Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tratbho Problem!


  • Please log in to reply
14 replies to this topic

#1 alchar

alchar

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 02 February 2008 - 11:11 AM

Hi, this is my first post ever (in any forum), so I d like to ask for your understanding. My PC (Windows XP) has been infected by the TratBHO virus. I tried using avast, vundofix and virtumundobegone but none worked. I got the virus through msn and what it does -most of the time- is send itself via msn to others, and then msn doesnt work. At first I read about a similar virus/spyware named pic(1)(1)(1) and so on, and i followed the instructions to erase it. I thought that worked but then avast started notifying me that I ve got this trojan, TratBHO. As I said, I used vundofix and virtumundobegone but the first said it could not delete this file awtstur.dll and I tried using virtumundo, but that didnt do anything either. Vundofix picks up the virus and so does avast, and I stopped using msn :thumbsup: Can you help?

BC AdBot (Login to Remove)

 


#2 alchar

alchar
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 02 February 2008 - 01:17 PM

No ideas? I tried reading the other posts but nothing really helped. I d appreciate some advice! Thanks

#3 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 02 February 2008 - 01:32 PM

Hi and welcom!! :flowers:
if you know how to; take a restore point NOW then download and
try running these free programs

superantispyware
http://www.superantispyware.com/
asquared
http://www.emsisoft.com/en/software/free/
spybot
http://www.spybot.info/en/download/index.html

fully update, reboot and run on full deep scans to see what they find ?

also an on line scan from trend

http://housecall.trendmicro.com/

and report back when done :thumbsup:

depending on what you have on your computer this lot may take a few hours run ON full deep scans , so be prepared

#4 alchar

alchar
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 02 February 2008 - 02:35 PM

Well no I dont know what a restore point is and do you really think I have to do all that? I ve already added spybot, then all the others i mention in the first post and they all seem to agree i ve got this trojan but none can deal with it!

#5 alchar

alchar
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 02 February 2008 - 03:02 PM

Any help on the restore point? I looked at another discussion but I cant see any System Tools in my Accessories, thanks!

#6 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 02 February 2008 - 03:10 PM

system restore should be found


start/all programs/ accessories/system restore

it is not vital but would be helpful if you COULD find it and create a restore point prior to doing any work on the computer

you do need to run the suggested scans as they are prerequisites for any further analysis of the computer within another section of this forum

they also might find other infections you do not as yet know you have got :thumbsup:

#7 alchar

alchar
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 02 February 2008 - 03:25 PM

All it says in system tools (which i did find where you said) is internet explorer (no add-ons). I just did a full scan with super anti spyware which i updated first and it did found lots of adware and trojans. Do you want me to paste the log?

#8 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:07:54 AM

Posted 02 February 2008 - 03:29 PM

have you run the a squared program yet and the on line scan from trend?

save the susperantispyware log and post the results of all the scans when done

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:54 AM

Posted 02 February 2008 - 03:45 PM

There are no shortcuts or guarantees when it comes to malware removal. Sometimes it takes several efforts with different tools to do the job. Even then, with some types of malware infections, the task can be arduous. In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned or repaired. In those cases, recovery is not possible and the only option is to reformat/reinstall the OS.

Since all the tools you have used are not working, this issue will require further investigation and probably the use of more powerful tools than we recommend in this forum. Before that can be done you will need you to create and post a hijackthis log.

Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". You may have performed some of these steps already. If you can't perform a step, then skip and continue with the next. In step #9 there are instructions for downloading HijackThis and creating a log. (This is a self-extracting version which will automatically install the current version of HJT in the proper location.) If using Windows Vista, be sure to Run As Administrator.

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 alchar

alchar
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 02 February 2008 - 05:18 PM

Ok the three scans are finished although I still cant find system restore. I cant see how I can post the results from the online scan. The other two are these:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/02/2008 at 10:19 PM

Application Version : 3.9.1008

Core Rules Database Version : 3394
Trace Rules Database Version: 1386

Scan type : Complete Scan
Total Scan Time : 00:33:50

Memory items scanned : 504
Memory threats detected : 3
Registry items scanned : 7009
Registry threats detected : 29
File items scanned : 50730
File threats detected : 62

Trojan.Unclassifed/AffiliateBundle
C:\WINDOWS\SYSTEM32\AWTSTUR.DLL
C:\WINDOWS\SYSTEM32\AWTSTUR.DLL
C:\WINDOWS\SYSTEM32\LJJKHED.DLL
C:\WINDOWS\SYSTEM32\LJJKHED.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BED7C2B4-3DA5-4F4F-84F7-07CAB3418E5F}
HKCR\CLSID\{BED7C2B4-3DA5-4F4F-84F7-07CAB3418E5F}
HKCR\CLSID\{BED7C2B4-3DA5-4F4F-84F7-07CAB3418E5F}\InprocServer32
HKCR\CLSID\{BED7C2B4-3DA5-4F4F-84F7-07CAB3418E5F}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{BED7C2B4-3DA5-4F4F-84F7-07CAB3418E5F}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{9AA57522-2ECD-47DF-BD38-20E7E577A464}
HKCR\CLSID\{9AA57522-2ECD-47DF-BD38-20E7E577A464}
HKCR\CLSID\{9AA57522-2ECD-47DF-BD38-20E7E577A464}\InprocServer32
HKCR\CLSID\{9AA57522-2ECD-47DF-BD38-20E7E577A464}\InprocServer32#ThreadingModel
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B3C86D4C-3575-4F7F-BDBA-62F8D210E2E2}\RP213\A0097889.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B3C86D4C-3575-4F7F-BDBA-62F8D210E2E2}\RP213\A0097890.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B3C86D4C-3575-4F7F-BDBA-62F8D210E2E2}\RP213\A0097891.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B3C86D4C-3575-4F7F-BDBA-62F8D210E2E2}\RP213\A0097892.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B3C86D4C-3575-4F7F-BDBA-62F8D210E2E2}\RP213\A0097893.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B3C86D4C-3575-4F7F-BDBA-62F8D210E2E2}\RP213\A0097894.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B3C86D4C-3575-4F7F-BDBA-62F8D210E2E2}\RP213\A0097895.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B3C86D4C-3575-4F7F-BDBA-62F8D210E2E2}\RP213\A0097896.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B3C86D4C-3575-4F7F-BDBA-62F8D210E2E2}\RP213\A0097897.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B3C86D4C-3575-4F7F-BDBA-62F8D210E2E2}\RP213\A0097898.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B3C86D4C-3575-4F7F-BDBA-62F8D210E2E2}\RP213\A0097899.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B3C86D4C-3575-4F7F-BDBA-62F8D210E2E2}\RP213\A0098034.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B3C86D4C-3575-4F7F-BDBA-62F8D210E2E2}\RP214\A0098063.DLL
C:\VUNDOFIX BACKUPS\AWTSTUR.DLL.BAD
C:\VUNDOFIX BACKUPS\BYXXYVU.DLL.BAD
C:\VUNDOFIX BACKUPS\FCCCAYX.DLL.BAD
C:\VUNDOFIX BACKUPS\IIFCYVW.DLL.BAD
C:\VUNDOFIX BACKUPS\IIFFEDB.DLL.BAD
C:\VUNDOFIX BACKUPS\LJJKHED.DLL.BAD
C:\VUNDOFIX BACKUPS\MLJJGGH.DLL.BAD
C:\VUNDOFIX BACKUPS\OPPMJJI.DLL.BAD
C:\VUNDOFIX BACKUPS\QOMNONO.DLL.BAD
C:\VUNDOFIX BACKUPS\RQOOOPO.DLL.BAD
C:\VUNDOFIX BACKUPS\URQNOOO.DLL.BAD
C:\VUNDOFIX BACKUPS\URQRPPQ.DLL.BAD
C:\VUNDOFIX BACKUPS\VTUVSSP.DLL.BAD
C:\VUNDOFIX BACKUPS\WVUTSSQ.DLL.BAD
C:\WINDOWS\SYSTEM32\YAYYYVV.DLL.VIR

Unclassified.Unknown Origin/System
C:\WINDOWS\SYSTEM32\JKKLL.DLL
C:\WINDOWS\SYSTEM32\JKKLL.DLL

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{17592655-51A6-4935-8FA6-97ECCAE33127}
HKCR\CLSID\{17592655-51A6-4935-8FA6-97ECCAE33127}
HKCR\CLSID\{17592655-51A6-4935-8FA6-97ECCAE33127}\InprocServer32
HKCR\CLSID\{17592655-51A6-4935-8FA6-97ECCAE33127}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\DDCYY.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17592655-51A6-4935-8FA6-97ECCAE33127}

Trojan.WinFixer
HKLM\Software\Classes\CLSID\{4EE9C137-3EFE-46B9-9E52-0D5BA4EC964C}
HKCR\CLSID\{4EE9C137-3EFE-46B9-9E52-0D5BA4EC964C}
HKCR\CLSID\{4EE9C137-3EFE-46B9-9E52-0D5BA4EC964C}\InprocServer32
HKCR\CLSID\{4EE9C137-3EFE-46B9-9E52-0D5BA4EC964C}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\AWTSQ.DLL
HKLM\Software\Classes\CLSID\{9DFEB2AA-0A3F-409A-96D6-892B3418E2C2}
HKCR\CLSID\{9DFEB2AA-0A3F-409A-96D6-892B3418E2C2}
HKCR\CLSID\{9DFEB2AA-0A3F-409A-96D6-892B3418E2C2}\InprocServer32
HKCR\CLSID\{9DFEB2AA-0A3F-409A-96D6-892B3418E2C2}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{CF65F9D6-FE45-4ED4-955E-BA6ED88ECC92}
HKCR\CLSID\{CF65F9D6-FE45-4ED4-955E-BA6ED88ECC92}
HKCR\CLSID\{CF65F9D6-FE45-4ED4-955E-BA6ED88ECC92}\InprocServer32
HKCR\CLSID\{CF65F9D6-FE45-4ED4-955E-BA6ED88ECC92}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\DDCCB.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4EE9C137-3EFE-46B9-9E52-0D5BA4EC964C}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9DFEB2AA-0A3F-409A-96D6-892B3418E2C2}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CF65F9D6-FE45-4ED4-955E-BA6ED88ECC92}

Adware.Tracking Cookie
C:\Documents and Settings\Alex\Cookies\alex@imrworldwide[2].txt
C:\Documents and Settings\Alex\Cookies\alex@cpvfeed[2].txt
C:\Documents and Settings\Alex\Cookies\alex@ads.ak.facebook[1].txt
C:\Documents and Settings\Alex\Cookies\alex@int.sitestat[2].txt
C:\Documents and Settings\Alex\Cookies\alex@atdmt[2].txt
C:\Documents and Settings\Alex\Cookies\alex@adserver.hellasnet[1].txt
C:\Documents and Settings\Alex\Cookies\alex@perf.overture[1].txt
C:\Documents and Settings\Alex\Cookies\alex@questionmarket[2].txt
C:\Documents and Settings\Alex\Cookies\alex@www.googleadservices[1].txt
C:\Documents and Settings\Alex\Cookies\alex@xiti[1].txt
C:\Documents and Settings\Alex\Cookies\alex@advertising[1].txt
C:\Documents and Settings\Alex\Cookies\alex@ads.pointroll[1].txt
C:\Documents and Settings\Alex\Cookies\alex@serving-sys[1].txt
C:\Documents and Settings\Alex\Cookies\alex@int.sitestat[1].txt
C:\Documents and Settings\Alex\Cookies\alex@ad.yieldmanager[2].txt
C:\Documents and Settings\Alex\Cookies\alex@revsci[2].txt
C:\Documents and Settings\Alex\Cookies\alex@tribalfusion[1].txt
C:\Documents and Settings\Alex\Cookies\alex@bs.serving-sys[2].txt
C:\Documents and Settings\Alex\Cookies\alex@specificclick[1].txt
C:\Documents and Settings\Alex\Cookies\alex@divx.adbureau[2].txt
C:\Documents and Settings\Alex\Cookies\alex@adinterax[1].txt
C:\Documents and Settings\Alex\Cookies\alex@2o7[2].txt

Trojan.Unknown Origin
C:\DOCUMENTS AND SETTINGS\ALEX\LOCAL SETTINGS\TEMP\10.EXE
C:\DOCUMENTS AND SETTINGS\ALEX\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\XZK55AJ7\XPSO[1].EXE

Adware.Vundo-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B3C86D4C-3575-4F7F-BDBA-62F8D210E2E2}\RP213\A0097888.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B3C86D4C-3575-4F7F-BDBA-62F8D210E2E2}\RP214\A0098062.DLL

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\LLKKJ.INI
C:\WINDOWS\SYSTEM32\LLKKJ.INI2

a-squared Anti-Malware - Version 3.1
Last update: 2/2/2008 10:36:43 μμ

Scan settings:

Objects: Memory, Traces, Cookies, C:\
Scan archives: On
Heuristics: On
ADS Scan: On

Scan start: 2/2/2008 10:37:00 μμ

[2836] C:\WINDOWS\system32\awtstur.dll detected: Heuristic.LOP
[2984] C:\WINDOWS\system32\awtstur.dll detected: Heuristic.LOP
[3460] C:\WINDOWS\system32\awtstur.dll detected: Heuristic.LOP
C:\Documents and Settings\Alex\Cookies\alex@2o7[2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Cookies\alex@aboutseo[2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Cookies\alex@adserver.hellasnet[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Cookies\alex@advertising[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Cookies\alex@atdmt[2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Cookies\alex@bs.serving-sys[2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Cookies\alex@com[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Cookies\alex@questionmarket[2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Cookies\alex@serving-sys[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Cookies\alex@specificclick[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Cookies\alex@tribalfusion[1].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:49 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:50 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:51 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:52 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:220 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:262 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:770 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:771 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:774 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:775 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:776 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:777 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:778 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:779 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:780 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:781 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:782 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:783 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:785 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:786 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:787 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:788 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:789 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:790 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:791 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:792 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:793 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:794 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:795 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:796 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:797 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:798 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:799 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:800 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:801 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:802 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:803 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:804 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:805 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:806 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:807 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:808 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:809 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:810 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:811 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:812 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:813 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:814 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:815 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:816 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:817 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:818 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:819 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:820 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:821 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:822 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:823 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:824 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:825 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:826 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:827 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:828 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:829 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:830 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:831 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:832 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:833 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:835 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:836 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:841 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:842 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:843 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:850 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:851 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:852 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:853 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:854 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:855 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:859 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:864 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:865 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:919 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:920 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:921 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\gd8zstwg.default\cookies.txt:922 detected: Trace.TrackingCookie
C:\Documents and Settings\Alex\Local Settings\Temp\nsv5.tmp detected: Riskware.RiskTool.Win32.Processor.20
C:\Documents and Settings\Alex\Local Settings\Temporary Internet files\Content.IE5\XZK55AJ7\tr[1] detected: Adware.Win32.Virtumonde.dnn
C:\Documents and Settings\Alex\Τα έγγραφά μου\DOWNLOADS\ducsetup.exe detected: Email-Worm.Win32.Runouce.b
C:\System Volume Information\_restore{B3C86D4C-3575-4F7F-BDBA-62F8D210E2E2}\RP213\A0097890.dll detected: Heuristic.LOP
C:\System Volume Information\_restore{B3C86D4C-3575-4F7F-BDBA-62F8D210E2E2}\RP213\A0097892.dll detected: Heuristic.LOP
C:\System Volume Information\_restore{B3C86D4C-3575-4F7F-BDBA-62F8D210E2E2}\RP213\A0097894.dll detected: Heuristic.LOP
C:\System Volume Information\_restore{B3C86D4C-3575-4F7F-BDBA-62F8D210E2E2}\RP213\A0097896.dll detected: Heuristic.LOP
C:\VundoFix Backups\awtstur.dll.bad detected: Heuristic.LOP
C:\VundoFix Backups\fcccayx.dll.bad detected: Heuristic.LOP
C:\VundoFix Backups\iiffedb.dll.bad detected: Heuristic.LOP
C:\VundoFix Backups\oppmjji.dll.bad detected: Heuristic.LOP
C:\VundoFix Backups\rqooopo.dll.bad detected: Heuristic.LOP
C:\WINDOWS\system32\awtstur.dll detected: Heuristic.LOP

Scanned

Files: 250056
Traces: 370045
Cookies: 1124
Processes: 49

Found

Files: 13
Traces: 0
Cookies: 96
Processes: 3
Registry keys: 0

Scan end: 2/2/2008 11:27:40 μμ
Scan time: 0:50:40

Was there a way to attach them? How can I send the log from the online search?

#11 alchar

alchar
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 02 February 2008 - 05:19 PM

BTW, I havent cleaned anything since I am waiting for your next instructions :thumbsup:

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:54 AM

Posted 02 February 2008 - 07:03 PM

Go ahead and let the online scans clean whatever they find. I doubt they will get this entire infection as the files keep regenerating but you never know. Vundofix did get the awtstur.dll file (and others) because your SAS log shows it in the backups. SAS found it again.

If your have trouble posting the results, just let us know what files were found which could not be deleted.

Also let us know if your getting any more alerts about the TratBHO virus.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 alchar

alchar
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 02 February 2008 - 07:44 PM

I cleaned everything up, both with the online scan and Super Antispyware and I didnt get any messages about files that could not be deleted. I scanned and scanned again, and it seems clean. If they regenerate -as they always do :flowers: - I ll let you know. Thanks a lot for your help and patience. Hope I wont bother again soon :thumbsup:

#14 alchar

alchar
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 02 February 2008 - 07:48 PM

Bother you, I mean :thumbsup:

#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:54 AM

Posted 02 February 2008 - 10:13 PM

Thats good news. Now on to your System Restore problem. First read Windows XP System Restore Guide.

If System Restore is not working, check to make sure it is started and set to automatic.

Go to Start > Run and type: services.msc
  • Locate the System Restore Service and double-click it.
  • Click the "Start" button, then set the startup type in the dropdown box to "Automatic".
  • Press Apply > Ok, then reboot and try using it again.

    If its still not working, go to Start > Run and type: services.msc[list]
  • Locate the System Restore Service and double-click it.
  • Click the "Stop" button, then set the startup type in the dropdown box to "Disabled".
  • Press Apply > Ok, then reboot.
  • Open My Computer or Windows Explorer, go to Tools > Folder Options > View and check "Show hidden files and Folders", UNcheck "Hide Protected operating system Files (recommended)" and hit Apply > OK.
  • Check the "System Volume Information folder" on each drive and delete its contents (doing this removes all existing restore points).
  • Then reverse the steps where you disabled the service and restart it: Click "Start" and set set the startup type in the dropdown box to "Automatic".
If this still does not help, then follow these steps to "Reinstall System Restore".

"How to troubleshoot System Restore"
"System Restore Knowledge Base articles & Troubleshooting"
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users