Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91848 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Slow startup & Can't download Adaware Updates


  • This topic is locked This topic is locked
No replies to this topic

#1 dano2l

dano2l

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 10 May 2008 - 10:50 PM

I'm helping out a dirty old man with his computer. I suspect he's been on some sites of ill repute. Could you please check to see if anything else is hiding on here? Spybot found a few things, but I can't download Adaware updates, so I think I missed something.

Running Windows XP Professional 2002, SP2

I ran through the maleware self help post and did everything:

ATF Cleaner: Done
System Restore: Done

Malwarebytes log:


Malwarebytes' Anti-Malware 1.12
Database version: 736

Scan type: Quick Scan
Objects scanned: 39514
Time elapsed: 9 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files\alot\bin\alot.dll (Adware.BHO) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Adware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} (Adware.BHO) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\alot (Adware.BHO) -> Delete on reboot.
C:\Program Files\alot\bin (Adware.BHO) -> Delete on reboot.

Files Infected:
C:\Program Files\alot\bin\alot.dll (Adware.BHO) -> Delete on reboot.
C:\Program Files\alot\alotUninst.exe (Adware.BHO) -> Quarantined and deleted successfully.



SuperAntiSpyware: Didn't find anything

Panda Activescan: Didn't find anything major:

;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-05-10 21:19:50
PROTECTIONS: 1
MALWARE: 4
SUSPECTS: 0
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
Symantec AntiVirus Corporate Edition 8.1.1.366 Yes Yes
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\IHRIGHE\Cookies\ihrighe@trafficmp[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\IHRIGHE\Cookies\ihrighe@ad.yieldmanager[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\IHRIGHE\Cookies\ihrighe@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\IHRIGHE\Cookies\ihrighe@bs.serving-sys[2].txt
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description
;===============================================================================
================================================================================
=
===================
182048 HIGH MS07-069
176382 HIGH MS07-057
170906 HIGH MS07-045 %

Edited by dano2l, 10 May 2008 - 11:00 PM.

    Advertisements

Register to Remove

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users