BleepingComputer.com: Video Activex Access Trojan

Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

Video Activex Access Trojan

#1 User is offline   alt3rn1ty 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 57
  • Joined: 26-March 06

Posted 29 July 2007 - 06:38 AM

I used to have MWAV subscription, which has now run out. When running MWAV it now reports I have the following

Video activex access trojan
gain.gator adware/spyware
possible fujacks type worm

How do I get rid of these without subscribing again to mwav?

This post has been edited by alt3rn1ty: 29 July 2007 - 06:40 AM

#2 User is offline   alt3rn1ty 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 57
  • Joined: 26-March 06

Posted 29 July 2007 - 06:54 AM

If it helps here are the offending entries in the MWAV log file

Sun Jul 29 12:45:59 2007 => System found infected with video activex access Trojan ({7e853d72-626a-48ec-a868-ba8d5e23e045})! Action taken: No Action Taken.
Sun Jul 29 12:46:01 2007 => Offending Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gator.com !!!
Sun Jul 29 12:46:01 2007 => Object "gain.gator Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jul 29 12:46:01 2007 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com !!!
Sun Jul 29 12:46:01 2007 => Object "gain.gator Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jul 29 12:46:01 2007 => Offending Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com !!!
Sun Jul 29 12:46:01 2007 => Object "gain.gator Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jul 29 12:46:13 2007 => Checking MountPoints2 Registry Key...
Sun Jul 29 12:46:13 2007 => Executable Command Found in {50252a90-9d92-11da-98dc-806d6172696f}\Shell\AutoRun\command: J:\Setup\rsrc\Autorun.exe
Sun Jul 29 12:46:13 2007 => Offending Key found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50252a90-9d92-11da-98dc-806d6172696f} !!!
Sun Jul 29 12:46:13 2007 => Object "Possible Fujacks-type Worm" found in File System! Action Taken: No Action Taken.

Sun Jul 29 12:46:13 2007 => Executable Command Found in {50252a91-9d92-11da-98dc-806d6172696f}\GAME_EXE\GAME_GUID\GAME_NAME\Shell\AutoRun\command: K:\Autorun.exe
Sun Jul 29 12:46:13 2007 => Offending Key found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50252a91-9d92-11da-98dc-806d6172696f} !!!
Sun Jul 29 12:46:13 2007 => Object "Possible Fujacks-type Worm" found in File System! Action Taken: No Action Taken.

Sun Jul 29 12:46:13 2007 => Checking CLSID Reference Entries...
Sun Jul 29 12:46:17 2007 => Entry "HKCR\PhotoRecord.Album" refers to invalid object "{FEDCFFC1-BEC4-11D1-93B9-0060979C8AB8}". Action Taken: No Action Taken.

Sun Jul 29 12:46:18 2007 => Checking Module Usage Entries...
Sun Jul 29 12:46:18 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\avsniff.dll". Action Taken: No Action Taken.

Sun Jul 29 12:46:18 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\rufsi.dll". Action Taken: No Action Taken.

#3 User is offline   alt3rn1ty 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 57
  • Joined: 26-March 06

Posted 30 July 2007 - 12:35 PM

:thumbsup: Bump - Helloooo!, is anybody out there? <OH NO, MAYBE EVERYONES 'PUTERS TRASHED TOO, MAYBE I PASSED IT ON, NOOOO!> :flowers:

#4 User is offline   mz30 

  • Distinguished Member
  • PipPipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 828
  • Joined: 24-February 07
  • Gender:Male
  • Location:liverpool,england

Posted 30 July 2007 - 12:40 PM

hi alt3rn1ty
the reason you have been overlooked is you have posted in the wrong section you should post your logs here

good luck :thumbsup:
god my head hurts.
if you don't ask ,you don't know



Posted Image

#5 User is offline   quietman7 

  • Bleepin' Janitor
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Global Moderator
  • Posts: 25,111
  • Joined: 09-July 05
  • Location:Virginia, USA

Posted 30 July 2007 - 01:35 PM

I have split your HJT log away from this thread and moved it into the HJT forum.

You can find it here: http://www.bleepingcomputer.com/forums/topic102044.html

Now that your log is posted there, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files on your own, etc.) unless advised by a HJT Team member. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make may cause confusion for the member assisting you and complicate the malware removal process.

Please be patient and wait for a response from an HJT Team member. It may take a while to get a response because team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. While waiting, please DO NOT make another reply to your log until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have no replies as this makes it easier for them to identify those who have not been helped. If you post another response, a team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.
Microsoft MVP - Consumer Security 2007-2012 Posted Image
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#6 User is offline   alt3rn1ty 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 57
  • Joined: 26-March 06

Posted 30 July 2007 - 05:29 PM

Thanx guyz my bad, going across to the link and wont alter anything until advised. :thumbsup:

#7 User is offline   quietman7 

  • Bleepin' Janitor
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Global Moderator
  • Posts: 25,111
  • Joined: 09-July 05
  • Location:Virginia, USA

Posted 01 August 2007 - 08:02 AM

Your welcome and good luck.

If you followed any other advice in regards to this issue, please ensure you inform the HJT Helper when they respond to assist you with your log. This will help them know what has been done and they probably will ask for an updated log.

To avoid confusing, I am closing this thread. Should you need it reopened after your log has been reviewed and you have been cleared, please PM me or another moderator.

Again, thanks for your cooperation.
Microsoft MVP - Consumer Security 2007-2012 Posted Image
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users