Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Should I Wipe It?


  • Please log in to reply
6 replies to this topic

#1 cor3

cor3

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 06 August 2007 - 06:28 AM

well i did a scan with dr.cureit and it found one trojan, and avg anti virus put it into quarantine and it says its unhealable

so should i just wipe it? heres a screen

Posted Image

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,134 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:45 PM

Posted 06 August 2007 - 07:21 AM

Did AVG catch the backdoor malware during delivery or a scan? Backdoors can be serious problem once they have established themselves on your computer. I would change all passwords and check all financial accounts such as banking, credit cards, paypal, Ebay, etc. if you have used those on the computer if the backdoor was not caught during delivery.
Run a scan with Super Antispyware and let us know the results please.

Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 cor3

cor3
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 06 August 2007 - 07:38 AM

well, i just ran dr.cureit and thats when it was found...

running a super antispyware scan atm, typing from a laptop


also, i havnt used paypal or ebay for quite a while now, but i do have accs for them and paypal does have my credit card number...


EDIT: heres my superanti spyware log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/06/2007 at 08:44 AM

Application Version : 3.9.1008

Core Rules Database Version : 3279
Trace Rules Database Version: 1290

Scan type : Quick Scan
Total Scan Time : 00:14:54

Memory items scanned : 180
Memory threats detected : 0
Registry items scanned : 1181
Registry threats detected : 5
File items scanned : 24860
File threats detected : 8

Trojan.Media-Codec/V3
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34E6F97C-34E0-4CE5-B92B-F83634BEDC01}
HKCR\CLSID\{34E6F97C-34E0-4CE5-B92B-F83634BEDC01}
HKCR\CLSID\{34E6F97C-34E0-4CE5-B92B-F83634BEDC01}#xxx
HKCR\CLSID\{34E6F97C-34E0-4CE5-B92B-F83634BEDC01}\InprocServer32
HKCR\CLSID\{34E6F97C-34E0-4CE5-B92B-F83634BEDC01}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\VIDEO ACTIVEX ACCESS\IESPLG.DLL

Adware.Tracking Cookie
C:\Documents and Settings\Miljo\Cookies\miljo@atdmt[1].txt
C:\Documents and Settings\Miljo\Cookies\miljo@revsci[1].txt
C:\Documents and Settings\Miljo\Cookies\miljo@html[1].txt
C:\Documents and Settings\Miljo\Cookies\miljo@atwola[1].txt
C:\Documents and Settings\Miljo\Cookies\miljo@advertising[1].txt
C:\Documents and Settings\Miljo\Cookies\miljo@doubleclick[1].txt
C:\Documents and Settings\Miljo\Cookies\miljo@2o7[1].txt


should i delete the stuff in quarantine

btw, i did a quick scan with sass instead of complete scan, would this affect the results?

I also scanned with rouge remover after sass and it found nothing

Edited by cor3, 06 August 2007 - 08:39 AM.


#4 buddy215

buddy215

  • Moderator
  • 13,134 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:45 PM

Posted 06 August 2007 - 08:44 AM

Is this the same computer as the one in the link below?
http://www.bleepingcomputer.com/forums/top...tml#entry587047

If it is , scroll down to #9 in the link below for the Hijack This download link and post a Hijack This log in the Hijack This forum.
DO NOT post the log in this forum.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 cor3

cor3
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 06 August 2007 - 08:49 AM

ya it is, and i posted a log

but should i remove the stuff from avg virus vault and sass quarantine ?

Edited by cor3, 06 August 2007 - 08:49 AM.


#6 buddy215

buddy215

  • Moderator
  • 13,134 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:45 PM

Posted 06 August 2007 - 09:05 AM

That should be okay to do.

If the Hijack This Team has NOT replied in 5 days after you posted your log, see info in link below.
http://www.bleepingcomputer.com/forums/topic14717.html

Edited by buddy215, 06 August 2007 - 09:07 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 cor3

cor3
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 06 August 2007 - 09:08 AM

ok, thanks for the help




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users