My first post.
Anyways I have a few problems, I have a laptop and I always have the same update everyday. I always have to update it when I turn off the computer or on the automatic updates (which will cause me to restart). I believe it's the same update since it is always one update. I also have a Trojan downloader from the win32/Zlob Family (I believe) and it always comes back. How I got that Trojan I do not know. Now how do I get that this one updates "stays" on my computer and that Trojan is away for good.
I also don't have a good anti-virus program since my Norton subscription has expired and my OneCare trial has expired also. I don't know why the subscription has expired, it came with the computer.
Please help me!
Thanks in advance!!!
Edit: Moved topic from XP to the more appropriate forum. ~ Animal
Full Version: Big Problem Here...
I am now installing Avira AnitVir so I will have a good anti-Virus program. It still doesn't solve the problem though.
I now have another problem. I have the anti-virus program installed now, doing a scan, doing the update. I have two other viruses on the computer, which was never ever found. I don't know if that is true, also Norton tells me all the things from this program is all high risk. Like the updater and the notifier. I have permitted them though since it was said from this forum that it is a trusted program.
I'm still a little scared that it had found 3 things that will harm my computer. Can someone tell me (that uses the program them self) that it is VERY trusted.
Thanks in advance!!!
I'm still a little scared that it had found 3 things that will harm my computer. Can someone tell me (that uses the program them self) that it is VERY trusted.
Thanks in advance!!!
Having no antivirus is risky but with proper care and other protection like being fully updated, immunizing IE and using firefox with noscript and doing frequent scans you can stay fairly malware free.
Having more than one resident active antivirus will almost certainly cause conflicts that will corrupt windows to the point of no repair.
Having more than one resident active antivirus will almost certainly cause conflicts that will corrupt windows to the point of no repair.
you are going to get MORE infections with, at my reconing ,THREE antivirus programs now on there
Norton,One Care and antivir
look at this pictorial guide ON xp system restore
http://www.bleepingcomputer.com/tutorials/tutorial56.html
see if you can roll back to PRIOR to all this stuff going on there?
I suggest you see in each of the programs if they can be disabled while you do your roll back , stating the hopefully obvious OFF line
then start again
get that sorted then we can get you scanned for some other nasties with different tools
Norton,One Care and antivir
look at this pictorial guide ON xp system restore
http://www.bleepingcomputer.com/tutorials/tutorial56.html
see if you can roll back to PRIOR to all this stuff going on there?
I suggest you see in each of the programs if they can be disabled while you do your roll back , stating the hopefully obvious OFF line
then start again
get that sorted then we can get you scanned for some other nasties with different tools
I didn't mean that, OneCare has been removed right after the trial has expired so I don't have it on my computer anymore. The Norton Anti-virus doesn't work at all since the subscription has expired, so it is disabled (because of no key since the program came with the computer, it won't let me enable it). The only anti-virus program that is working or on the computer that I have is Antivir.
Anitvir removed all the Malware I have had but often that one Trojan downloader will come back, so how will it happen that is stays away for good? Also if I want to update the program (Antivir) will it work with Wireless internet. It always says that it failed to get connection.
Also that one update has came back! I went to dinner and the computer restarted when I came back it said that it is up to date but now it says that my computer has updates. That thing just keeps coming back! Note that this update thing has been before I even had all this Trojan downloader stuff so it has nothing to do with it. I hope.
Don't worry I don't have 3 anti-virus programs on my computer. One doesn't work and the other has been removed. I know it's bad. Although I have a question, Norton Anti-Virus is with Norton, it's disabled but will harm the computer if it stays off? Since I can't turn it on, I don't have any anti-virus at all so it shouldn't harm the computer, right?
Anitvir removed all the Malware I have had but often that one Trojan downloader will come back, so how will it happen that is stays away for good? Also if I want to update the program (Antivir) will it work with Wireless internet. It always says that it failed to get connection.
Also that one update has came back! I went to dinner and the computer restarted when I came back it said that it is up to date but now it says that my computer has updates. That thing just keeps coming back! Note that this update thing has been before I even had all this Trojan downloader stuff so it has nothing to do with it. I hope.
Don't worry I don't have 3 anti-virus programs on my computer. One doesn't work and the other has been removed. I know it's bad. Although I have a question, Norton Anti-Virus is with Norton, it's disabled but will harm the computer if it stays off? Since I can't turn it on, I don't have any anti-virus at all so it shouldn't harm the computer, right?
http://www.majorgeeks.com/Norton_Removal_T...mNRT_d4749.html
let's make sure norton's is gone
also run this scan and post the log after running the removal tool and rebooting
http://www.bleepingcomputer.com/forums/ind...mp;#entry811062
avira is about the only free av I would reccomend
let's make sure norton's is gone
also run this scan and post the log after running the removal tool and rebooting
http://www.bleepingcomputer.com/forums/ind...mp;#entry811062
avira is about the only free av I would reccomend
It tells me that the Removal tool has expired
Nevermind, I have downloaded the program from the link of the message. http://service1.symantec.com/SUPPORT/share...006050909471013 was the link. Well not like that, I think is was just symantec.com only it redirected me to the correct place.
Malwarebytes' Anti-Malware 1.12
Database version: 760
Scan type: Quick Scan
Objects scanned: 37780
Time elapsed: 11 minute(s), 53 second(s)
Memory Processes Infected: 2
Memory Modules Infected: 1
Registry Keys Infected: 16
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 11
Memory Processes Infected:
C:\Program Files\OneStepSearch\onestep.exe (Adware.OneStepSearch) -> Unloaded process successfully.
C:\Program Files\OneStepSearch\onestep.exe (Adware.OneStepSearch) -> Unloaded process successfully.
Memory Modules Infected:
C:\Program Files\OneStepSearch\onestep.dll (Adware.OneStepSearch) -> Unloaded module successfully.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409} (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409} (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{139c109e-08c6-4b60-9142-860b8cd5d000} (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2a1c5cb-c0ef-4689-9436-f62cca1c5383} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{679b00b5-0783-4de4-a478-7227fdd50825} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{14869272-e04b-66dc-80dd-58bab2570cf0} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{03b54468-0899-4233-8689-623fffc295ee} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{08f5d2f6-4ae5-486b-98e0-3e85ba6b4d11} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{38481807-ca0e-42d2-bf39-b33af135cc4d} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\onestepsearch (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\OneStepSearch (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\OneStep Search Service (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Web Application (Trojan.Zlob) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{d4c51fa4-9192-4a9a-8d2a-a0690c92f171} (Trojan.Zlob) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\Helper (Adware.BHO) -> Quarantined and deleted successfully.
C:\Program Files\OneStepSearch (Adware.OneStepSearch) -> Delete on reboot.
C:\Program Files\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\IETAG.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\OneStepSearch\home.js (Adware.OneStepSearch) -> Quarantined and deleted successfully.
C:\Program Files\OneStepSearch\onestep.dll (Adware.OneStepSearch) -> Delete on reboot.
C:\Program Files\OneStepSearch\onestep.exe (Adware.OneStepSearch) -> Quarantined and deleted successfully.
C:\Program Files\OneStepSearch\osopt.exe (Adware.OneStepSearch) -> Quarantined and deleted successfully.
C:\Program Files\OneStepSearch\readme.html (Adware.OneStepSearch) -> Quarantined and deleted successfully.
C:\Program Files\OneStepSearch\uninstall.exe (Adware.OneStepSearch) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\waun.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jessica Franks\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
Database version: 760
Scan type: Quick Scan
Objects scanned: 37780
Time elapsed: 11 minute(s), 53 second(s)
Memory Processes Infected: 2
Memory Modules Infected: 1
Registry Keys Infected: 16
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 11
Memory Processes Infected:
C:\Program Files\OneStepSearch\onestep.exe (Adware.OneStepSearch) -> Unloaded process successfully.
C:\Program Files\OneStepSearch\onestep.exe (Adware.OneStepSearch) -> Unloaded process successfully.
Memory Modules Infected:
C:\Program Files\OneStepSearch\onestep.dll (Adware.OneStepSearch) -> Unloaded module successfully.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409} (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409} (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{139c109e-08c6-4b60-9142-860b8cd5d000} (Rogue.Virus.Ranger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2a1c5cb-c0ef-4689-9436-f62cca1c5383} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{679b00b5-0783-4de4-a478-7227fdd50825} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{14869272-e04b-66dc-80dd-58bab2570cf0} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{03b54468-0899-4233-8689-623fffc295ee} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{08f5d2f6-4ae5-486b-98e0-3e85ba6b4d11} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{38481807-ca0e-42d2-bf39-b33af135cc4d} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\onestepsearch (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\OneStepSearch (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\OneStep Search Service (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Web Application (Trojan.Zlob) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{81705d67-3f73-4983-859b-97d0922e5abe} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{d4c51fa4-9192-4a9a-8d2a-a0690c92f171} (Trojan.Zlob) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\Helper (Adware.BHO) -> Quarantined and deleted successfully.
C:\Program Files\OneStepSearch (Adware.OneStepSearch) -> Delete on reboot.
C:\Program Files\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\Common Files\Microsoft Shared\Smart Tag\IETAG.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\OneStepSearch\home.js (Adware.OneStepSearch) -> Quarantined and deleted successfully.
C:\Program Files\OneStepSearch\onestep.dll (Adware.OneStepSearch) -> Delete on reboot.
C:\Program Files\OneStepSearch\onestep.exe (Adware.OneStepSearch) -> Quarantined and deleted successfully.
C:\Program Files\OneStepSearch\osopt.exe (Adware.OneStepSearch) -> Quarantined and deleted successfully.
C:\Program Files\OneStepSearch\readme.html (Adware.OneStepSearch) -> Quarantined and deleted successfully.
C:\Program Files\OneStepSearch\uninstall.exe (Adware.OneStepSearch) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\NetProject\waun.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jessica Franks\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
Is the program just a Anti-Malware or also a Anti-Spyware? Just a small question that interests me since I get confused a lot. I don't have good knowledge with computers as you can see.
malware is a catch all term for all the bad stuff
Oh ok, wasn't so sure. Thanks! I'm off for bed and I'll check tomorrow! Thanks for the help, it's running better now although I'm still unsure.
there will be more scans to do, zlob is a bad one but be sure and turn your computer off
Mainly an Antimalware app. But since spyware is malware it does get both. As doe s Superantispyware it will also catch and kill most trojans plus spyware. Scan your PC with it also and see.
Download and scan with SUPERAntiSpyware Free for Home Users
Download and scan with SUPERAntiSpyware Free for Home Users
- Double-click SUPERAntiSpyware.exe and use the default settings for installation.
- An icon will be created on your desktop. Double-click that icon to launch the program.
- If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
- Under "Configuration and Preferences", click the Preferences button.
- Click the Scanning Control tab.
- Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
- Click the "Close" button to leave the control center screen.
- Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
- On the left, make sure you check C:\Fixed Drive.
- On the right, under "Complete Scan", choose Perform Complete Scan.
- Click "Next" to start the scan. Please be patient while it scans your computer.
- After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
- Make sure everything has a checkmark next to it and click "Next".
- A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
- If asked if you want to reboot, click "Yes".
- To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
- Click Close to exit the program.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 05/18/2008 at 01:10 PM
Application Version : 4.0.1154
Core Rules Database Version : 3463
Trace Rules Database Version: 1454
Scan type : Complete Scan
Total Scan Time : 00:56:19
Memory items scanned : 481
Memory threats detected : 0
Registry items scanned : 5750
Registry threats detected : 9
File items scanned : 54610
File threats detected : 20
Adware.OneStepSearch
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE\0000#DeviceDesc
Adware.Tracking Cookie
C:\Documents and Settings\LocalService\Cookies\system@2o7[1].txt
C:\Documents and Settings\Mack Franks\Cookies\mack franks@atdmt[2].txt
C:\Documents and Settings\Mack Franks\Cookies\mack franks@doubleclick[1].txt
C:\Documents and Settings\Mack Franks\Cookies\mack franks@msnservices.112.2o7[1].txt
C:\Documents and Settings\Mack Franks\Cookies\mack_franks@2o7[2].txt
C:\Documents and Settings\Mack Franks\Cookies\mack_franks@ad.yieldmanager[1].txt
C:\Documents and Settings\Mack Franks\Cookies\mack_franks@adrevolver[2].txt
C:\Documents and Settings\Mack Franks\Cookies\mack_franks@atwola[1].txt
C:\Documents and Settings\Mack Franks\Cookies\mack_franks@fastclick[2].txt
C:\Documents and Settings\Mack Franks\Cookies\mack_franks@iacas.adbureau[2].txt
C:\Documents and Settings\Mack Franks\Cookies\mack_franks@imrworldwide[2].txt
C:\Documents and Settings\Mack Franks\Cookies\mack_franks@komtrack[2].txt
C:\Documents and Settings\Mack Franks\Cookies\mack_franks@media.adrevolver[1].txt
C:\Documents and Settings\Mack Franks\Cookies\mack_franks@media.adrevolver[2].txt
C:\Documents and Settings\Mack Franks\Cookies\mack_franks@mediaplex[1].txt
C:\Documents and Settings\Mack Franks\Cookies\mack_franks@revsci[2].txt
C:\Documents and Settings\Mack Franks\Cookies\mack_franks@sonyelectronicssupportus.112.2o7[1].txt
C:\Documents and Settings\Mack Franks\Cookies\mack_franks@tacoda[2].txt
C:\Documents and Settings\Mack Franks\Cookies\mack_franks@tribalfusion[1].txt
C:\Documents and Settings\Mack Franks\Cookies\mack_franks@weborama[2].txt
http://www.superantispyware.com
Generated 05/18/2008 at 01:10 PM
Application Version : 4.0.1154
Core Rules Database Version : 3463
Trace Rules Database Version: 1454
Scan type : Complete Scan
Total Scan Time : 00:56:19
Memory items scanned : 481
Memory threats detected : 0
Registry items scanned : 5750
Registry threats detected : 9
File items scanned : 54610
File threats detected : 20
Adware.OneStepSearch
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE\0000#DeviceDesc
Adware.Tracking Cookie
C:\Documents and Settings\LocalService\Cookies\system@2o7[1].txt
C:\Documents and Settings\Mack Franks\Cookies\mack franks@atdmt[2].txt
C:\Documents and Settings\Mack Franks\Cookies\mack franks@doubleclick[1].txt
C:\Documents and Settings\Mack Franks\Cookies\mack franks@msnservices.112.2o7[1].txt
C:\Documents and Settings\Mack Franks\Cookies\mack_franks@2o7[2].txt
C:\Documents and Settings\Mack Franks\Cookies\mack_franks@ad.yieldmanager[1].txt
C:\Documents and Settings\Mack Franks\Cookies\mack_franks@adrevolver[2].txt
C:\Documents and Settings\Mack Franks\Cookies\mack_franks@atwola[1].txt
C:\Documents and Settings\Mack Franks\Cookies\mack_franks@fastclick[2].txt
C:\Documents and Settings\Mack Franks\Cookies\mack_franks@iacas.adbureau[2].txt
C:\Documents and Settings\Mack Franks\Cookies\mack_franks@imrworldwide[2].txt
C:\Documents and Settings\Mack Franks\Cookies\mack_franks@komtrack[2].txt
C:\Documents and Settings\Mack Franks\Cookies\mack_franks@media.adrevolver[1].txt
C:\Documents and Settings\Mack Franks\Cookies\mack_franks@media.adrevolver[2].txt
C:\Documents and Settings\Mack Franks\Cookies\mack_franks@mediaplex[1].txt
C:\Documents and Settings\Mack Franks\Cookies\mack_franks@revsci[2].txt
C:\Documents and Settings\Mack Franks\Cookies\mack_franks@sonyelectronicssupportus.112.2o7[1].txt
C:\Documents and Settings\Mack Franks\Cookies\mack_franks@tacoda[2].txt
C:\Documents and Settings\Mack Franks\Cookies\mack_franks@tribalfusion[1].txt
C:\Documents and Settings\Mack Franks\Cookies\mack_franks@weborama[2].txt
that's looking good, would you run another scan with MBAM, it may be all gone now
I have, I just can't post it til the weekend, sorry! It said that nothing was found. Would it be gone forever or will it come back? Thanks for your help, you owe me big time XD
Malwarebytes' Anti-Malware 1.12
Database version: 760
Scan type: Full Scan (C:\|)
Objects scanned: 111173
Time elapsed: 41 minute(s), 22 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Database version: 760
Scan type: Full Scan (C:\|)
Objects scanned: 111173
Time elapsed: 41 minute(s), 22 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Since my other thread was closed down I guess 'start over' back here. Well I now have a new problem. I did a scan and now I have adware. When the scan is running it stops at one file and won't go on with the scan. Either it takes a very long to time to scan it or something it wrong. It's in the System Volume Information area and it is some kind of restore file. AntiVir also said that it is something that shouldn't be there or infected. It is also a a HEUR/HTML.Maleware file as AntiVir tells me. I haven't done a scan on AntiMaleware yet but I soon will be. Next reply will the scan report from SuperAntiSpyware.
Thanks in advance.
Thanks in advance.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 06/30/2008 at 06:31 PM
Application Version : 4.15.1000
Core Rules Database Version : 3493
Trace Rules Database Version: 1484
Scan type : Complete Scan
Total Scan Time : 01:32:17
Memory items scanned : 558
Memory threats detected : 0
Registry items scanned : 5777
Registry threats detected : 0
File items scanned : 54383
File threats detected : 2
Adware.Tracking Cookie
.atdmt.com [ C:\Documents and Settings\Jessica Franks\Application Data\Mozilla\Firefox\Profiles\3odj4unm.default\cookies.txt ]
.gaiainteractive.112.2o7.net [ C:\Documents and Settings\Jessica Franks\Application Data\Mozilla\Firefox\Profiles\3odj4unm.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Jessica Franks\Application Data\Mozilla\Firefox\Profiles\3odj4unm.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
adopt.euroclick.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
ar.atwola.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
.atwola.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
a2.adserver01.de [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
partners.webmasterplan.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
partners.webmasterplan.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
.hitbox.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
.ehg-wacomtechnology.hitbox.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
www.googleadservices.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
C:\Documents and Settings\Mack Franks\Cookies\mack_franks@atdmt[2].txt
C:\Documents and Settings\Mack Franks\Cookies\mack_franks@questionmarket[2].txt
http://www.superantispyware.com
Generated 06/30/2008 at 06:31 PM
Application Version : 4.15.1000
Core Rules Database Version : 3493
Trace Rules Database Version: 1484
Scan type : Complete Scan
Total Scan Time : 01:32:17
Memory items scanned : 558
Memory threats detected : 0
Registry items scanned : 5777
Registry threats detected : 0
File items scanned : 54383
File threats detected : 2
Adware.Tracking Cookie
.atdmt.com [ C:\Documents and Settings\Jessica Franks\Application Data\Mozilla\Firefox\Profiles\3odj4unm.default\cookies.txt ]
.gaiainteractive.112.2o7.net [ C:\Documents and Settings\Jessica Franks\Application Data\Mozilla\Firefox\Profiles\3odj4unm.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Jessica Franks\Application Data\Mozilla\Firefox\Profiles\3odj4unm.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
adopt.euroclick.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
ar.atwola.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
.atwola.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
a2.adserver01.de [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
partners.webmasterplan.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
partners.webmasterplan.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
.hitbox.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
.ehg-wacomtechnology.hitbox.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
www.googleadservices.com [ C:\Documents and Settings\Mack Franks\Application Data\Mozilla\Firefox\Profiles\kf3q2wlm.default\cookies.txt ]
C:\Documents and Settings\Mack Franks\Cookies\mack_franks@atdmt[2].txt
C:\Documents and Settings\Mack Franks\Cookies\mack_franks@questionmarket[2].txt
I wanted to scan the computer with Malwarebytes' Anti-Maleware but sadly when it got to the System Volume Information it wouldn't respond. I don't know why, but is there some way to fix everything back to normal? Thanks in Advance
Well it looks like you aren't infected, that's the good news, if that's true, the bad news is, you have windows problems and they can worse to fix than malware.
However!
Let's kill 2 birds with one stone, I would like you to learn to use ATF cleaner and rerun SAS in safe mode
http://www.bleepingcomputer.com/forums/ind...mp;#entry634693
follow the directions exactly and complete each step
However!
Let's kill 2 birds with one stone, I would like you to learn to use ATF cleaner and rerun SAS in safe mode
http://www.bleepingcomputer.com/forums/ind...mp;#entry634693
follow the directions exactly and complete each step
Well I wanted to go on Safe Mode but all what it did was a black screen and listing files in the folder System 32. I just freaked out, only other family members (My brother and dad) went on Safe Mode. So I don't know what will happen when the computer is on Safe Mode.
Please have them do it for you the first time, It's easy once you get used to it
It's also an essential skill today if you are going to keep your computer disinfected, if nothing bad ever gets thru you might not need it
There are many more uses for it tho
It's also an essential skill today if you are going to keep your computer disinfected, if nothing bad ever gets thru you might not need it
There are many more uses for it tho
Ok, I have to wait though. Both are work, so I guess I'll draw something with photoshop. Nothing bad can happen there XD ....Well I hope
there's a reason they call safe mode SAFE
it keeps a lot of stuff that isn't safe from loading
it keeps a lot of stuff that isn't safe from loading
Well at the moment I'm not on safe mode so yea. I read the guide on how to put it on safe mode. I think I'll do it the other instead of doing f8 one. But I'm still going to wait till someone comes home since I want someone to watch what I do. lol
As stated in my link on safe mode, the dangerous part is forcing a safe mode boot by using msconfig and that's only dangerous when you have a bad malware infection
I can still do it right? Since in the reply before you said that I'm infected. So no worries right?
QUOTE
Well it looks like you aren't infected
but let's try SAS from safe mode just to be sure
Ok I've done what it sad, although the online scan wouldn't let me do it. Oddly when I wanted to use IE it didn't do anything. A little confused, SAS didn't find anything.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.