 Privacy Protector, Error Cleaner, Spyware&malware Protection - Just Finished Using Sdfix.exe - Someone Let Me Know If I'm Alright?, Someone let me know if I'm alright now.. |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
 Jul 15 2008, 05:48 AM
Post
#1
|
|
|
New Member  Group: Members Posts: 11 Joined: 18-January 05 Member No.: 9,898  |
Alright, I posted earlier but now I found the real problem. I had malware installed on my computer and it was the Privacy Protector, Error Cleaner, Spyware&malware Protection problem.
I just ran SD fix.exe and it found a lot but now that my computer is up, I am still getting the attack messages. I followed the instructions here: http://www.bleepingcomputer.com/forums/topic105116.html These are the results of my fix: SDFix: Version 1.205 Run by Administrator on Tue 07/15/2008 at 06:26 AM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Restoring Windows ProductId To Remove Fake Virus Alert Rebooting Checking Files : Trojan Files Found: C:\Documents and Settings\user\Desktop\Error Cleaner.url - Deleted C:\Documents and Settings\user\Favorites\Error Cleaner.url - Deleted C:\Documents and Settings\user\Desktop\Privacy Protector.url - Deleted C:\Documents and Settings\user\Favorites\Privacy Protector.url - Deleted C:\Documents and Settings\user\Desktop\Spyware&Malware Protection.url - Deleted C:\Documents and Settings\user\Favorites\Spyware&Malware Protection.url - Deleted C:\WINDOWS\system32\s.bat - Deleted C:\WINDOWS\EPEB.EXE - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-15 06:39:03 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Direct Connect\\Direct Connect.exe"="C:\\Program Files\\Direct Connect\\Direct Connect.exe:*:Enabled:File Sharing over TCP/IP" "C:\\Program Files\\Trillian\\trillian.exe"="C:\\Program Files\\Trillian\\trillian.exe:*:Enabled:Trillian" "C:\\Program Files\\TorrentStorm\\Downloader\\Tor032\\tor032.exe"="C:\\Program Files\\TorrentStorm\\Downloader\\Tor032\\tor032.exe:*:Enabled:tor032" "C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"="C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp:*:Enabled:KazaaLite" "C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Disabled:LEXPPS.EXE" "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer" "C:\\Program Files\\AIM95\\aim.exe"="C:\\Program Files\\AIM95\\aim.exe:*:Disabled:AOL Instant Messenger" "C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:Enabled:DC++" "C:\\Documents and Settings\\user\\Desktop\\DCPlusPlus.exe"="C:\\Documents and Settings\\user\\Desktop\\DCPlusPlus.exe:*:Enabled:DC++" "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent" "C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui" "C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord" "C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"="C:\\Program Files\\QuickTime\\QuickTimePlayer.exe:*:Enabled:QuickTime Player" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe" "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe" "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe" "C:\\WINDOWS\\system32\\mphmjuvf.exe"="C:\\WINDOWS\\system32\\mph" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe" "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Mon 12 Dec 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Sat 13 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp" Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\BIT3.tmp" Wed 11 Aug 2004 39,424 ...H. --- "C:\Documents and Settings\user\Application Data\Microsoft\Word\~WRL1042.tmp" Mon 12 Dec 2005 4,348 A..H. --- "C:\Documents and Settings\user\My Documents\My Music\iTunes\iTunes Music\License Backup\drmv1key.bak" Mon 12 Dec 2005 20 A..H. --- "C:\Documents and Settings\user\My Documents\My Music\iTunes\iTunes Music\License Backup\drmv1lic.bak" Mon 12 Dec 2005 400 A.SH. --- "C:\Documents and Settings\user\My Documents\My Music\iTunes\iTunes Music\License Backup\drmv2key.bak" Finished! Tara |
 |
 
|
Posts in this topic
Dingerz Privacy Protector, Error Cleaner, Spyware&malware Protection - Just Finished Using Sdfix.exe - Someone Let Me Know If I'm Alright? Jul 15 2008, 05:48 AM
Dingerz My ComboFix log:
ComboFix 08-07-13.11 - user 2008... Jul 15 2008, 06:03 AM Dingerz I am STILL getting a popup saying my computer is c... Jul 15 2008, 06:06 AM Dingerz Someone help?? It's so bad.. I ran all that ... Jul 15 2008, 10:54 AM
Thunder Hello Tara,
Please do not open more than one thre... Jul 16 2008, 03:58 AM  |
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 21st November 2009 - 08:28 PM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.