Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Zlob That Won´t Go (according To Spynomore 2.56.070521)

Started by ANDR359 , May 30 2007 06:49 AM

  • This topic is locked This topic is locked
2 replies to this topic

#1 ANDR359

ANDR359

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 30 May 2007 - 06:49 AM

Hi guys I got spyware (Zlob). The logfile from hijack this is: Logfile of HijackThis v1.99.1 Scan saved at 06:48:33 a.m., on 30/05/2007 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe C:\ARCHIV~1\Grisoft\AVG7\avgemc.exe C:\WINNT\system32\cisvc.exe C:\WINNT\system32\svchost.exe C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINNT\system32\nvsvc32.exe C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\devldr32.exe C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\pavsrv50.exe C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\AVENGINE.EXE C:\Archivos de programa\Creative\SBLive2k\AudioHQ\AHQTB.EXE C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe C:\Archivos de programa\Creative\SBLive2k\Program\CTAvTray.EXE C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe C:\WINNT\system32\regsvc.exe C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATIBGL.EXE C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\SRVLOAD.EXE C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINNT\system32\ctfmon.exe C:\WINNT\system32\RUNDLL32.EXE C:\WINNT\system32\taskmgr.exe C:\Archivos de programa\Internet Explorer\iexplore.exe C:\Archivos de programa\Archivos comunes\Real\Update_OB\RealOneMessageCenter.exe C:\WINNT\system32\inetsrv\inetinfo.exe C:\WINNT\system32\cidaemon.exe C:\WINNT\system32\cidaemon.exe C:\ARCHIV~1\WINZIP\winzip32.exe C:\Archivos de programa\SpywareGuard\sgmain.exe C:\Archivos de programa\SpywareGuard\sgbhp.exe C:\WINNT\system32\NOTEPAD.EXE C:\Archivos de programa\SpyNoMore\SNM.exe C:\WINNT\system32\cidaemon.exe C:\WINNT\system32\wuauclt.exe C:\Documents and Settings\FHCHC\Configuración local\Temp\HijackThis.exe O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Archivos de programa\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe O4 - HKLM\..\Run: [AHQInit] C:\Archivos de programa\Creative\SBLive2k\Program\AHQInit.exe O4 - HKLM\..\Run: [AudioHQ] C:\Archivos de programa\Creative\SBLive2k\AudioHQ\AHQTB.EXE O4 - HKLM\..\Run: [CTAvTray] C:\Archivos de programa\Creative\SBLive2k\Program\CTAvTray.EXE O4 - HKLM\..\Run: [SCANINICIO] "C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\Inicio.exe" O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [EPSON Stylus C79 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATIBGL.EXE /FU "C:\WINNT\TEMP\E_S3C.tmp" /EF "HKLM" O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SNM] C:\Archivos de programa\SpyNoMore\SNM.exe /startup O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe" O4 - HKLM\..\RunOnce: [CTAVTray] C:\Archivos de programa\Creative\SBLive2k\Program\CTAvStub.EXE EAX.AVI O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - HKCU\..\Run: [ares] "C:\Archivos de programa\Ares\Ares.exe" -h O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit O4 - Startup: SpywareGuard.lnk = C:\Archivos de programa\SpywareGuard\sgmain.exe O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_01\bin\ssv.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgemc.exe O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: Panda Antispam Server Service (PASSRV) - Unknown owner - C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Archivos de programa\Archivos comunes\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\pavsrv50.exe O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Archivos de programa\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe I´ve already run Ad-Ware, SpywareGuard, SpywareBlaster, and SpyNoMore (trial version (2.76.070521), that is, U have to pay to get Ur PC cleaned). Although the 1st 2 don´t find anything anymore (Zlob was apparently cleaned by them), SpyNoMore still finds like 67 ransomware, malware, etc, including: Zlob Adware (in C:\Documents and Settings\All Users\Menú Inicio\Online Security Guide.url and in C:\Documents and Settings\All Users\Menú Inicio\Security Troubleshooting.url) SpyLocked Malware (in C:\Documents and Settings\FHCHC\Datos de Programa\Microsoft\Internet Explorer\Quick Launch\Spy Locked 4.0.Ink) SpyLocked Malware (in HKEY_LOCAL_MACHINE_\SOFTWARE\Spy Locked 4.0) SpyLocked Malware (in HKEY_LOCAL_MACHINE_\Microsoft\Windows\CurrentVersion\AppPaths\Spy Locked 4.0) I mention those because I´ve already read they can be malicious, although there´s more malware and also randomware such as MalwareWipe (in HKEY_CLASSES_ROOT\... (many)) MalwareWipe (in HKEY_LOCAL_MACHINE\... (2)) Windows Safety Alert - Trojan Downloader (in HKEY_LOCAL_MACHINE\... (2)) WinAntivirus (in HKEY_CURRENT_USERS\... (many)) Adware\MalwareWipe 5.2 - Adware (in HKEY_LOCAL_MACHINE\... (2)) Tracking Cookie/softbn.ru - Tracking Cookie C:\Documents and Settings\FHCHC\Cookies\fhchc@softbn(2).txt PLEASE help me get rid of this stuff. I´ve already been running antispyware and antiviruses on this PC for many hours but still get this result from SpyNoMore. Please help me solve this.

    Advertisements

Register to Remove

#2 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 01 June 2007 - 11:50 AM

ANDR359

Welcome to the forum. You do have some issues going on that we need to address.

SpyNoMore This was on a list of Rogue Anti Spyware Programs so I would suggest uninstalling it via the Add-Remove Programs in the Control Panel. This isn't anything that I would care to have on my computer

Hijackthis 1.99.1
Its important that Hijackthis is installed in its own permanent folder for backup purposes.
  • Go to where you currently have HJT installed and delete the whole folder.
  • Use the link above or the links in my signature to download HJT 1.99.1 setup to your desktop
  • Double Click on the Setup icon and by defaut it will unzip to C:\Program Files\Hijackthis

Now do a couple of things.

Go to the new location of HJT and right click on the HJT icon ( looks like a red stick of dynamite with a plunger ) and rename it to ANDR359.exe <-- Dont forget the .exe


Please download SmitfraudFix
to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.


Also post a new HJT log with it renamed to ANDR359.exe

 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#3 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 02 June 2007 - 06:53 AM

ANDR359,

FYI. We are just a small group of volunteers that try to help many people that we can on our on free time, we don't have the man power to have more than one person helping you, the amount of infected computers are astronomical , and I see that you have posted on two other forums for help, Techguy and Spyware Warrior, they are fine forums and you will get the help you need there so I am locking this thread. You basically waisted my time, analyzing your log, working out a fix when the time could have been better spent helping someone else.

How did I get infected in the first place ? Read these links and find out how to prevent getting infected again.


Here are some free programs to install, don't leave home without them
  • Spybot Search and Destroy 1.4
    Check for Updates/ Immunize and run a Full System Scan on a regular basis.
  • Ad-Aware SE Personal 1.06
    Check for Updates and run a Full System Scan on a regular basis.
  • Spyware Blaster It will prevent most spyware from ever being installed.
  • Spyware Guard It offers realtime protection from spyware installation attempts.
  • Win Patrol This program will warn you when any changes are being made to your system and give you the option to deny the change.
  • IE-Spyad
    IE-Spyad places over 4000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • Firefox 2.0 It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
  • Zone Alarm Here is a free Firewall from Zone Labs, I wouldn't access the internet without it.


 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·