Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Kastem AI


  • This topic is locked This topic is locked
No replies to this topic

#1 PhilpP

PhilpP

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 23 September 2007 - 09:46 AM

Two days ago, when web-browsing, a CA anti-virus window popped up and said some files were infected, some it couldn't delete, some it could. My antivirus is up to date, as it informs me each time I get on the web. I have spyware via Microsoft Windows defender, and it is up to date as well. I've installed all Microsoft updates when they are available so I know my Windows firewall as well as all other security updates are the most current (I'm using Windows XP SP2). I've run a full Windows Defender spyware scan twice since this has happened, and it doesn't find any problems. Since this happened, it's happened again, (and continues to do so) where I'll get the CA window popping up, and telling me the Kastem.AI trojan has been found, sometimes saying it could be deleted, other times not. After this, I'll get shortcuts on my desktop for online dating, casino, and anti-spyware that point to links on the internet (Search2..., something like that). I'll also hear the "clicking" sound that Explorer makes (I'm using IE 7.0.5730.11) when clicking on links, even when the browser is closed. Also, in windows I'll be working with other applications and they will lose focus, pointing out that something else is running on my system. I can't seem to identify it in task manager, or find the service it may be running under control panel/services. This is extremely frustrating. How can I stop this attack? How can I get back to where these icons won't automatically appear on my desktop, and how can I find the service/app that keeps running in the background on my PC and remove it? Or the registry entry allowing this? I'm willing to work with HijackThis if it can help here, where Defender seems to be oblivious. In fact. where Defender keeps telling me that my system is fine, I ran a CA spyware scan (the free one on the web page via ActiveX) and it came back with: -------------------------------------------------------------------------------------------------------- SearchCentrix Hijacker Hijacker "SearchCentrix" found in:key "hkey_classes_root \clsid\{3f4d4f88-0198-4921-b630-957f3eb814e0}" key "hkey_local_machine \software\classes\clsid\{3f4d4f88-0198-4921-b630-957f3eb814e0}" More Info PeerEnabler P2P P2P "PeerEnabler" found in:key "hkey_classes_root \interface\{16097036-894c-4c00-a61f-93ca0d49a70e}" key "hkey_classes_root \interface\{1b540d44-3f61-4394-ae30-25fdc3649405}" key "hkey_classes_root \interface\{2ed5af98-9258-45ba-b79b-06625c92f662}" key "hkey_classes_root \interface\{700dc0dd-f409-42e0-9de5-21ee1a2ba9fd}" key "hkey_classes_root \interface\{c91e8926-d4be-4685-99f4-0d996b96bac0}" key "hkey_classes_root \interface\{ce9b37ec-d243-47a2-83db-3a8350175193}" key "hkey_classes_root \interface\{d273d427-57c6-4b12-860f-bbb8195f6e2a}" key "hkey_classes_root \interface\{fd42f6d3-7ab1-470c-979b-7996edc99099}" key "hkey_classes_root \jcde_stack" key "hkey_classes_root \jcde_stack.1" key "hkey_classes_root \typelib\{f720b40f-3a38-4b22-b30d-dcf095d42498}" More Info Cydoor Adware Adware "Cydoor" found in:key "hkey_classes_root \interface\{258a3625-183b-4477-aee2-ea54df6d878d}" key "hkey_classes_root \interface\{29e825aa-13bc-457c-806a-d72e4a25b3c5}" key "hkey_classes_root \interface\{9d4548ce-92fd-4c6c-ae7f-3dbe3bc763d8}" key "hkey_classes_root \interface\{ad5bc1f0-72d8-44b3-8e3d-8e8fecce43fb}" key "hkey_classes_root \interface\{e79dadc6-18d0-4a2a-831f-d196d41f8438}" key "hkey_classes_root \interface\{e813099d-5529-47f4-9b37-4afafcb00a43}" key "hkey_local_machine \software\classes\interface\{16097036-894c-4c00-a61f-93ca0d49a70e}" key "hkey_local_machine \software\classes\interface\{1b540d44-3f61-4394-ae30-25fdc3649405}" key "hkey_local_machine \software\classes\interface\{258a3625-183b-4477-aee2-ea54df6d878d}" key "hkey_local_machine \software\classes\interface\{29e825aa-13bc-457c-806a-d72e4a25b3c5}" key "hkey_local_machine \software\classes\interface\{2ed5af98-9258-45ba-b79b-06625c92f662}" key "hkey_local_machine \software\classes\interface\{700dc0dd-f409-42e0-9de5-21ee1a2ba9fd}" key "hkey_local_machine \software\classes\interface\{9d4548ce-92fd-4c6c-ae7f-3dbe3bc763d8}" key "hkey_local_machine \software\classes\interface\{ad5bc1f0-72d8-44b3-8e3d-8e8fecce43fb}" key "hkey_local_machine \software\classes\interface\{ce9b37ec-d243-47a2-83db-3a8350175193}" key "hkey_local_machine \software\classes\interface\{d273d427-57c6-4b12-860f-bbb8195f6e2a}" key "hkey_local_machine \software\classes\interface\{e79dadc6-18d0-4a2a-831f-d196d41f8438}" key "hkey_local_machine \software\classes\interface\{e813099d-5529-47f4-9b37-4afafcb00a43}" key "hkey_local_machine \software\classes\interface\{fd42f6d3-7ab1-470c-979b-7996edc99099}" File "C:\Documents and Settings\BBY\local settings\temp\873101.tmp" More Info TopSearch Browser Helper Object Browser Helper Object "TopSearch" found in:key "hkey_classes_root \interface\{582ab125-1403-42fb-9efb-198690ba1496}" key "hkey_classes_root \typelib\{bff4f684-677e-44f4-8c74-1d575c950e10}" key "hkey_classes_root \typelib\{edd3b3e9-3ffd-4836-a6de-d4a9c473a971}" More Info RXToolbar Adware Adware "RXToolbar" found in:key "hkey_classes_root \typelib\{05563f82-69a7-40a6-8670-153b635a7ef6}" key "hkey_classes_root \typelib\{66b20295-dc57-42b6-acdf-52d916e86464}" More Info Grokster P2P P2P "Grokster" found in:key "hkey_classes_root \typelib\{5830698f-7fc0-40cd-a453-9a0cafdf3a64}" key "hkey_classes_root \typelib\{676f6d1d-c559-42a9-860b-27c1477b7179}" More Info Kollah Trojan Trojan "Kollah" found in:key "hkey_current_user \software\microsoft\windows nt\currentversion\network" value "uid" Folder "C:\WINDOWS\system32\wsnpoem" File "C:\WINDOWS\system32\ntos.exe" More Info P2P Networking Adware Adware "P2P Networking" found in:key "hkey_local_machine \software\classes\interface\{c91e8926-d4be-4685-99f4-0d996b96bac0}" key "hkey_local_machine \software\classes\typelib\{f720b40f-3a38-4b22-b30d-dcf095d42498}" More Info KaZaA P2P P2P "KaZaA" found in:key "hkey_local_machine \software\classes\jcde_stack" key "hkey_local_machine \software\classes\jcde_stack.1" Folder "C:\Documents and Settings\BBY\local settings\temp\admcache" More Info NewMediaCodec Trojan ---------------------------------------------------------------------------------------------------------------------------- I can paste the CA real time and on demand logs of the scans if it will help. Thank you for your help! :D Phil

    Advertisements

Register to Remove

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users