Tratbho Problem!

When posting your problem, do not run and post a ComboFix logs. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

Tratbho Problem!

Options

alchar View Member Profile	Feb 2 2008, 11:11 AM Post #1
New Member Group: Members Posts: 9 Joined: 2-February 08 Member No.: 187,856	Hi, this is my first post ever (in any forum), so I d like to ask for your understanding. My PC (Windows XP) has been infected by the TratBHO virus. I tried using avast, vundofix and virtumundobegone but none worked. I got the virus through msn and what it does -most of the time- is send itself via msn to others, and then msn doesnt work. At first I read about a similar virus/spyware named pic(1)(1)(1) and so on, and i followed the instructions to erase it. I thought that worked but then avast started notifying me that I ve got this trojan, TratBHO. As I said, I used vundofix and virtumundobegone but the first said it could not delete this file awtstur.dll and I tried using virtumundo, but that didnt do anything either. Vundofix picks up the virus and so does avast, and I stopped using msn Can you help?

alchar View Member Profile	Feb 2 2008, 01:17 PM Post #2
New Member Group: Members Posts: 9 Joined: 2-February 08 Member No.: 187,856	No ideas? I tried reading the other posts but nothing really helped. I d appreciate some advice! Thanks

ruby1 View Member Profile	Feb 2 2008, 01:32 PM Post #3
a forum member Group: Members Posts: 2,360 Joined: 27-August 07 Member No.: 153,171	Hi and welcom!! if you know how to; take a restore point NOW then download and try running these free programs superantispyware http://www.superantispyware.com/ asquared http://www.emsisoft.com/en/software/free/ spybot http://www.spybot.info/en/download/index.html fully update, reboot and run on full deep scans to see what they find ? also an on line scan from trend http://housecall.trendmicro.com/ and report back when done depending on what you have on your computer this lot may take a few hours run ON full deep scans , so be prepared

alchar View Member Profile	Feb 2 2008, 02:35 PM Post #4
New Member Group: Members Posts: 9 Joined: 2-February 08 Member No.: 187,856	Well no I dont know what a restore point is and do you really think I have to do all that? I ve already added spybot, then all the others i mention in the first post and they all seem to agree i ve got this trojan but none can deal with it!

alchar View Member Profile	Feb 2 2008, 03:02 PM Post #5
New Member Group: Members Posts: 9 Joined: 2-February 08 Member No.: 187,856	Any help on the restore point? I looked at another discussion but I cant see any System Tools in my Accessories, thanks!

ruby1 View Member Profile	Feb 2 2008, 03:10 PM Post #6
a forum member Group: Members Posts: 2,360 Joined: 27-August 07 Member No.: 153,171	system restore should be found start/all programs/ accessories/system restore it is not vital but would be helpful if you COULD find it and create a restore point prior to doing any work on the computer you do need to run the suggested scans as they are prerequisites for any further analysis of the computer within another section of this forum they also might find other infections you do not as yet know you have got

alchar View Member Profile	Feb 2 2008, 03:25 PM Post #7
New Member Group: Members Posts: 9 Joined: 2-February 08 Member No.: 187,856	All it says in system tools (which i did find where you said) is internet explorer (no add-ons). I just did a full scan with super anti spyware which i updated first and it did found lots of adware and trojans. Do you want me to paste the log?

ruby1 View Member Profile	Feb 2 2008, 03:29 PM Post #8
a forum member Group: Members Posts: 2,360 Joined: 27-August 07 Member No.: 153,171	have you run the a squared program yet and the on line scan from trend? save the susperantispyware log and post the results of all the scans when done

quietman7 View Member Profile	Feb 2 2008, 03:45 PM Post #9
Bleepin' Janitor Group: Global Moderator Posts: 14,074 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513	There are no shortcuts or guarantees when it comes to malware removal. Sometimes it takes several efforts with different tools to do the job. Even then, with some types of malware infections, the task can be arduous. In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned or repaired. In those cases, recovery is not possible and the only option is to reformat/reinstall the OS. Since all the tools you have used are not working, this issue will require further investigation and probably the use of more powerful tools than we recommend in this forum. Before that can be done you will need you to create and post a hijackthis log. Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". You may have performed some of these steps already. If you can't perform a step, then skip and continue with the next. In step #9 there are instructions for downloading HijackThis and creating a log. (This is a self-extracting version which will automatically install the current version of HJT in the proper location.) If using Windows Vista, be sure to Run As Administrator. When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day. Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. *Please include the top portion of the HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team. Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies* as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond. -------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?" Microsoft MVP - Windows Security 2007-2009

alchar View Member Profile	Feb 2 2008, 05:18 PM Post #10
New Member Group: Members Posts: 9 Joined: 2-February 08 Member No.: 187,856	Ok the three scans are finished although I still cant find system restore. I cant see how I can post the results from the online scan. The other two are these: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 02/02/2008 at 10:19 PM Application Version : 3.9.1008 Core Rules Database Version : 3394 Trace Rules Database Version: 1386 Scan type : Complete Scan Total Scan Time : 00:33:50 Memory items scanned : 504 Memory threats detected : 3 Registry items scanned : 7009 Registry threats detected : 29 File items scanned : 50730 File threats detected : 62 Trojan.Unclassifed/AffiliateBundle C:\WINDOWS\SYSTEM32\AWTSTUR.DLL C:\WINDOWS\SYSTEM32\AWTSTUR.DLL C:\WINDOWS\SYSTEM32\LJJKHED.DLL C:\WINDOWS\SYSTEM32\LJJKHED.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BED7C2B4-3DA5-4F4F-84F7-07CAB3418E5F} HKCR\CLSID\{BED7C2B4-3DA5-4F4F-84F7-07CAB3418E5F} HKCR\CLSID\{BED7C2B4-3DA5-4F4F-84F7-07CAB3418E5F}\InprocServer32 HKCR\CLSID\{BED7C2B4-3DA5-4F4F-84F7-07CAB3418E5F}\InprocServer32#ThreadingModel HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{BED7C2B4-3DA5-4F4F-84F7-07CAB3418E5F} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{9AA57522-2ECD-47DF-BD38-20E7E577A464} HKCR\CLSID\{9AA57522-2ECD-47DF-BD38-20E7E577A464} HKCR\CLSID\{9AA57522-2ECD-47DF-BD38-20E7E577A464}\InprocServer32 HKCR\CLSID\{9AA57522-2ECD-47DF-BD38-20E7E577A464}\InprocServer32#ThreadingModel C:\SYSTEM VOLUME INFORMATION\_RESTORE{B3C86D4C-3575-4F7F-BDBA-62F8D210E2E2}\RP213\A0097889.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B3C86D4C-3575-4F7F-BDBA-62F8D210E2E2}\RP213\A0097890.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B3C86D4C-3575-4F7F-BDBA-62F8D210E2E2}\RP213\A0097891.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B3C86D4C-3575-4F7F-BDBA-62F8D210E2E2}\RP213\A0097892.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B3C86D4C-3575-4F7F-BDBA-62F8D210E2E2}\RP213\A0097893.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B3C86D4C-3575-4F7F-BDBA-62F8D210E2E2}\RP213\A0097894.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B3C86D4C-3575-4F7F-BDBA-62F8D210E2E2}\RP213\A0097895.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B3C86D4C-3575-4F7F-BDBA-62F8D210E2E2}\RP213\A0097896.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B3C86D4C-3575-4F7F-BDBA-62F8D210E2E2}\RP213\A0097897.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B3C86D4C-3575-4F7F-BDBA-62F8D210E2E2}\RP213\A0097898.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B3C86D4C-3575-4F7F-BDBA-62F8D210E2E2}\RP213\A0097899.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B3C86D4C-3575-4F7F-BDBA-62F8D210E2E2}\RP213\A0098034.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B3C86D4C-3575-4F7F-BDBA-62F8D210E2E2}\RP214\A0098063.DLL C:\VUNDOFIX BACKUPS\AWTSTUR.DLL.BAD C:\VUNDOFIX BACKUPS\BYXXYVU.DLL.BAD C:\VUNDOFIX BACKUPS\FCCCAYX.DLL.BAD C:\VUNDOFIX BACKUPS\IIFCYVW.DLL.BAD C:\VUNDOFIX BACKUPS\IIFFEDB.DLL.BAD C:\VUNDOFIX BACKUPS\LJJKHED.DLL.BAD C:\VUNDOFIX BACKUPS\MLJJGGH.DLL.BAD C:\VUNDOFIX BACKUPS\OPPMJJI.DLL.BAD C:\VUNDOFIX BACKUPS\QOMNONO.DLL.BAD C:\VUNDOFIX BACKUPS\RQOOOPO.DLL.BAD C:\VUNDOFIX BACKUPS\URQNOOO.DLL.BAD C:\VUNDOFIX BACKUPS\URQRPPQ.DLL.BAD C:\VUNDOFIX BACKUPS\VTUVSSP.DLL.BAD C:\VUNDOFIX BACKUPS\WVUTSSQ.DLL.BAD C:\WINDOWS\SYSTEM32\YAYYYVV.DLL.VIR Unclassified.Unknown Origin/System C:\WINDOWS\SYSTEM32\JKKLL.DLL C:\WINDOWS\SYSTEM32\JKKLL.DLL Adware.Vundo Variant HKLM\Software\Classes\CLSID\{17592655-51A6-4935-8FA6-97ECCAE33127} HKCR\CLSID\{17592655-51A6-4935-8FA6-97ECCAE33127} HKCR\CLSID\{17592655-51A6-4935-8FA6-97ECCAE33127}\InprocServer32 HKCR\CLSID\{17592655-51A6-4935-8FA6-97ECCAE33127}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\DDCYY.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17592655-51A6-4935-8FA6-97ECCAE33127} Trojan.WinFixer HKLM\Software\Classes\CLSID\{4EE9C137-3EFE-46B9-9E52-0D5BA4EC964C} HKCR\CLSID\{4EE9C137-3EFE-46B9-9E52-0D5BA4EC964C} HKCR\CLSID\{4EE9C137-3EFE-46B9-9E52-0D5BA4EC964C}\InprocServer32 HKCR\CLSID\{4EE9C137-3EFE-46B9-9E52-0D5BA4EC964C}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\AWTSQ.DLL HKLM\Software\Classes\CLSID\{9DFEB2AA-0A3F-409A-96D6-892B3418E2C2} HKCR\CLSID\{9DFEB2AA-0A3F-409A-96D6-892B3418E2C2} HKCR\CLSID\{9DFEB2AA-0A3F-409A-96D6-892B3418E2C2}\InprocServer32 HKCR\CLSID\{9DFEB2AA-0A3F-409A-96D6-892B3418E2C2}\InprocServer32#ThreadingModel HKLM\Software\Classes\CLSID\{CF65F9D6-FE45-4ED4-955E-BA6ED88ECC92} HKCR\CLSID\{CF65F9D6-FE45-4ED4-955E-BA6ED88ECC92} HKCR\CLSID\{CF65F9D6-FE45-4ED4-955E-BA6ED88ECC92}\InprocServer32 HKCR\CLSID\{CF65F9D6-FE45-4ED4-955E-BA6ED88ECC92}\InprocServer32#ThreadingModel C:\WINDOWS\SYSTEM32\DDCCB.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4EE9C137-3EFE-46B9-9E52-0D5BA4EC964C} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9DFEB2AA-0A3F-409A-96D6-892B3418E2C2} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CF65F9D6-FE45-4ED4-955E-BA6ED88ECC92} Adware.Tracking Cookie C:\Documents and Settings\Alex\Cookies\alex@imrworldwide[2].txt C:\Documents and Settings\Alex\Cookies\alex@cpvfeed[2].txt C:\Documents and Settings\Alex\Cookies\alex@ads.ak.facebook[1].txt C:\Documents and Settings\Alex\Cookies\alex@int.sitestat[2].txt C:\Documents and Settings\Alex\Cookies\alex@atdmt[2].txt C:\Documents and Settings\Alex\Cookies\alex@adserver.hellasnet[1].txt C:\Documents and Settings\Alex\Cookies\alex@perf.overture[1].txt C:\Documents and Settings\Alex\Cookies\alex@questionmarket[2].txt C:\Documents and Settings\Alex\Cookies\alex@www.googleadservices[1].txt C:\Documents and Settings\Alex\Cookies\alex@xiti[1].txt C:\Documents and Settings\Alex\Cookies\alex@advertising[1].txt C:\Documents and Settings\Alex\Cookies\alex@ads.pointroll[1].txt C:\Documents and Settings\Alex\Cookies\alex@serving-sys[1].txt C:\Documents and Settings\Alex\Cookies\alex@int.sitestat[1].txt C:\Documents and Settings\Alex\Cookies\alex@ad.yieldmanager[2].txt C:\Documents and Settings\Alex\Cookies\alex@revsci[2].txt C:\Documents and Settings\Alex\Cookies\alex@tribalfusion[1].txt C:\Documents and Settings\Alex\Cookies\alex@bs.serving-sys[2].txt C:\Documents and Settings\Alex\Cookies\alex@specificclick[1].txt C:\Documents and Settings\Alex\Cookies\alex@divx.adbureau[2].txt C:\Documents and Settings\Alex\Cookies\alex@adinterax[1].txt C:\Documents and Settings\Alex\Cookies\alex@2o7[2].txt Trojan.Unknown Origin C:\DOCUMENTS AND SETTINGS\ALEX\LOCAL SETTINGS\TEMP\10.EXE C:\DOCUMENTS AND SETTINGS\ALEX\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\XZK55AJ7\XPSO[1].EXE Adware.Vundo-Variant C:\SYSTEM VOLUME INFORMATION\_RESTORE{B3C86D4C-3575-4F7F-BDBA-62F8D210E2E2}\RP213\A0097888.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{B3C86D4C-3575-4F7F-BDBA-62F8D210E2E2}\RP214\A0098062.DLL Adware.Vundo Variant/Rel C:\WINDOWS\SYSTEM32\LLKKJ.INI C:\WINDOWS\SYSTEM32\LLKKJ.INI2 a-squared Anti-Malware - Version 3.1 Last update: 2/2/2008 10:36:43 μμ Scan settings: Objects: Memory, Traces, Cookies, C:\ Scan archives: On Heuristics: On ADS Scan: On Scan start: 2/2/2008 10:37:00 μμ [2836] C:\WINDOWS\system32\awtstur.dll detected: Heuristic.LOP [2984] C:\WINDOWS\system32\awtstur.dll detected: Heuristic.LOP [3460] C:\WINDOWS\system32\awtstur.dll detected: Heuristic.LOP C:\Documents and Settings\Alex\Cookies\alex@2o7[2].txt detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Cookies\alex@aboutseo[2].txt detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Cookies\alex@adserver.hellasnet[1].txt detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Cookies\alex@advertising[1].txt detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Cookies\alex@atdmt[2].txt detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Cookies\alex@bs.serving-sys[2].txt detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Cookies\alex@com[1].txt detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Cookies\alex@questionmarket[2].txt detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Cookies\alex@serving-sys[1].txt detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Cookies\alex@specificclick[1].txt detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Cookies\alex@tribalfusion[1].txt detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:49 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:50 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:51 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:52 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:220 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:262 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:770 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:771 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:774 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:775 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:776 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:777 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:778 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:779 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:780 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:781 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:782 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:783 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:785 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:786 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:787 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:788 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:789 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:790 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:791 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:792 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:793 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:794 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:795 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:796 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:797 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:798 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:799 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:800 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:801 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:802 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:803 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:804 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:805 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:806 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:807 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:808 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:809 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:810 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:811 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:812 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:813 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:814 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:815 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:816 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:817 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:818 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:819 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:820 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:821 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:822 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:823 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:824 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:825 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:826 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:827 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:828 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:829 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:830 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:831 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:832 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:833 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:835 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:836 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:841 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:842 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:843 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:850 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:851 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:852 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:853 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:854 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:855 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:859 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:864 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:865 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:919 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:920 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:921 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:922 detected: Trace.TrackingCookie C:\Documents and Settings\Alex\Local Settings\Temp\nsv5.tmp detected: Riskware.RiskTool.Win32.Processor.20 C:\Documents and Settings\Alex\Local Settings\Temporary Internet files\Content.IE5\XZK55AJ7\tr[1] detected: Adware.Win32.Virtumonde.dnn C:\Documents and Settings\Alex\Τα έγγραφά μου\DOWNLOADS\ducsetup.exe detected: Email-Worm.Win32.Runouce.b C:\System Volume Information\_restore{B3C86D4C-3575-4F7F-BDBA-62F8D210E2E2}\RP213\A0097890.dll detected: Heuristic.LOP C:\System Volume Information\_restore{B3C86D4C-3575-4F7F-BDBA-62F8D210E2E2}\RP213\A0097892.dll detected: Heuristic.LOP C:\System Volume Information\_restore{B3C86D4C-3575-4F7F-BDBA-62F8D210E2E2}\RP213\A0097894.dll detected: Heuristic.LOP C:\System Volume Information\_restore{B3C86D4C-3575-4F7F-BDBA-62F8D210E2E2}\RP213\A0097896.dll detected: Heuristic.LOP C:\VundoFix Backups\awtstur.dll.bad detected: Heuristic.LOP C:\VundoFix Backups\fcccayx.dll.bad detected: Heuristic.LOP C:\VundoFix Backups\iiffedb.dll.bad detected: Heuristic.LOP C:\VundoFix Backups\oppmjji.dll.bad detected: Heuristic.LOP C:\VundoFix Backups\rqooopo.dll.bad detected: Heuristic.LOP C:\WINDOWS\system32\awtstur.dll detected: Heuristic.LOP Scanned Files: 250056 Traces: 370045 Cookies: 1124 Processes: 49 Found Files: 13 Traces: 0 Cookies: 96 Processes: 3 Registry keys: 0 Scan end: 2/2/2008 11:27:40 μμ Scan time: 0:50:40 Was there a way to attach them? How can I send the log from the online search?

alchar View Member Profile	Feb 2 2008, 05:19 PM Post #11
New Member Group: Members Posts: 9 Joined: 2-February 08 Member No.: 187,856	BTW, I havent cleaned anything since I am waiting for your next instructions

quietman7 View Member Profile	Feb 2 2008, 07:03 PM Post #12
Bleepin' Janitor Group: Global Moderator Posts: 14,074 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513	Go ahead and let the online scans clean whatever they find. I doubt they will get this entire infection as the files keep regenerating but you never know. Vundofix did get the awtstur.dll file (and others) because your SAS log shows it in the backups. SAS found it again. If your have trouble posting the results, just let us know what files were found which could not be deleted. Also let us know if your getting any more alerts about the TratBHO virus. -------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?" Microsoft MVP - Windows Security 2007-2009

alchar View Member Profile	Feb 2 2008, 07:44 PM Post #13
New Member Group: Members Posts: 9 Joined: 2-February 08 Member No.: 187,856	I cleaned everything up, both with the online scan and Super Antispyware and I didnt get any messages about files that could not be deleted. I scanned and scanned again, and it seems clean. If they regenerate -as they always do - I ll let you know. Thanks a lot for your help and patience. Hope I wont bother again soon

alchar View Member Profile	Feb 2 2008, 07:48 PM Post #14
New Member Group: Members Posts: 9 Joined: 2-February 08 Member No.: 187,856	Bother you, I mean

quietman7 View Member Profile	Feb 2 2008, 10:13 PM Post #15
Bleepin' Janitor Group: Global Moderator Posts: 14,074 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513	Thats good news. Now on to your System Restore problem. First read Windows XP System Restore Guide. If System Restore is not working, check to make sure it is started and set to automatic. Go to Start > Run and type: services.msc Locate the System Restore Service and double-click it. Click the "Start" button, then set the startup type in the dropdown box to "Automatic". Press Apply > Ok, then reboot and try using it again. If its still not working, go to Start > Run and type: services.msc[list] Locate the System Restore Service and double-click it. Click the "Stop" button, then set the startup type in the dropdown box to "Disabled". Press Apply > Ok, then reboot. Open My Computer or Windows Explorer, go to Tools > Folder Options > View and check "Show hidden files and Folders", UNcheck "Hide Protected operating system Files (recommended)" and hit Apply > OK. Check the "System Volume Information folder" on each drive and delete its contents (doing this removes all existing restore points). Then reverse the steps where you disabled the service and restart it: Click "Start" and set set the startup type in the dropdown box to "Automatic". If this still does not help, then follow these steps to "Reinstall System Restore". "How to troubleshoot System Restore" "System Restore Knowledge Base articles & Troubleshooting" -------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?" Microsoft MVP - Windows Security 2007-2009

« Next Oldest · Am I infected? What do I do? · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members: