfkiskdjwcp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\Cookies\nik@e-2dj6wgkoclc5sfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\Cookies\nik@e-2dj6whkiapdjgkp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\Cookies\nik@e-2dj6whkygndjwap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\Cookies\nik@e-2dj6wjk4gjdjebp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\Cookies\nik@e-2dj6wjk4knd5kgq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\Cookies\nik@e-2dj6wjk4uiajkgq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\Cookies\nik@e-2dj6wjk4wpazalp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\Cookies\nik@e-2dj6wjkycocpkcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\Cookies\nik@e-2dj6wjkyoiazicp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\Cookies\nik@e-2dj6wjlignazaep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\Cookies\nik@e-2dj6wjmiqlc5whp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\Cookies\nik@e-2dj6wjnyojczofq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\Cookies\nik@e-2dj6wjnysmc5odq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\Cookies\nik@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Nik\Cookies\nik@as-eu.falkag[2].txt -> TrackingCookie.Falkag : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq28.tmp -> TrackingCookie.Falkag : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq351.tmp -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\Cookies\nik@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\Cookies\nik@media.fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq352.tmp -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Nik\Cookies\nik@ehg-maniatv.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Nik\Cookies\nik@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\Cookies\nik@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\Cookies\nik@ehg-sonycomputer.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\Cookies\nik@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq29.tmp -> TrackingCookie.Hitbox : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5.tmp -> TrackingCookie.Linksynergy : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\Cookies\nik@mediaplex[2].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq354.tmp -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\Cookies\nik@overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\Cookies\nik@ads.pointroll[2].txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\Cookies\nik@pro-market[1].txt -> TrackingCookie.Pro-market : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq34E.tmp -> TrackingCookie.Pro-market : No action taken.
C:\Documents and Settings\Nik\Cookies\nik@questionmarket[1].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq356.tmp -> TrackingCookie.Realmedia : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\Cookies\nik@edge.ru4[1].txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\Cookies\nik@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\Cookies\nik@specificclick[2].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\Cookies\nik@spylog[2].txt -> TrackingCookie.Spylog : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\Cookies\nik@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq357.tmp -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\Cookies\nik@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\Cookies\nik@trafficmp[1].txt -> TrackingCookie.Trafficmp : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq358.tmp -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\Cookies\nik@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq359.tmp -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Nik\Cookies\nik@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\Cookies\nik@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq34A.tmp -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\Cookies\nik@zedo[1].txt -> TrackingCookie.Zedo : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2A.tmp -> TrackingCookie.Zedo : No action taken.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq35B.tmp -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\tmp1.tmp.exe -> Trojan.Agent.agv : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temp\tmp310.tmp.exe -> Trojan.Agent.agv : No action taken.
C:\Documents and Settings\Nik\Local Settings\Temporary Internet Files\Content.IE5\1GSVD9SP\macme20070305[1] -> Trojan.Agent.agv : No action taken.
C:\WINDOWS\hgfcay.dll -> Trojan.Agent.agv : No action taken.
C:\WINDOWS\sstrrr.dll -> Trojan.Agent.agv : No action taken.
C:\WINDOWS\system32\tmp20.tmp.dll -> Trojan.Agent.agv : No action taken.
C:\WINDOWS\system32\shdocvs.dll -> Trojan.BHO.al : No action taken.


::Report end

    Advertisements

Register to Remove


#2 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,170 posts

Posted 18 March 2007 - 12:16 PM

Posted at G2G

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users