Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

I've Been Jacked

Started by grammareetz , Apr 30 2007 06:51 PM

  • Please log in to reply
17 replies to this topic

#16 grammareetz

grammareetz

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 30 May 2007 - 02:52 PM

Incident Status Location Adware:Adware/Maxifiles Not disinfected C:\avenger\backup.zip[avenger/b122.exe] Adware:Adware/Maxifiles Not disinfected C:\avenger\backup.zip[avenger/b122.exe][Installeur.exe] Adware:Adware/ActiveSearch Not disinfected C:\avenger\backup.zip[avenger/b122.exe][²ÜÇ\Services.dll] Spyware:Spyware/Virtumonde Not disinfected C:\avenger\backup.zip[avenger/neircdql.dll] Virus:Trj/Downloader.OBC Not disinfected C:\avenger\backup.zip[avenger/net.exe][²ÖÇ\install.exe] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\User-1\Desktop\ComboFix.exe[ComboFixT\nircmd.cfexe] Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\User-1\Desktop\net.exe[²ÖÇ\is67333.exe] Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\User-1\Desktop\New Folder (2)\SmitfraudFix\Process.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\User-1\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe] Adware:Adware/WebHancer Not disinfected C:\QooBox\Quarantine\C\Program Files\webHancer\Programs\whiehlpr.dll.vir Adware:Adware/WebHancer Not disinfected C:\QooBox\Quarantine\C\Program Files\webHancer\whAgent_update.exe.vir[whiehlpr.dll] Adware:Adware/CommAd Not disinfected C:\QooBox\Quarantine\C\WINDOWS\IA\asappsrv.dll.vir Adware:Adware/CommAd Not disinfected C:\QooBox\Quarantine\C\WINDOWS\IA\command.exe.vir Adware:Adware/CommAd Not disinfected C:\QooBox\Quarantine\C\WINDOWS\IA\KE.vbs.vir Adware:Adware/DollarRevenue Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\atmtd.dll.vir Adware:Adware/DollarRevenue Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\atmtd.dll._.vir Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe

    Advertisements

Register to Remove

#17 grammareetz

grammareetz

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 30 May 2007 - 02:53 PM

:rofl: Incident Status Location Adware:Adware/Maxifiles Not disinfected C:\avenger\backup.zip[avenger/b122.exe] Adware:Adware/Maxifiles Not disinfected C:\avenger\backup.zip[avenger/b122.exe][Installeur.exe] Adware:Adware/ActiveSearch Not disinfected C:\avenger\backup.zip[avenger/b122.exe][²ÜÇ\Services.dll] Spyware:Spyware/Virtumonde Not disinfected C:\avenger\backup.zip[avenger/neircdql.dll] Virus:Trj/Downloader.OBC Not disinfected C:\avenger\backup.zip[avenger/net.exe][²ÖÇ\install.exe] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\User-1\Desktop\ComboFix.exe[ComboFixT\nircmd.cfexe] Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\User-1\Desktop\net.exe[²ÖÇ\is67333.exe] Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\User-1\Desktop\New Folder (2)\SmitfraudFix\Process.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\User-1\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe] Adware:Adware/WebHancer Not disinfected C:\QooBox\Quarantine\C\Program Files\webHancer\Programs\whiehlpr.dll.vir Adware:Adware/WebHancer Not disinfected C:\QooBox\Quarantine\C\Program Files\webHancer\whAgent_update.exe.vir[whiehlpr.dll] Adware:Adware/CommAd Not disinfected C:\QooBox\Quarantine\C\WINDOWS\IA\asappsrv.dll.vir Adware:Adware/CommAd Not disinfected C:\QooBox\Quarantine\C\WINDOWS\IA\command.exe.vir Adware:Adware/CommAd Not disinfected C:\QooBox\Quarantine\C\WINDOWS\IA\KE.vbs.vir Adware:Adware/DollarRevenue Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\atmtd.dll.vir Adware:Adware/DollarRevenue Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\atmtd.dll._.vir Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe

Edited by grammareetz, 30 May 2007 - 02:55 PM.

#18 Jintan

Jintan

    Advanced Member

  • Visiting Fellow
  • PipPipPipPip
  • 791 posts

Posted 30 May 2007 - 06:12 PM

Looks the same, so no new infection found. Good job on repairs there. Some remaining items of infection that do need to be deleted, and you can remove all the tools we used here as well.

Do a search ( Start - Search/Find - Files or Folders) for the following hilighted files/folders (shown in Bold), and if found, delete them.

C:\Documents and Settings\User-1\Desktop\net.exe

Delete that other file you located:

C:\WINDOWS\b122.exe


And remove the following tools from our repairs:

Files:
C:\WINDOWS\nircmd.exe
C:\Documents and Settings\User-1\Desktop\ComboFix.exe
C:\Documents and Settings\User-1\Desktop\SmitfraudFix.zip

Folders:
C:\avenger
C:\QooBox
C:\Documents and Settings\User-1\Desktop\New Folder (2)\SmitfraudFix

Be sure to run ATF Cleaner after. Then post back an update on how your system is running now.

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·