Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hjt Log... Trying To Get Rid Of Adoginhispen


  • Please log in to reply
1 reply to this topic

#1 lanean

lanean

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 07 February 2008 - 11:12 PM

I'm still trying to get rid of this virus. I've downloaded Spybot S&D and SuperAnti Spyware.... adoginhispen and skitodayplease are still showing up in my browser history! Help please. I have a new iphone I want to activate but I'm terrified to connect it to my computer. Can it infect my iphone?

Here is my HijackThis Log
Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Tue 02/05/2008
The current time is: 21:14:55.18


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\DELLAI~1\BAK

05/02/2003 04:46 PM 270,336 dlbkbmgr.exe
1 File(s) 270,336 bytes

Directory of C:\PROGRA~1\MSNMES~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

09/01/2006 03:57 PM 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/03/2004 11:56 PM 15,360 ctfmon.exe
08/13/2003 08:27 AM 28,672 DSentry.exe
09/20/2005 08:32 AM 77,824 hkcmd.exe
01/06/2006 08:35 PM 622,592 hphmon06.exe
09/20/2005 08:36 AM 114,688 igfxpers.exe
09/20/2005 08:35 AM 94,208 igfxtray.exe
6 File(s) 953,344 bytes

Directory of C:\PROGRA~1\DELL\MEDIAE~1\BAK

08/26/2003 05:47 PM 204,800 PCMService.exe
1 File(s) 204,800 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

09/13/2004 03:49 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\HP\{BA2D9~1\BAK

01/06/2006 08:35 PM 49,152 hphupd06.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\INTEL\MODEME~1\BAK

09/03/2003 06:12 PM 221,184 IntelMEM.exe
1 File(s) 221,184 bytes

Directory of C:\PROGRA~1\MCAFEE\SPAMKI~1\BAK

06/16/2004 11:33 PM 98,304 MskAgent.exe
08/03/2004 06:18 PM 1,083,392 MskDetct.exe
2 File(s) 1,181,696 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\AGENT\BAK

09/22/2005 06:29 PM 303,104 mcagent.exe
01/11/2006 12:05 PM 212,992 mcupdate.exe
2 File(s) 516,096 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\MPS\BAK

09/28/2004 03:02 PM 249,856 mscifapp.exe
1 File(s) 249,856 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\PERSON~1\BAK

11/11/2005 04:00 PM 1,005,096 MpfTray.exe
1 File(s) 1,005,096 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\VSO\BAK

07/08/2005 06:18 PM 151,552 mcmnhdlr.exe
08/10/2005 12:49 PM 163,840 mcvsshld.exe
08/11/2005 10:02 PM 53,248 oasclnt.exe
3 File(s) 368,640 bytes

Directory of C:\PROGRA~1\MUSICM~1\MUSICM~2\BAK

01/17/2006 01:03 PM 135,168 mm_tray.exe
01/17/2006 01:03 PM 53,248 mmtask.exe
2 File(s) 188,416 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

03/27/2007 02:22 PM 4,670,968 YAHOOM~1.EXE
1 File(s) 4,670,968 bytes

Directory of C:\WINDOWS\SYSTEM32\DLA\BAK

08/05/2003 11:04 PM 114,741 tfswctrl.exe
1 File(s) 114,741 bytes

Directory of C:\PROGRA~1\COMMON~1\DELL\EUSW\BAK

10/13/2005 10:26 PM 69,632 Support.exe
1 File(s) 69,632 bytes

Directory of C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\BAK

12/05/2003 08:08 PM 50,688 WkUFind.exe
1 File(s) 50,688 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

05/06/2007 03:42 PM 180,269 realsched.exe
1 File(s) 180,269 bytes

Directory of C:\PROGRA~1\COMMON~1\SONIC\UPDATE~1\BAK

08/18/2003 11:01 PM 110,592 sgtray.exe
1 File(s) 110,592 bytes

Directory of C:\PROGRA~1\HEWLET~1\PHOTOS~1\PHOTOI~1\BAK

08/14/2000 03:48 PM 32,768 Hpi_Monitor.exe
1 File(s) 32,768 bytes

Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

01/06/2006 08:35 PM 172,032 hpztsb13.exe
1 File(s) 172,032 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

14348 Jan 28 2008 "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
270336 May 2 2003 "C:\Program Files\Dell AIO Printer A920\bak\dlbkbmgr.exe"
14348 Jan 28 2008 "C:\Program Files\QuickTime\qttask.exe"
282624 Sep 1 2006 "C:\Program Files\QuickTime\bak\qttask.exe"
15360 Aug 3 2004 "C:\WINDOWS\SYSTEM32\ctfmon.exe"
15360 Aug 3 2004 "C:\WINDOWS\SYSTEM32\bak\ctfmon.exe"
14348 Jan 28 2008 "C:\WINDOWS\SYSTEM32\DSentry.exe"
28672 Aug 13 2003 "C:\WINDOWS\SYSTEM32\bak\DSentry.exe"
114688 Apr 6 2003 "C:\DRIVERS\VIDEO\HKCMD.EXE"
14348 Jan 28 2008 "C:\WINDOWS\SYSTEM32\hkcmd.exe"
77824 Sep 20 2005 "C:\WINDOWS\SYSTEM32\bak\hkcmd.exe"
114688 Apr 6 2003 "C:\WINDOWS\SYSTEM32\ReinstallBackups\0013\DriverFiles\hkcmd.exe"
14348 Jan 28 2008 "C:\WINDOWS\SYSTEM32\hphmon06.exe"
622592 Jan 6 2006 "C:\WINDOWS\SYSTEM32\bak\hphmon06.exe"
622592 Jan 6 2006 "C:\Documents and Settings\Kris\Local Settings\Temp\photosmart6.2\enu\non_net\enu\HPHmon06.exe"
14348 Jan 28 2008 "C:\WINDOWS\SYSTEM32\igfxpers.exe"
114688 Sep 20 2005 "C:\WINDOWS\SYSTEM32\bak\igfxpers.exe"
155648 Apr 6 2003 "C:\DRIVERS\VIDEO\IGFXTRAY.EXE"
14348 Jan 28 2008 "C:\WINDOWS\SYSTEM32\igfxtray.exe"
94208 Sep 20 2005 "C:\WINDOWS\SYSTEM32\bak\igfxtray.exe"
155648 Apr 6 2003 "C:\WINDOWS\SYSTEM32\ReinstallBackups\0013\DriverFiles\igfxtray.exe"
14348 Jan 28 2008 "C:\Program Files\Dell\Media Experience\PCMService.exe"
204800 Aug 26 2003 "C:\Program Files\Dell\Media Experience\bak\PCMService.exe"
14348 Jan 28 2008 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 Sep 13 2004 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
14348 Jan 28 2008 "C:\Program Files\HP\{BA2D9411-DBB4-43e4-9421-780413650A67}\hphupd06.exe"
49152 Jan 6 2006 "C:\Program Files\HP\{BA2D9411-DBB4-43e4-9421-780413650A67}\bak\hphupd06.exe"
49152 Jan 6 2006 "C:\Documents and Settings\Kris\Local Settings\Temp\photosmart6.2\enu\non_net\Patch\Uninst\HPHupd06.exe"
14348 Jan 28 2008 "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
221184 Sep 3 2003 "C:\Program Files\Intel\Modem Event Monitor\bak\IntelMEM.exe"
14348 Jan 28 2008 "C:\Program Files\McAfee\SpamKiller\MskAgent.exe"
98304 Jun 16 2004 "C:\Program Files\McAfee\SpamKiller\bak\MskAgent.exe"
14348 Jan 28 2008 "C:\Program Files\McAfee\SpamKiller\MskDetct.exe"
1083392 Aug 3 2004 "C:\Program Files\McAfee\SpamKiller\bak\MskDetct.exe"
14348 Jan 28 2008 "C:\Program Files\McAfee.com\Agent\mcagent.exe"
303104 Sep 22 2005 "C:\Program Files\McAfee.com\Agent\bak\mcagent.exe"
14348 Jan 28 2008 "C:\Program Files\McAfee.com\Agent\mcupdate.exe"
212992 Jan 11 2006 "C:\Program Files\McAfee.com\Agent\bak\mcupdate.exe"
14348 Jan 28 2008 "C:\Program Files\McAfee.com\MPS\mscifapp.exe"
249856 Sep 28 2004 "C:\Program Files\McAfee.com\MPS\bak\mscifapp.exe"
14348 Jan 28 2008 "C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe"
1005096 Nov 11 2005 "C:\Program Files\McAfee.com\Personal Firewall\bak\MpfTray.exe"
14348 Jan 28 2008 "C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe"
151552 Jul 8 2005 "C:\Program Files\McAfee.com\VSO\bak\mcmnhdlr.exe"
14348 Jan 28 2008 "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
163840 Aug 10 2005 "C:\Program Files\McAfee.com\VSO\bak\mcvsshld.exe"
14348 Jan 28 2008 "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
53248 Aug 11 2005 "C:\Program Files\McAfee.com\VSO\bak\oasclnt.exe"
14348 Jan 28 2008 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
53248 Jan 17 2006 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mmtask.exe"
14348 Jan 28 2008 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
110592 Apr 16 2006 "C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\mm_tray.exe"
135168 Jan 17 2006 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe"
14348 Jan 28 2008 "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
4670968 Mar 27 2007 "C:\Program Files\Yahoo!\Messenger\bak\YAHOOM~1.EXE"
14348 Jan 28 2008 "C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe"
114741 Aug 5 2003 "C:\Program Files\Sonic\DLA\install\tfswctrl.exe"
114741 Aug 5 2003 "C:\WINDOWS\SYSTEM32\dla\bak\tfswctrl.exe"
14348 Jan 28 2008 "C:\Program Files\Common Files\Dell\EUSW\Support.exe"
77824 May 27 2004 "C:\Program Files\Dell\Support\bin\Support.exe"
69632 Oct 13 2005 "C:\Program Files\Common Files\Dell\EUSW\bak\Support.exe"
323584 May 27 2004 "C:\Documents and Settings\All Users\Application Data\Dell\Alert\491\Support.exe"
69632 Oct 13 2005 "C:\Documents and Settings\All Users\Application Data\Dell\Alert\588\Support.exe"
14348 Jan 28 2008 "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
50688 Dec 5 2003 "C:\Program Files\Common Files\Microsoft Shared\Works Shared\bak\WkUFind.exe"
14348 Jan 28 2008 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
180269 May 6 2007 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
14348 Jan 28 2008 "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe"
110592 Aug 18 2003 "C:\Program Files\Common Files\Sonic\Update Manager\bak\sgtray.exe"
14348 Jan 28 2008 "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
32768 Aug 14 2000 "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\bak\Hpi_Monitor.exe"
14348 Jan 28 2008 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb13.exe"
172032 Jan 6 2006 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\bak\hpztsb13.exe"


end of report

Edited by lanean, 07 February 2008 - 11:40 PM.


BC AdBot (Login to Remove)

 


m

#2 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:06:57 PM

Posted 12 February 2008 - 01:07 AM

Hi,

If you still need help, please post a fresh hijackthis log and a fresh findAWF scan log (option 1)

Likely not a good idea to hook up the iphone yet -- since it will need software to run (be recognised on computer) then this is only another program that will get infected.
I don't think it will infect the iphone but the software on computer that runs it might end up broken too.

This infection replaces all your startup exes with trojans and moves the legit files to child "bak" folders.
You likely noticed most of your programs don't work -- this is why.

Anyways -- new logs and we'll see what we can do.

thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users