Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yes Another Infected Person.


  • Please log in to reply
17 replies to this topic

#1 Erick913

Erick913

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:05 AM

Posted 21 August 2007 - 11:30 PM

For the past two weeks I have search and read about computer virus stuff. I am right now using window defender,spyware doctor,spywareblaster,spybot search and destroy,lavasoft ad aware 2007,vundofix,symantec adware virtumonde removal tool 1.0.3.,ccleaner.I also just dl superantispyware which detect this

Trojan.Unknown Origin.Process

Description : Randomly (or deceptively-) named application process. Contains deceptive, incomplete, or missing version or company information and is installed in the Temp, Windows, System, System32, or Application Data directories. May also be found under randomly named sub-directories under these folders or Program Files.

Threat Level (1-10) : 10

Processes : *
(LOL7D748.DLL)
(SRVXQWESRG.EXE)
(SRVJXDMUHM.EXE)
(TIGEN001.EXE)
(SETUP.DLL)
(ZEU791DE.DLL)
(UHA740E7.SYS)
(UHA740E7.DLL)
(JRTBIN.EXE)
(WINRZF32.DLL)
(SRVFRCFBST.EXE)
(S258..EXE)
(ZFFOIPJ.EXE)
(BGATES[1].EXE)
(EBO_1.0.3.9[1].EXE)
(SRVDMXUJTS.EXE)
(WIN41.TMP.EXE)
(WIN43.TMP.EXE)
(VPYVXGMR.EXE)
(YDEXF.EXE)
(NEWSPLOIT.EXE)
(A.EXE)
(SCMT16.EXE)
(LOADERADV470_5[1].EXE)
(LOADERADV538_5[1].EXE)
(XPLADV538[1].WMF)
(WINJGF32.DLL)
(ANOTHERBOT-1.EXE)
(ANOTHERBOT-2.EXE)
(YKQKU.EXE)
(A.EXE)
(APDVKRB.DLL)
(FLT400.DLL)
(MVKJM.EXE)
(PDVYHWS.EXE)
(DOWNLOADER.EXE)
(455.EXE)
(ACTIVATE.EXE)
(UGLEYWQX.EXE)
(WQUUBPYJ.EXE)
(UPG82.EXE)
(SETUP100.EXE)
(OKIYFBCR.EXE)
(TWO.EXE)
(PGLLN.EXE)
(MC44A35.EXE)
(FFBKV.EXE)
(KRPWB.EXE)
(LXKM.EXE)
(UAW5WAH6A.EXE)
(W77UXB8V9.EXE)
(BANG-006.ICO)
(STOH.EXE)
(35561092LD.EXE)
(8.TMP)
(PV.EXE)
(BFFTNPSB.DLL)
(MKCYV.EXE)
(515166379.EXE)
(376461613.EXE)
(FOWYFARN.EXE)
(WIN14.TMP.EXE)
(LIXF.EXE)
(SPAM.EXE)
(WHYDIE.EXE)
(YNWHXR.EXE)
(UWRJLHTO.EXE)
(DLH9JKD1Q2.EXE)
(WINE.TMP.EXE)
(QRHRTRWTR.EXE)
(MMGDOPSM.EXE)
(WIN67.TMP.EXE)
(WINA4.TMP.EXE)
(22318234.EXE)
(22318235.EXE)
(2231823522324781.EXE)
(YXDVVMYP.EXE)
(WINA6.TMP.EXE)
(LURN.EXE)
(361101032253379578.EXE)
(361101032253374812.EXE)
(8.TMP)
(ICMUFECL.DLL)
(MST20.TMP)
(MST2F.TMP)
(TSPD.EXE)
(LOADER504205.EXE)
(ACPMONSRV.EXE)
(IDBB9997395.EXE)
(R58W67U.EXE)
(Z25281132390.EXE)
(Z2479.EXE)
(OKREIIPF.EXE)
(3883285648.EXE)
(AXXCMRAR.EXE)
(B.TMP)
(Z14.EXE)
(IEWCUKHR.EXE)
(1 .EXE)
(~TMP3666.EXE)
(~TMP7461.EXE)
(TMP9.EXE)
(1145669452.EXE)
(GM1.EXE)
(HBQ.EXE)
(QNF.EXE)
(NT.EXE)
(30001.EXE)
(ANOTHERBOT.EXE)
(MIRCROS.EXE)
(AUTH.EXE)
(ICSETUP.EXE)
(SETUP147.EXE)
(RUNFILE.EXE)
(UWMOATIN.EXE)
(Z244436850421.EXE)
(ZXCZXC)
(1D.TMP)
(INSTALL.DAT)
(UPDATE.EXE)
(LAF1FTMP)
(LAF20.TMP)
(LAF21.TMP)
(LAF22.TMP)
(CDEGFR)
(DNBCEPYT.EXE)
(EIBY.EXE)
(FSIX.EXE)
(KERNELEX6.EXE)
(KOLMKI.EXE)
(QXXVTMT.EXE)
(RES.EXE)
(BYBUDHOR.EXE)
(QULNMJYC.EXE)
(MST12.TMP)
(LAFF TMP)
(LOGUBAE.EXE)
(MLSDF8H7033889.EXE)
(SYS.EXE)
(VNQLUHO.EXE)
(1.EXE)
(3.EXE)
(4.EXE)
(8.EXE)
(UPDATE.EXE)
(RUNDLL32.EXE)
(QGCCNNY.EXE)
(LSUWXSC.DLL)
(SRSOAOBB.DLL)
(ZXCZXC)
(MST8B.TMP)
(MST29.TMP)
(87.TMP)
(YMJQKLVF.EXE)
(SETUP.EXE)
(01.EXE)
(Z14.EXE)
(CLICKFAST-REMOVE.EXE)
(CLICK TO FIND AND FIX ERRORS.URL)
(FKPFSPFQ.EXE)
(CPU.EXE)
(SET16.TMP)
(_ZSKWRKNI05KFCVSB_UMSLQLXJ^.EXE)
(~IE3E9.EXE)
(2236[1].EXE)
(DLH9JKDQ1.EXE)
(DLH9JKDQ6.EXE)
(DLH9JKDQ7(1).EXE)
(POL15FA3584.EXE)
(RBOT.EXE)
(ZGAME2[1].EXE)
(ZGAME4[1].EXE)
(ZTOOL3[1].EXE)
(ZTOOL4[1].EXE)
(S3PG.E.EXE)
(CALLI.EXE)
(WIN184F.TMP.EXE)
(WIN1854.TMP.EXE)
(WIN3EA.TMP.EXE)
(WINA26.TMP.EXE)
(X.EXE)
(Y.EXE)
(ACCESSS.EXE)
(WGLYNPWQ.EXE)
(G8QMK52.EXE)
(CZPEEXK.DLL)
(LVWQ2U9VE.EXE)
(PCDR32.EXE)
NOTEPAD32.EXE
(WIN23.TMP.EXE)
(WIN17.TMP.EXE)
(CPDJGXRP.EXE)
(QYKKRBM.EXE)
(UMDMAHU.EXE)
(~TMP0374.EXE)
(WINLOGON.EXE)
(1141235272.EXE)
(1601860272.EXE)
(1602172772.EXE)
(3234640068.EXE)
(POPCORN72.EXE)
(RXZS.EXE)
(L865388.EXE)
(QGPHJK.EXE)
(JVAXOFOS.DLL)
(1920609.EXE)
(VBWETVVJ.EXE)
(YXUBIRMH.EXE)
(332312.EXE)
(INSTALLER.EXE)
(IHIXBSLX.EXE)
(FLNSF.EXE)
(CNCDMMLT.EXE)
(NZQYCXYY.EXE)
(D.TMP)
(TMP_32V.EXE)
(EPQDJCOU.EXE)
(XQDQVA.EXE)
(FYDUBCP.EXE)
(RES[1].EXE)
(LOG[1].EXE)
(3651)
(CLEAN[1].EXE)
(LVRORRCB.EXE)
(MYLYNPY.EXE)
(P[1].EXE)
(INSTALLER[1].EXE)
(YSSNSJJL.EXE)
(~.EXE)
(5831343.EXE)
(VSL03-2.EXE)
(WIN1B.TMP.EXE)
(SILENT_INSTALLER.EXE)
(NXVCXKA.EXE)
(INSTALLER.EXE)
(DVVLN2MBXL.EXE)
(XGSFHZI.EXE)
(VHTTAJ32.DLL)
(CWJLCY.DLL)
(XCQWWWNA.DLL)
(ADMHVDWH.DLL)
(UQKK.DLL)
(SYSTEM.DLL)
(LNGJWFJY.EXE)
(SECURE32.HTML)
(UPGRADE.CAB)
(ZXCZXC)
(QPKYVVOD.EXE)
(UPDATER.EXE)
(STVP.EXE)
(CD18.TMP.EXE)
(MMQFMGCZ.EXE)
(35397531.EXE)
(35395703.EXE)
(SVCHOSTS.LMZA)
(3E.TMP)
(SYSTEM.DLL)
(UNSVCHOSTS.LZMA)
(7.DLLB)
(I2.EXE)
(V3X1.G22ME)
(VX1T1.GAME)
(V4X6.GAM5E)
(V5X4.GA2ME)
(JNIQIWNE.EXE)
(U2.EXE)
(TOPR4511153I.EXE)
(TOPRC.EXE)
(DIST006.EXE)
(DWCG2.EXE)
(TOPR11153.EXE)
(DBSIVQLF.EXE)
(SACQACFL.EXE)
(YXWFAXQS.EXE)
(DLH9JKD1Q8.EXE)
(AC4_0032.EXE)
(MST48.TMP)
(WJDYTQUG.EXE)
(WJDYTQUG.DAT)
(ZXCZXC)
(ZFZEABF.DLL)
(IWMSTYEB.EXE)
(1.EXE)
(10.EXE)
(3.EXE)
(OAXXOL.EXE)
(UPDATE.EXE)
(QPTFMJNE.EXE)
(2.EXE)
(5.EXE)
(7.EXE)
(9.EXE)
(10-1.EXE)
(8.EXE)
(WSVBS.DLL)
(CMDBCS.DLL)
(JECTWMFQ.EXE)
(LBMEHGTH.EXE)
(YTFKMRVA.EXE)
(2D.TMP)
(CACGLIVN.EXE)
(GUYYMGVL.EXE)
(GSTVKLNR.EXE)
(1C.TMP)
(DLEUAAAA.EXE)
(MS_UPDATE_0612_KB74062.EXE)
(SCHEDULER.EXE)
(DGP0666.EXE)
(T5I4RGP.EXE)
(VRT19.TMP)
(E6JEBQ4.EXE)
(EJSUZABQ.DLL)
(V6.EXE)
(WIN68.TMP.EXE)
(LAF85)
(LAF84.TMP)
(LAF83.TMP)
(WNWORD~1.EXE)
(UPDATE77119758.EXE)
(HQVYLYJG.EXE)
(EDFRSMQ.EXE)
(SHOCKWAVE11.OCX)
(GKTJMDHS.EXE)
(F.EXE)
(GAME5P.EXE)
(GAME3.EXE)
(625791079.EXE)
(HQZLAA.EXE)
(XZIEKDL.DLL)
(77EXINJS.A1.EXE)
(WIN29.TMP.EXE)
(JDPNVSLJ.EXE)
(US22.EXE)
(WIN2.EXE)
(WIN6.EXE)
(WIN9.EXE)
(WIN11C.EXE)
(WINA0.EXE)
(14[1].EXE)
(1601618436.EXE)
(1680871060.EXE)
(GUCTQTCH.EXE)
(L6M0IJ0.EXE)
(NELFUDV.EXE)
(OGPK.EXE)
(OJGIUGYV.EXE)
(P2NOKN8.EXE)
(SB3WT0S.EXE)
(ABRGAE4.EXE)
(BE3X6D7.EXE)
(CSKEA.EXE)
(EJAM.EXE)
(EXPLORER1.EXE)
(FILE1.EXE)
(FILE2.EXE)
(SS.EXE)
(U5WPX1O.EXE)
(WINA3.EXE)
(SRFL0BU9.EXE)
(WINVEG[1].EXE)
(GAME5[1].EXE)
(MSTB.TMP)
(THEQIP.EXE)
(AMAO.EXE)
(NSXQHC.EXE)
(MNZGCYLV.EXE)
(HELP.EXE)
(WIN64.EXE)
(WIN25.TMP.EXE)
(INSTALLER.EXE)
(OAHIRVFS.EXE)
(WIN2B.TMP.EXE)
(WIN27.TMP.EXE)
(WIN1E.TMP.EXE)
(PDYQ.EXE)
(WIN22.TMP.EXE)
(IDWJKNWV.EXE)
(HAIAAXHY.EXE)
(WIN28.TMP.EXE)
(WIN10.TMP.EXE)
(WSPQBUJ.DLL)
(VYWROGN.DLL)
(JODDAAAA.EXE)
(MPFL.EXE)
(QKAWX.EXE)
(IFXZXCAG.EXE)
(TNFWXXI.DLL)
(UVBCLNYL.EXE)
(BVVJZOZH.EXE)
(CEKR32.DLL)
(I.EXE)
(BLOCK.EXE)
(FKCNGCHG.DLL)
(HLCE.EXE)
(LAF34.TMP)
(LAF35.TMP)
(LAF36.TMP)
(48.TMP)
(BBGDAAAA.EXE)
(SDFFF)
(WIN28.TMP.EXE)
(WIN26.TMP.EXE)
(WIN22.TMP.EXE)
(1.EXE)
(FHNNLPGD.EXE)
(JJIBJFHV.EXE)
(MQVGNU.EXE)
(OBRX.EXE)
(FUMGEQCF.EXE)
(IDD12B.TMP.EXE)
(ITPB_6.EXE)
(GHRGEGHF.EXE)
(HBRQUSH.DLL)
(WIN22.TMP.EXE)
(AUYRAQHE.EXE)
(LEKYYQN.DLL)
(SYS_L_DLL.EXE)
(PP.EXE.EXE)
(DD.EXE)
(MA.EXE.EXE)
(START901.EXE)
(START900.EXE)
(HYENT.EXE)
(TNVR.EXE)
(VRXDBLIC.EXE)
(13.TMP)
(TMP_XXG.EXE)
(RGGJTVLY.EXE)
(SM.EXE)
(BLFUGLCF.EXE)
(WIN83.TMP.EXE)
(778A275B.EXE)
(LYDHMP44.DLL)
(TIMPLATF0RM.EXE)
(00018127.EXE)
(9129837.EXE)
(SVCHOSTS(1).EXE)
(SETUP99.EXE)
(WKERNEL33.EXE)
(IVHL.DLL)
(SHHKWX.EXE)
(VM3.EXE)
(BBKA.EXE)
(G67F443D6GS.EXE)
(WRJGST.EXE)
(MMAB.EXE)
(SQKBHLFL.EXE)
(JRBRXATN.EXE)
(KXIED.EXE)
(MM.EXE)
(RUN2.EXE)
(SWOJEQG.DLL)
(13[1].EXE)
(FEBEWCIT.EXE)
(WIN13.TMP.EXE)
(TTIELB.DLL)
(WINF.TMP.EXE_DEUPX.EXE)
(DD.EXE)
(AG.EXE)
(AE.EXE)
(AD.EXE)
(AC.EXE)
(A58C8A4A.EXE)
(ATMOUN.EXE)
(534001036.EXE)
(214515960.EXE)
(KIFCOMJGKI.EXE)
(VKLT.EXE)
(TLK1.EXE)
(000.EXE)
(JA(1).EXE)
(AP3.EXE)
(AP2.EXE)
(AP1.EXE)
(AP0.EXE)
(CWHKNHID.EXE)
(SETUP97.EXE)
(B129.EXE)
(DD.EXE)
(SC.EXE)
(KB12993537.EXE)
(RVQTJAJ.DLL)
(MIZABRD.DLL)
(SSODXLNV.EXE)
(WIND.TMP.EXE)
(WIN9.TMP.EXE)
(WIN9.TMP.EXE_DEUPX.EXE)
(VCQW.EXE)
(TMP.FFF.EXE)
(12.TMP)
(95.TMP)
(CDEGFR)
(FDSF)
(GPWUJG32.DLL)
(VER2501.EXE)
(UYPVMGI.DLL)
(#MHRQQFL.DLL)
(IOIVAIEO.EXE)
(MHRQQFL.DLL)
(WIN8F.TMP.EXE)
(WIN81.TMP.EXE)
(WIN83.TMP.EXE)
(60787.EXE)
(T12EQWEQW3.EXE)
(YHKESQVH.EXE)
(YYUEUWEX.EXE)
(2E.TMP)
(IVNCATVN.EXE)
(AJBF.EXE)
(AFIHDMOL.DLL)
(SETUP.EXE)
(IAKMPX.EXE)
(QSILLAKE.EXE)
(111419.EXE)
(XXWKLZDM.EXE)
(UPD0002.EXE)
(6.EXE)
(SETUP66.EXE)
(TRGEN-CAT_DSKTRF-FRAN[1].EXE)
(INSTALLERV3.EXE)
(INSTALLERV5.EXE)
(TEMP)
(WINVUSG.EXE)
(WINGUTRRQ.EXE)
(PARD3A6.TMP)
(FSBUDTGS.EXE)
(VIA[1].EXE)
(WINBRJLN.EXE)
(WINPJMRJ.EXE)
(PUHEOGJ.EXE)
(INSTALL2.BAT)
(INSTALL.BAT)
(START-SOFT.BAT)
(XVVKUWJO.EXE)
(ONOZMHUP.EXE)
(ZFYAVEB.DLL)
(MAD)
(KOYQBC.EXE)
(IPS.DLL)
(FDSF)
(F.TMP)
(ICQMLIB.EXE)
(SETUP.EXE)
(ZIYFUCDV.EXE)
(CDRAL875.EXE)
(WIN359B.TMP)
(AOISHKUX.EXE)
(HD1E.TMP)
(MA1X1DDV.GAME)
(ZC[1].PHP)
(LO.EXE)
(FENCNANO.EXE)
(33[1])
(3003Z[1])
(60787[1].EXE)
(INSTALL_BT1[1])
(M2.EXE)
(MS5.EXE)
(TOOL5-FRAN-ONE.EXE)
(ADV644[1].HTM)
(DUO.EXE)
(BS51-EGIHSG51-VA.EXE)
(MGSSETP.EXE)
(NSU5.EXE)
(SETUP1021.EXE)
(SETUP1015.EXE)
(CURS[1].ANR)
(PEP.EXE.EXE)
(POP1.EXE)
(PP.EXE)
(IZGKXVEO.EXE)
(1903CR.EXE)
(NIOXV.EXE)
(TFIG.EXE)
(TGDLLVKU.EXE)
(LMMCRB.EXE)
(1110781.EXE)
(CLEAN_8143C.DLL)
(JUEXIAO.EXE)
(VUSJWULX.EXE)
(RO0.EXE)
(RO03.EXE)
(FLASH POSTCARD.EXE)
(53001984.EXE)
(ETFAHD32.DLL)
(97.TMP)
(FWENB.EXE)
(PYLNO.EXE)
(~LOADER[1])
(TEMP.HTM)
(INSTALLER.EXE)
(AJANKMQT.EXE)
(GDNOT2267.EXE)
(TEMP.EXE)
(G67F443D6GS.EXE)
(WHKJITUH.EXE)
(15.EXE)
(GCLY.EXE)
(HDB3.TMP)
(-339947366.EXE)
(6.TMP)
(B7.TMP)
(DDCYVWU.DLL)
(GRPODE.DLL)
(32DLFRNQ.COM)
(M.EXE)
(SP.EXE)
(5.TMP)
(6.TMP)
(8.TMP)
(ABC3000DEF.EXE)
(WIN1C.TMP.EXE)
(WIN2A.TMP.EXE)
(WIN2C.TMP.EXE)
(SETUP.EXE)
(FNJI.EXE)
(FARWJCLI.EXE)
(QBIWXLI.DLL)
(INSTALLER.EXE)
(SB1083.EXE)
(WIN5A.TMP.EXE)
(WIN63.TMP.EXE)
(WIN5C.TMP.EXE)
(PMDCRNL.DLL)
(0SWA5ZNP.COM)
(MIKJGZL.DLL)
(2465515.EXE)
(AIRANRI.DLL)
(SYSWEVX.EXE)
(WIN1A.TMP.EXE)
(WIN1E.TMP.EXE)
(WIN18.TMP.EXE)
(WIN1C.TMP.EXE)
(WIN20.TMP.EXE)
(RUNFILE.EXE)
(CCSQPJCO.EXE)
(QJUVIFOT.EXE)
(APYJABOP.EXE)
(WIN1C.TMP.EXE)
(WIN29.TMP.EXE)
(BEIP.EXE)
(CEHMNNGO.EXE)
(FFMK.EXE)
(GF0Z6WR0.EXE)
(NGGI.EXE)
(_ZLU_ZLOPE07.EXE)
(NFED.EXE)
(WIN33B0.TMP.EXE)
(WIN4171.TMP.EXE)
(LHBJ.EXE)
(MC.EXE)
(OCMOMEIE.EXE)
(FGDE.EXE3072.EXE)
(KILACLN.EXE)
(KHDPPGPN.EXE)
(PINP.EXE)
(OJHPBH32.EXE)
(SJITIJCH.EXE)
(WIN1C.TMP.EXE)
(INSTALLER.EXE)
(WIN5.TMP.EXE)
(VXLFLCJU.EXE)
(WINEAJ32.DLL)
(OPTIONSA.EXE)
(WGAHAAAA.EXE)
(YXKPTNML.EXE)
(WIN27.TMP.EXE)
(28J8GH.EXE)
(DUP1.EXE)
(KCP.SYS)
(TCTWFIRG.EXE)
(GAME4.EXE)
(KYPLN.EXE)
(TLU1I1QI.EXE)
(D.EXE)
(IFCJAVWL.EXE)
(CCC.EXE)
(FILE.EXE)
(ZGAME2)
(ZGAME4)
(ZGAME5)
(UGZJFYX.EXE)
(SAMS.EXE.EXE)
(NBKG.EXE)
(PEE.EXE.EXE)
(NB5XAL86.EXE)
(NULCU1OQ.EXE)
(PFPF.EXE)
(WUTDZLJL.EXE)
(ADKK.EXE)
(DEHG.EXE)
(N13.EXE)
(UHMZAVGB.EXE)
(SYSYCIY.EXE)
(IE_UPDATER1.EXE)
(S5YVDWQQ.COM)
(WIN1E.TMP.EXE)
(KB_963493.EXE.BAK)
(GKBF.EXE)
(NPNE.EXE)
(POPF.EXE)
(WIN11.TMP.EXE)
(WIN20.TMP.EXE)
(ALT.EXE.EXE)
(FNOM.EXE)
(SERVICES.DLL)
(WIN7.TMP.EXE)
(MIT.BAT)
(198046.EXE)
(XX1232255.EXE)
(WIN32.EXE)
(KB21542167.EXE)
(KB93427757.EXE)
(WIN1F.TMP.EXE)
(WIN1A.TMP.EXE)
(WIN1E.TMP.EXE)
(PRNOGDZL.COM)
(WIN1F.TMP.EXE)
(DK9FGT0P.COM)
(WIN1D.TMP.EXE)
(BWTWHEHQ.EXE)
(LGIG.EXE)
(WIN1D.TMP.EXE)
(TZKE.EXE)
(0.EXE)
(ASWHG.EXE)
(KB21542167.EXE)
(~TMP0374.EXE)
(TMP2B.TMP.DLL)
(U.EXE)
(TSSDEDOW.DLL)
(WIN7.TMP.EXE)
(350734.EXE)
(WIN20.TMP.EXE)
(INSTALLER.EXE)
(WYJGSA.EXE)
(IPQPWNGJ.EXE)
(3.TMP)
(GBGDOTOH.EXE)
(JWRPYS8Y.EXE)
(DXPITETU.DLL)
(QPWJMPMN.EXE)
(DYRYHCHI.EXE)
(KAJLN.EXE)
(FJIA.EXE)
({4810E17F-11E2-44E0-8610-8B5908E181F7}.EXE)
(RPSS.DLL)
(RPSC.DLL)
(LOADER[1].EXE)
(ABMVGZP.EXE)
(6.EXE)
(KDXQC.EXE)
(YWITLNA.EXE~)
(7.EXE)
(CLEAN_B4D30.DLL)
(OSI27.TMP)
(1[1].EXE)
(3[1].EXE)
(5[1].EXE)
(WINDOWS_UPDATE[1].EXE)
(GAGO.EXE)
(FALP.EXE)
(FIML.EXE)
(HGA3SDHJA.EXE)
(HWFUTCZK.EXE)
(VCTTC012.EXE)
(ADSNDSV.EXE)
(COGYAGA58441.EXE)
(WR613.EXE)
(1.EXE)
(5.EXE)
(AZ001.EXE)
(MSI6B72.TMP)
(ADW.EXE)
(MSI125F.TMP)
(1634453.EXE)
(WIN12BA.TMP.EXE)
(HGA3SDHJA.EXE)
(TYWREOTU.EXE)
(TFGUDYLR.EXE)
(QCHRQILR1.EXE)
(UNI_EH43.EXE)
(UNINST1014.EXE)
(INSTALLER.EXE)
(XRXXERGZ.EXE)
(HGA3SDHJA.EXE)
(ALT[1].EXE)
(WINCG[1].EXE)
(WINAND[2].EXE)
(CC[1].EXE)
(LPR.DLL)
(0X57.EXE)
(KB34040802.EXE)
(KB00016252.EXE)
(KB11505076.EXE)
(MSI778A.TMP)
(WGXWICEH.EXE)
(INSTALLER.EXE)
(76.EXE)
(WIN90.TMP.EXE)
(SYSXPPY.EXE)
(VHOSTS.EXE)
(EPYRSPOV.EXE)
(GMC.EXE.EXE)
(FLLP.EXE)
(GERTA.EXE)
(GMGE.EXE)
(MDFB.EXE)
(EJOP.EXE)
(10569750.EXE)
(10581515.EXE)
(CLCL13.EXE)
(MKKGF65H.DLL)
(DELFSF.BAT)
(4692A42B1F8.TMP)
(SPOOLDR.EXE)
(QMBFLHKK.EXE)
(UUCBQOOCDK.EXE)
(WZHTJQO.DLL)
(TMP9.TMP.EXE)
({2964FDE0-B94C-4E83-B299-FD9DBDF3D02A}.EXE)
(WIN6E.TMP.EXE)
(ACELPDECP.EXE)
(WUVX.EXE)
(GDMRAJXB.EXE)
(UKCSYGUO.EXE)
(XZROIHOTNW.EXE)
(QWVETJKZN.EXE)
(KDGWJ.EXE)
(EIGBBB.DLL)
({8B815C61-9C82-4633-8CEC-F52CA4092AF3}.EXE)
(MAIN_UNINSTALLER.EXE)
(SERVER1.EXE)
(G.EXE)
(SYSVMXZ.EXE)
(TMP2B.TMP.EXE)
(TMP2C.TMP.EXE)
(TMP2D.TMP.EXE)
(4481546)
(AUTOLFN.DLL)
(AWWWUT.DLL)
(XGDKBUDC.DLL)
(CIKVQCQX.DLL)
(EUIUBGZY.EXE)
(GBR.EXE)
(DXVWBLRY.EXE)
(1903CRA.EXE)
(AB_02.EXE)
(DXVWAKYP.EXE)
(DADZU2RUB.EXE)
(EIM01.EXE)
(IDVFPULH.EXE)
(SRVIEHVZYQ.EXE)
(MLJUL1.EXE)
(MSDNC1.EXE)
(BROWSER.EXE)
(NTSVC32.DLL)
(SJDG32.SYS)
(27.TMP)
(MSNTLODV.EXE)
(MSNTHBAR.EXE)
(GDID32.DLL)


***^^ after the scan from superantispyware I click on the explain detected item which is that ^^^



The 2 one is called

Summary : Adware.WebBuying Assistant-Installer.Process

Description : Adware.WebBuying Assistant installer file

Threat Level (1-10) : 6

Processes : *
WEBBUYING.EXE
UF174.EXE
UF205.EXE

-------------
The problem is it seems like it never goes away. I use all the programs that I have listed up there and pretty much wont help. Any advise?

BC AdBot (Login to Remove)

 


#2 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:02:05 AM

Posted 21 August 2007 - 11:39 PM

Have you tried running the scans in safe mode? Start Windows In Safe Mode Tutorial.. Spybot and SAS have always removed it for me in safe mode.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#3 Erick913

Erick913
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:05 AM

Posted 21 August 2007 - 11:49 PM

I did with all the other programs but not with superantispyware.

#4 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:02:05 AM

Posted 22 August 2007 - 12:19 AM

Run SAS in safe mode, it is a bit of a PITA, but worth it. Also, you could download Avast! Home Free This is fully functional for two months, and has a Boot Time Scan feature that is really nice. The Boot time Scan normally removes anything that it detects.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:05 AM

Posted 22 August 2007 - 07:40 AM

You should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page. If you have any questions or are unsure of the instructions, please ask for clarification before proceeding.

Download and scan with Dr.Web CureIt. Follow the instructions here for performing a scan in "safe mode".

When done, download Sysclean Package & save it to your desktop.
  • Create a new folder on drive "C:\" and rename it Sysclean - (C:\Sysclean).
  • Place the sysclean.com inside that folder.
  • Then download the latest Virus Pattern Files - (Pattern files are usually named lptxxx.zip, where xxx is the pattern file number)
  • Extract (unzip) the lptxxx.zip pattern file into the Sysclean folder where you put sysclean.com. (Click here for information on how to extract a file if your not sure how to do this. DO NOT scan yet.
Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Note: Some anti-virus programs such as Avast will alert you to a virus attack when running sysclean so it's best to disable them before going to the next step.

Scan with Sysclean as follows:
  • Open the Sysclean folder and double-click on sysclean.com to start the scanning process.
  • Put a check mark on the "Automatically clean or delete infected files" option by clicking in the checkbox.
  • Click the Advanced >> button.
  • The scan options appear. Select the "Scan all local fixed drives".
  • Click the "Scan button" on the Trend Micro System Cleaner console.
  • It will take some time to complete. Be patient and let it clean whatever it finds.
  • Another MS-DOS window appears containing the log file generated in the System Cleaner folder.
  • To view the log, click the "View button" on the Trend Micro System Cleaner console. The Trend Micro Sysclean Package - Log window appears.
    • The Files Detected section shows the viruses that were detected by System Cleaner.
    • The Files Clean section shows the viruses that were cleaned.
    • The Clean Fail section shows the viruses that were not cleaned.
  • Exit when done, reboot normally and re-enable your anti-virus program.
Instructions with screenshots are here if you need them.

When using Sysclean its best to use the Administrator's account or an account with Administrative rights otherwise you will not have the rights to scan some locations. The scanning process may result in "Access Denied" messages for some files. This is normal because these files are protected by the system. This tool generates a log file (sysclean.log) in the same folder where the scan is completed.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Erick913

Erick913
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:05 AM

Posted 22 August 2007 - 11:04 PM

^thanks for the reply,I will try that tomorrow since I don't have much time(college/full time job).

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:05 AM

Posted 23 August 2007 - 06:50 AM

Ok. Post back if you continue to have problems.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Erick913

Erick913
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:05 AM

Posted 23 August 2007 - 07:21 PM

Hey quietman7 I have already dl dr.web cure it which is saved on my desktop. I already know how to reboot my computer but my question is do you want me to this ? Just want to make sure.


Scan with DrWeb-CureIt as follows:

* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
* Once the short scan has finished, Click Options > Change settings
* Choose the "Scan tab" and UNcheck "Heuristic analysis"
* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
* When done, a message will be displayed at the bottom advising if any viruses were found.
* Click "Yes to all" if it asks if you want to cure/move the file.
* When the scan has finished, look if you can the next icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
* Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
* Save the DrWeb.csv report to your desktop.
* Exit Dr.Web Cureit when done.
* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

#9 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:02:05 AM

Posted 23 August 2007 - 07:33 PM

The instructions look perfect. However, I always recommend that you obtain the latest version of DR Web available from the website, as it is updated frequently. If you have had your copy of Dr Web for more than a few days, I believe that you should download it again.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#10 Erick913

Erick913
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:05 AM

Posted 23 August 2007 - 11:32 PM

Alright just finish, thank you for taking the time to help me out.

#11 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:02:05 AM

Posted 24 August 2007 - 01:16 AM

From Bleeping Computer , You are welcome! :thumbsup: How is your machine running?
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:05 AM

Posted 24 August 2007 - 06:47 AM

With so much malware on your system, I recommend you now rescan with your primary anti-virus program in "SAFE MODE".

Then perform at least two of these online Virus scans:
[Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component.]
BitDefender Online Scanner. <- Add a check by "Autoclean"
F-Secure Online Scanner. <- Be sure to follow the directions on the F-Secure page for proper Installation. (also checks for rootkits).
Trend Micro Housecall <- Use "Autoclean" and manually delete what it can't clean.
ESET Online Scanner
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 Erick913

Erick913
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:05 AM

Posted 24 August 2007 - 08:07 PM

Everything seems about right thank you guys. Forgot to ask about comboxfix,cureit, icon on my desktop. I don't like to have that many desktop icon when my com starts what can I do about does two?

Edited by Erick913, 24 August 2007 - 08:13 PM.


#14 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:02:05 AM

Posted 24 August 2007 - 08:23 PM

You can delete both of those. Run both of the scans that quietman7 recommended. any two of the four will be fine. This is like a second opinion.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:05 AM

Posted 25 August 2007 - 05:55 AM

When your done, if there are no further problems, then the last thing you should do is Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system if you use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recent Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users