Help
This topic is locked
You know it probably, but I need to rule this also out. If your blackberry is turned off, do you still get it on the computer/laptop?
Forum Guidelines
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help
Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient. DO NOT RUN ComboFix unless requested to. Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Win7x64 Will Not Start - Startup Repair - ci.dll
#31
- Just Curious
-
- Group: Malware Response Instructor
- Posts: 17,816
- Joined: 08-December 07
- Gender:Male
- Location:The Netherlands
Posted 29 May 2011 - 05:57 PM
Back to top
#32
- Member
-
- Group: Members
- Posts: 34
- Joined: 27-May 11
Posted 29 May 2011 - 06:00 PM
yep - still get it
#33
- Just Curious
-
- Group: Malware Response Instructor
- Posts: 17,816
- Joined: 08-December 07
- Gender:Male
- Location:The Netherlands
Posted 29 May 2011 - 06:03 PM
So we can be certain it is not in your home.
It seems Virus4You is secured (password protected). I guess you can't even connect to it.
Anyway, you can't do anything about it.
Quote
WPA-PSK, where as the two Virus4You connections use WPA2-PSK - so its slightly different.....apparently!!
It seems Virus4You is secured (password protected). I guess you can't even connect to it.
Anyway, you can't do anything about it.
#34
- Member
-
- Group: Members
- Posts: 34
- Joined: 27-May 11
Posted 29 May 2011 - 06:10 PM
Do you think its advisable to run the ESET scan now?
Also, would re-installing Windows help in anyway?
Thanks again so much for your help - its been absolutely brilliant!
Also, would re-installing Windows help in anyway?
Thanks again so much for your help - its been absolutely brilliant!
#35
- Just Curious
-
- Group: Malware Response Instructor
- Posts: 17,816
- Joined: 08-December 07
- Gender:Male
- Location:The Netherlands
Posted 29 May 2011 - 06:17 PM
You are most welcome.
Also, would re-installing Windows help in anyway?
Obviously it doesn't help to make the wireless connection you are mentioning disappear. If the computer is working normally ( no slowness) I would not go into trouble of reinstalling everything. But if you are not happy about the performance you can reinstall.
Yes, pleas do it. I can wait with rounding off if you want me and will do it after ESET I have seen ESET report.
In case you do the rest it is up to you and I can round off now.
Also, would re-installing Windows help in anyway?
Obviously it doesn't help to make the wireless connection you are mentioning disappear. If the computer is working normally ( no slowness) I would not go into trouble of reinstalling everything. But if you are not happy about the performance you can reinstall.
Quote
Do you think its advisable to run the ESET scan now?
Yes, pleas do it. I can wait with rounding off if you want me and will do it after ESET I have seen ESET report.
In case you do the rest it is up to you and I can round off now.
#36
- Member
-
- Group: Members
- Posts: 34
- Joined: 27-May 11
Posted 29 May 2011 - 06:22 PM
thanks - ill run it now just so we are entirely thorough.
Im still totally bemused by that Virus4You wifi connection. Im going to try and borrow another computer tomorrow and double check that one too!
Im still totally bemused by that Virus4You wifi connection. Im going to try and borrow another computer tomorrow and double check that one too!
#37
- Just Curious
-
- Group: Malware Response Instructor
- Posts: 17,816
- Joined: 08-December 07
- Gender:Male
- Location:The Netherlands
Posted 29 May 2011 - 06:25 PM
I'm going to sleep now, will see the ESET log tomorrow.
I'm sure it will show up on that after turning off all your devices.
Quote
Im still totally bemused by that Virus4You wifi connection. Im going to try and borrow another computer tomorrow and double check that one too!
I'm sure it will show up on that after turning off all your devices.
#38
- Member
-
- Group: Members
- Posts: 34
- Joined: 27-May 11
Posted 30 May 2011 - 04:51 AM
Yep i think you're right. Its just I live in quite a remote place, and if my neighbours dont know about it, then its a bit of a mystery!
Here's the ESET log below.
Please let me have your paypal details as i would be delighted to make a donation for your outstanding assistance with the virus.
thanks again,
Best,
JB
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6522
# api_version=3.0.2
# EOSSerial=5c2792a4806c064f8c290682e075dae4
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-05-29 03:20:53
# local_time=2011-05-29 12:20:53 (-0400, Atlantic Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5121 16777213 100 75 0 22927524 0 0
# compatibility_mode=5893 16776574 100 94 4045721 58219336 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=244596
# found=14
# cleaned=14
# scan_time=6567
C:\Users\Littlewood\AppData\Local\Temp\69A1.tmp Win32/AutoRun.Agent.ABK worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\AppData\Local\Temp\srv1050.tmp Win32/AutoRun.Agent.ABK worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\19e4c9d4-761c9e69 probably a variant of Java/Agent.BR trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\77ca675a-4c190af4 a variant of Java/Agent.BR trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\5974e79e-54b55fc9 probably a variant of Java/Agent.BR trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6ccf05e7-12a9517a probably a variant of Java/Agent.BR trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\52614f75-32760f67 probably a variant of Java/Agent.BR trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\30c92f3c-25cb4679 a variant of Java/Agent.BR trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\Music\iTunes\!!!\Excalibur - O Fortuna from Carmina Burana - best track ever.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\Music\iTunes\!!!\james brown ruled the world (320k stereo).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\Music\iTunes\!!!\ruled the world james brown - greatest hits.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\Music\iTunes\!!!\Juno Soundtrack\09-Superstar.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\Music\iTunes\!!!\Nas-Untitled-2008-[NoFS]\07-nas-sly_fox.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\Music\iTunes\!!!\Rihanna - Good Girl Gone Bad (Reloaded) (2008)\05 - Shut Up & Drive.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6522
# api_version=3.0.2
# EOSSerial=5c2792a4806c064f8c290682e075dae4
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-05-29 05:58:27
# local_time=2011-05-29 02:58:27 (-0400, Atlantic Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5121 16777213 100 75 0 22942070 0 0
# compatibility_mode=5893 16776574 100 94 4060267 58233882 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=32709
# found=0
# cleaned=0
# scan_time=1475
esets_scanner_update returned -1 esets_gle=53251
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6522
# api_version=3.0.2
# EOSSerial=5c2792a4806c064f8c290682e075dae4
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-05-29 11:30:08
# local_time=2011-05-29 08:30:08 (-0400, Atlantic Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5121 16777213 100 75 0 22963116 0 0
# compatibility_mode=5893 16776574 100 94 4081313 58254928 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=6932
# found=0
# cleaned=0
# scan_time=330
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6522
# api_version=3.0.2
# EOSSerial=5c2792a4806c064f8c290682e075dae4
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-05-30 02:34:44
# local_time=2011-05-29 11:34:44 (-0400, Atlantic Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5121 16777213 100 75 0 22963505 0 0
# compatibility_mode=5893 16776574 100 94 4081702 58255317 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=317118
# found=0
# cleaned=0
# scan_time=11016
Here's the ESET log below.
Please let me have your paypal details as i would be delighted to make a donation for your outstanding assistance with the virus.
thanks again,
Best,
JB
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6522
# api_version=3.0.2
# EOSSerial=5c2792a4806c064f8c290682e075dae4
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-05-29 03:20:53
# local_time=2011-05-29 12:20:53 (-0400, Atlantic Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5121 16777213 100 75 0 22927524 0 0
# compatibility_mode=5893 16776574 100 94 4045721 58219336 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=244596
# found=14
# cleaned=14
# scan_time=6567
C:\Users\Littlewood\AppData\Local\Temp\69A1.tmp Win32/AutoRun.Agent.ABK worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\AppData\Local\Temp\srv1050.tmp Win32/AutoRun.Agent.ABK worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\19e4c9d4-761c9e69 probably a variant of Java/Agent.BR trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\77ca675a-4c190af4 a variant of Java/Agent.BR trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\5974e79e-54b55fc9 probably a variant of Java/Agent.BR trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6ccf05e7-12a9517a probably a variant of Java/Agent.BR trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\52614f75-32760f67 probably a variant of Java/Agent.BR trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\30c92f3c-25cb4679 a variant of Java/Agent.BR trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\Music\iTunes\!!!\Excalibur - O Fortuna from Carmina Burana - best track ever.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\Music\iTunes\!!!\james brown ruled the world (320k stereo).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\Music\iTunes\!!!\ruled the world james brown - greatest hits.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\Music\iTunes\!!!\Juno Soundtrack\09-Superstar.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\Music\iTunes\!!!\Nas-Untitled-2008-[NoFS]\07-nas-sly_fox.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\Music\iTunes\!!!\Rihanna - Good Girl Gone Bad (Reloaded) (2008)\05 - Shut Up & Drive.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6522
# api_version=3.0.2
# EOSSerial=5c2792a4806c064f8c290682e075dae4
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-05-29 05:58:27
# local_time=2011-05-29 02:58:27 (-0400, Atlantic Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5121 16777213 100 75 0 22942070 0 0
# compatibility_mode=5893 16776574 100 94 4060267 58233882 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=32709
# found=0
# cleaned=0
# scan_time=1475
esets_scanner_update returned -1 esets_gle=53251
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6522
# api_version=3.0.2
# EOSSerial=5c2792a4806c064f8c290682e075dae4
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-05-29 11:30:08
# local_time=2011-05-29 08:30:08 (-0400, Atlantic Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5121 16777213 100 75 0 22963116 0 0
# compatibility_mode=5893 16776574 100 94 4081313 58254928 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=6932
# found=0
# cleaned=0
# scan_time=330
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6522
# api_version=3.0.2
# EOSSerial=5c2792a4806c064f8c290682e075dae4
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-05-30 02:34:44
# local_time=2011-05-29 11:34:44 (-0400, Atlantic Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5121 16777213 100 75 0 22963505 0 0
# compatibility_mode=5893 16776574 100 94 4081702 58255317 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=317118
# found=0
# cleaned=0
# scan_time=11016
#39
- Just Curious
-
- Group: Malware Response Instructor
- Posts: 17,816
- Joined: 08-December 07
- Gender:Male
- Location:The Netherlands
Posted 30 May 2011 - 10:45 AM
You can ask your next neighbours if they see the weird connection too.
Recommendations:
Happy Surfing James Brown.
This is a voluntary free service. However, if you would like to donate to my account click on
- Please delete FRST tool as we don't need it any more. Also go to C:\FRST and delete the entire FRST folder.
- You may delete any tool or log we used from your computer.
- This small application you may want to keep and use to keep the computer clean.
Download CCleaner from here http://www.ccleaner.com/
- Run the installer to install the application.
- When it gives you the option to install Yahoo toolbar uncheck the box next to it.
- Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
- Click Run Cleaner.
- Close CCleaner.
- Run the installer to install the application.
- Clean other Temporary files + Recycle bin
- Go to start > run and type: cleanmgr and click OK.
- Let it scan your system for files to remove.
- Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
- Press OK to remove them.
- Go to start > run and type: cleanmgr and click OK.
- Remove the old restore points and create a clean restore point:
- Go to Start => Right-click "Computer" and select "Properties".
- In the left pane select "System Protection".
- Press "Configure".
- Select "Delete". Then press "Continue" close and "OK".
- Select your drive (drive C) and press "Create".
Fill in a name for the restore point and press "Create".
After finished press "Close".
- Go to Start => Right-click "Computer" and select "Properties".
Recommendations:
- I recommend using Site Advisor for safe surfing. It is a free extension both for Internet Explorer and Firefox. When you search a site it gives you an indication of how safe a site is.
- I recommend installing this small application for safe surfing: Javacoolsİ SpywareBlaster
SpywareBlaster will add a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs.- Download and install it.
- Update it manually by clicking on Updates in the left pane and then Check for Updates.
- Then enable all the protections by clicking on Protection Status on the left pane. Then click on Enable All Protection.
- The free version doesn't have an automatic update. Update it once in two or three weeks and enable all protection again.
- Download and install it.
Happy Surfing James Brown.
This is a voluntary free service. However, if you would like to donate to my account click on
#40
- Member
-
- Group: Members
- Posts: 34
- Joined: 27-May 11
Posted 30 May 2011 - 01:13 PM
hi Farbar,
Unbelieveably, my neighbour texted me back late last to say it is their new wifi, which their son had set up over the weekend, and thought it would be a funny name! Unbelievable!!
So all clean and clear now i think - laptop seem to be running a ok.
Here's the log from my ESET scan.
Ill make the deposit later today.
All the best,
JB
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6522
# api_version=3.0.2
# EOSSerial=5c2792a4806c064f8c290682e075dae4
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-05-29 03:20:53
# local_time=2011-05-29 12:20:53 (-0400, Atlantic Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5121 16777213 100 75 0 22927524 0 0
# compatibility_mode=5893 16776574 100 94 4045721 58219336 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=244596
# found=14
# cleaned=14
# scan_time=6567
C:\Users\Littlewood\AppData\Local\Temp\69A1.tmp Win32/AutoRun.Agent.ABK worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\AppData\Local\Temp\srv1050.tmp Win32/AutoRun.Agent.ABK worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\19e4c9d4-761c9e69 probably a variant of Java/Agent.BR trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\77ca675a-4c190af4 a variant of Java/Agent.BR trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\5974e79e-54b55fc9 probably a variant of Java/Agent.BR trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6ccf05e7-12a9517a probably a variant of Java/Agent.BR trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\52614f75-32760f67 probably a variant of Java/Agent.BR trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\30c92f3c-25cb4679 a variant of Java/Agent.BR trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\Music\iTunes\!!!\Excalibur - O Fortuna from Carmina Burana - best track ever.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\Music\iTunes\!!!\james brown ruled the world (320k stereo).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\Music\iTunes\!!!\ruled the world james brown - greatest hits.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\Music\iTunes\!!!\Juno Soundtrack\09-Superstar.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\Music\iTunes\!!!\Nas-Untitled-2008-[NoFS]\07-nas-sly_fox.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\Music\iTunes\!!!\Rihanna - Good Girl Gone Bad (Reloaded) (2008)\05 - Shut Up & Drive.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6522
# api_version=3.0.2
# EOSSerial=5c2792a4806c064f8c290682e075dae4
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-05-29 05:58:27
# local_time=2011-05-29 02:58:27 (-0400, Atlantic Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5121 16777213 100 75 0 22942070 0 0
# compatibility_mode=5893 16776574 100 94 4060267 58233882 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=32709
# found=0
# cleaned=0
# scan_time=1475
esets_scanner_update returned -1 esets_gle=53251
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6522
# api_version=3.0.2
# EOSSerial=5c2792a4806c064f8c290682e075dae4
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-05-29 11:30:08
# local_time=2011-05-29 08:30:08 (-0400, Atlantic Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5121 16777213 100 75 0 22963116 0 0
# compatibility_mode=5893 16776574 100 94 4081313 58254928 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=6932
# found=0
# cleaned=0
# scan_time=330
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6522
# api_version=3.0.2
# EOSSerial=5c2792a4806c064f8c290682e075dae4
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-05-30 02:34:44
# local_time=2011-05-29 11:34:44 (-0400, Atlantic Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5121 16777213 100 75 0 22963505 0 0
# compatibility_mode=5893 16776574 100 94 4081702 58255317 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=317118
# found=0
# cleaned=0
# scan_time=11016
Unbelieveably, my neighbour texted me back late last to say it is their new wifi, which their son had set up over the weekend, and thought it would be a funny name! Unbelievable!!
So all clean and clear now i think - laptop seem to be running a ok.
Here's the log from my ESET scan.
Ill make the deposit later today.
All the best,
JB
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6522
# api_version=3.0.2
# EOSSerial=5c2792a4806c064f8c290682e075dae4
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-05-29 03:20:53
# local_time=2011-05-29 12:20:53 (-0400, Atlantic Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5121 16777213 100 75 0 22927524 0 0
# compatibility_mode=5893 16776574 100 94 4045721 58219336 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=244596
# found=14
# cleaned=14
# scan_time=6567
C:\Users\Littlewood\AppData\Local\Temp\69A1.tmp Win32/AutoRun.Agent.ABK worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\AppData\Local\Temp\srv1050.tmp Win32/AutoRun.Agent.ABK worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\19e4c9d4-761c9e69 probably a variant of Java/Agent.BR trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\77ca675a-4c190af4 a variant of Java/Agent.BR trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\5974e79e-54b55fc9 probably a variant of Java/Agent.BR trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6ccf05e7-12a9517a probably a variant of Java/Agent.BR trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\52614f75-32760f67 probably a variant of Java/Agent.BR trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\30c92f3c-25cb4679 a variant of Java/Agent.BR trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\Music\iTunes\!!!\Excalibur - O Fortuna from Carmina Burana - best track ever.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\Music\iTunes\!!!\james brown ruled the world (320k stereo).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\Music\iTunes\!!!\ruled the world james brown - greatest hits.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\Music\iTunes\!!!\Juno Soundtrack\09-Superstar.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\Music\iTunes\!!!\Nas-Untitled-2008-[NoFS]\07-nas-sly_fox.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Users\Littlewood\Music\iTunes\!!!\Rihanna - Good Girl Gone Bad (Reloaded) (2008)\05 - Shut Up & Drive.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6522
# api_version=3.0.2
# EOSSerial=5c2792a4806c064f8c290682e075dae4
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-05-29 05:58:27
# local_time=2011-05-29 02:58:27 (-0400, Atlantic Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5121 16777213 100 75 0 22942070 0 0
# compatibility_mode=5893 16776574 100 94 4060267 58233882 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=32709
# found=0
# cleaned=0
# scan_time=1475
esets_scanner_update returned -1 esets_gle=53251
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6522
# api_version=3.0.2
# EOSSerial=5c2792a4806c064f8c290682e075dae4
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-05-29 11:30:08
# local_time=2011-05-29 08:30:08 (-0400, Atlantic Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5121 16777213 100 75 0 22963116 0 0
# compatibility_mode=5893 16776574 100 94 4081313 58254928 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=6932
# found=0
# cleaned=0
# scan_time=330
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6522
# api_version=3.0.2
# EOSSerial=5c2792a4806c064f8c290682e075dae4
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-05-30 02:34:44
# local_time=2011-05-29 11:34:44 (-0400, Atlantic Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5121 16777213 100 75 0 22963505 0 0
# compatibility_mode=5893 16776574 100 94 4081702 58255317 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=317118
# found=0
# cleaned=0
# scan_time=11016
#41
- Just Curious
-
- Group: Malware Response Instructor
- Posts: 17,816
- Joined: 08-December 07
- Gender:Male
- Location:The Netherlands
Posted 30 May 2011 - 01:24 PM
Hi James Brown,
Glad to hear you have now some peace of mind as I thought very early it was the case. Funny or not it scared you because it was coincident with being infected.
I have already seen the log. I wonder if you missed my previous post.
Take care.
Glad to hear you have now some peace of mind as I thought very early it was the case. Funny or not it scared you because it was coincident with being infected.
I have already seen the log. I wonder if you missed my previous post.
Take care.
#42
- Member
-
- Group: Members
- Posts: 34
- Joined: 27-May 11
Posted 30 May 2011 - 01:30 PM
Apologies for posting twice!
Thanks again.
JB
Thanks again.
JB
#43
- Just Curious
-
- Group: Malware Response Instructor
- Posts: 17,816
- Joined: 08-December 07
- Gender:Male
- Location:The Netherlands
Posted 30 May 2011 - 01:36 PM
No worries and you are most welcome.
This thread will now be closed since the issue seems to be resolved.
If you need this topic reopened, please send me a PM and I will reopen it for you. If you should have a new issue, please start a new topic.
Every one else should start a new topic.
This thread will now be closed since the issue seems to be resolved.
If you need this topic reopened, please send me a PM and I will reopen it for you. If you should have a new issue, please start a new topic.
Every one else should start a new topic.
