Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Video Activex Access Trojan


  • This topic is locked This topic is locked
6 replies to this topic

#1 alt3rn1ty

alt3rn1ty

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:04:33 AM

Posted 29 July 2007 - 06:38 AM

I used to have MWAV subscription, which has now run out. When running MWAV it now reports I have the following

Video activex access trojan
gain.gator adware/spyware
possible fujacks type worm

How do I get rid of these without subscribing again to mwav?

Edited by alt3rn1ty, 29 July 2007 - 06:40 AM.


BC AdBot (Login to Remove)

 


m

#2 alt3rn1ty

alt3rn1ty
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:04:33 AM

Posted 29 July 2007 - 06:54 AM

If it helps here are the offending entries in the MWAV log file

Sun Jul 29 12:45:59 2007 => System found infected with video activex access Trojan ({7e853d72-626a-48ec-a868-ba8d5e23e045})! Action taken: No Action Taken.
Sun Jul 29 12:46:01 2007 => Offending Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gator.com !!!
Sun Jul 29 12:46:01 2007 => Object "gain.gator Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jul 29 12:46:01 2007 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com !!!
Sun Jul 29 12:46:01 2007 => Object "gain.gator Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jul 29 12:46:01 2007 => Offending Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com !!!
Sun Jul 29 12:46:01 2007 => Object "gain.gator Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jul 29 12:46:13 2007 => Checking MountPoints2 Registry Key...
Sun Jul 29 12:46:13 2007 => Executable Command Found in {50252a90-9d92-11da-98dc-806d6172696f}\Shell\AutoRun\command: J:\Setup\rsrc\Autorun.exe
Sun Jul 29 12:46:13 2007 => Offending Key found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50252a90-9d92-11da-98dc-806d6172696f} !!!
Sun Jul 29 12:46:13 2007 => Object "Possible Fujacks-type Worm" found in File System! Action Taken: No Action Taken.

Sun Jul 29 12:46:13 2007 => Executable Command Found in {50252a91-9d92-11da-98dc-806d6172696f}\GAME_EXE\GAME_GUID\GAME_NAME\Shell\AutoRun\command: K:\Autorun.exe
Sun Jul 29 12:46:13 2007 => Offending Key found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50252a91-9d92-11da-98dc-806d6172696f} !!!
Sun Jul 29 12:46:13 2007 => Object "Possible Fujacks-type Worm" found in File System! Action Taken: No Action Taken.

Sun Jul 29 12:46:13 2007 => Checking CLSID Reference Entries...
Sun Jul 29 12:46:17 2007 => Entry "HKCR\PhotoRecord.Album" refers to invalid object "{FEDCFFC1-BEC4-11D1-93B9-0060979C8AB8}". Action Taken: No Action Taken.

Sun Jul 29 12:46:18 2007 => Checking Module Usage Entries...
Sun Jul 29 12:46:18 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\avsniff.dll". Action Taken: No Action Taken.

Sun Jul 29 12:46:18 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\rufsi.dll". Action Taken: No Action Taken.

#3 alt3rn1ty

alt3rn1ty
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:04:33 AM

Posted 30 July 2007 - 12:35 PM

:thumbsup: Bump - Helloooo!, is anybody out there? <OH NO, MAYBE EVERYONES 'PUTERS TRASHED TOO, MAYBE I PASSED IT ON, NOOOO!> :flowers:

#4 mz30

mz30

  • Members
  • 828 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:liverpool,england
  • Local time:04:33 AM

Posted 30 July 2007 - 12:40 PM

hi alt3rn1ty
the reason you have been overlooked is you have posted in the wrong section you should post your logs here

good luck :thumbsup:
god my head hurts.
if you don't ask ,you don't know



Posted Image

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:33 PM

Posted 30 July 2007 - 01:35 PM

I have split your HJT log away from this thread and moved it into the HJT forum.

You can find it here: http://www.bleepingcomputer.com/forums/t/102044/video-activex-access-trojan/

Now that your log is posted there, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files on your own, etc.) unless advised by a HJT Team member. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make may cause confusion for the member assisting you and complicate the malware removal process.

Please be patient and wait for a response from an HJT Team member. It may take a while to get a response because team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. While waiting, please DO NOT make another reply to your log until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have no replies as this makes it easier for them to identify those who have not been helped. If you post another response, a team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 alt3rn1ty

alt3rn1ty
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:04:33 AM

Posted 30 July 2007 - 05:29 PM

Thanx guyz my bad, going across to the link and wont alter anything until advised. :thumbsup:

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:33 PM

Posted 01 August 2007 - 08:02 AM

Your welcome and good luck.

If you followed any other advice in regards to this issue, please ensure you inform the HJT Helper when they respond to assist you with your log. This will help them know what has been done and they probably will ask for an updated log.

To avoid confusing, I am closing this thread. Should you need it reopened after your log has been reviewed and you have been cleared, please PM me or another moderator.

Again, thanks for your cooperation.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users