Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan


  • Please log in to reply
5 replies to this topic

#1 rodney h

rodney h

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:10 PM

Posted 15 February 2008 - 04:42 PM

Hi I'm rthouck, I have i trojan called FakeAlert-s.ddl. it has taken over my web page and is directing me to an antiviris web site. my isp directed me to this forum for answers. this is my first time in a forum and i'm not sure what i'm doing. I'm hoping someone can help me. Thank You.

BC AdBot (Login to Remove)

 


#2 19k

19k

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 15 February 2008 - 08:21 PM

I know what your going through and hopefully i can help you out! Ok i just recently had the same problem and i was told to download the free malwarebytes software from malwarebytes.org. i tried it and it worked, and yes it was free! i have antivirus protection also but for some reason it couldnt pick those infected files, but once i got the download then it showed me all the files that were infected and i was able to get rid of them. best of luck!

let me know how it went!

19k

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,039 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:10 PM

Posted 15 February 2008 - 10:00 PM

Hello rodney h and welcome. Please use the following instructions. (tip of the hat to Quietman7 for writing this)

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download SDFix by AndyManchesta and save it to your desktop.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Double click SDFix.exe and it will extract the files to %systemdrive%
  • (this is the drive that contains the Windows Directory, typically C:\SDFix).
  • DO NOT use it just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  • Copy and paste the contents of the results file Report.txt in your next replyalong with a new HijackThis log.
-- If this error message is displayed when running SDFix: "The command prompt has been disabled by your administrator. Press any key to continue..."
Please go to Start Menu > Run > and copy/paste the following line:
%systemdrive%\SDFix\apps\swreg IMPORT %systemdrive%\SDFix\apps\Enable_Command_Prompt.reg
Press Ok and then run SDFix again.

-- If the Command Prompt window flashes on then off again on XP or Win 2000, please go to Start Menu > Run > and copy/paste the following line:
%systemdrive%\SDFix\apps\FixPath.exe /Q
Reboot and then run SDFix again.

-- If SDFix still does not run, check the %comspec% variable. Right-click My Computer > click Properties > Advanced > Environment Variables and check that the ComSpec variable points to cmd.exe.
%SystemRoot%\system32\cmd.exe


NEXT

Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.

Click the "Close" button to leave the control center screen and exit the program.
DO NOT run yet.

Now reboot into Safe Mode:
Safe Mode Using the F8 Method (for XP)
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.


Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or the Opera browser click on that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.


Click Exit on the Main menu to close the program.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

Please ask any needed questions,post logs and Let us know how your PC in running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 rodney h

rodney h
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:10 PM

Posted 16 February 2008 - 05:50 PM

Thank You Boopme for the information on FalseAlert-8.ddl. everything seems to have worked just as explained. SuperAntiSpyware worked much better than my present software. Super found 117 virus more than my present. you asked me to post the reports but i don't know how so i pasted it here. maybe you can tell me how to post the report. Thanks again. rodney h.

SDFix: Version 1.142

Run by Owner on Fri 02/15/2008 at 10:57 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\sdfix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\IALMCOIN.DLL - Deleted



Folder C:\Program Files\Helper - Removed


Removing Temp Files...

ADS Check:



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-15 23:05:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{3B0BC518-9E0B-407C-A633-6E58B87648CA}\0000]
"SiS.3D.Func"=dword:f5640f28
"SiS.3D.AGPWC"=dword:f5641503
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Watchdog\Display]
"ShutdownCount"=dword:00000072
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application]
"Sources"=str(7):"WSH\0WMIAdapter\0WmdmPmSN\0WinMgmt\0Winlogon\0Windows Product Activation\0Windows 3.1 Migration\0WebClient\0VSS\0VBRuntime\0Userinit\0Userenv\0UploadM\0SysmonLog\0SpoolerCtrs\0Software Restriction Policies\0Software Installation\0SecurityCenter\0SclgNtfy\0SceSrv\0SceCli\0safrslv\0SAFrdms\0RPC\0Remote Assistance\0PerfProc\0PerfOS\0PerfNet\0Perfmon\0Perflib\0PerfDisk\0Perfctrs\0Offline Files\0Oakley\0ntbackup\0MSSQLSERVER/MSDE\0MSSOAP\0MsiInstaller\0MSDTC Client\0MSDTC\0MSDMine\0MpfService\0mnmsrvc\0Microsoft Office Document Imaging\0Microsoft Office 12\0Microsoft Office 10\0Microsoft H.323 Telephony Service Provider\0Microsoft Fax\0MDM\0McLogEvent\0LoadPerf\0HelpSvc\0Folder Redirection\0File Deployment\0EventSystem\0ESENT\0EAPOL\0DrWatson\0DiskQuota\0crypt32\0COM+\0COM\0Ci\0Chkdsk\0AutoEnrollment\0Autochk\0ASP.NET 1.1.4322.0\0Application Management\0Application Hang\0Application Error\0apphelp\0.NET Runtime\0Application\0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Epoch]
"Epoch"=dword:00000611
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{DAA3341B-32A2-49FA-AF66-230C771B239D}]
"Lease"=dword:0000fe8a
"LeaseObtainedTime"=dword:47b63f61
"T1"=dword:47b6bea6
"T2"=dword:47b717bc
"DhcpRetryTime"=dword:00007f43
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\W32Time\TimeProviders\NtpClient]
"SpecialPollTimeRemaining"=str(7):"time.windows.com,7a84bca\0\0\0\0\0\0\0\0\0\0\0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\{DAA3341B-32A2-49FA-AF66-230C771B239D}\Parameters\Tcpip]
"Lease"=dword:0000fe8a
"LeaseObtainedTime"=dword:47b63f61
"T1"=dword:47b6bea6
"T2"=dword:47b717bc

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"="C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe:*:Disabled:BackWeb-137903"
"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe:*:Disabled:Java™ Platform SE binary"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Fri 1 Feb 2008 196 A.SHR --- "C:\BOOT.BAK"
Sat 2 Jul 2005 0 A.SH. --- "C:\WINDOWS\SMINST\HPCD.SYS"
Fri 1 Feb 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Finished!

#5 rodney h

rodney h
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:10 PM

Posted 16 February 2008 - 05:54 PM

here is the scan results
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/16/2008 at 05:27 PM

Application Version : 3.9.1008

Core Rules Database Version : 3404
Trace Rules Database Version: 1396

Scan type : Complete Scan
Total Scan Time : 02:14:10

Memory items scanned : 172
Memory threats detected : 0
Registry items scanned : 6483
Registry threats detected : 104
File items scanned : 84969
File threats detected : 13

Trojan.Smitfraud Variant
HKLM\Software\Classes\CLSID\{747e1fbe-b70f-441d-bbca-6e536c04924a}
HKCR\CLSID\{747E1FBE-B70F-441D-BBCA-6E536C04924A}
HKCR\CLSID\{747E1FBE-B70F-441D-BBCA-6E536C04924A}\InProcServer32
HKCR\CLSID\{747E1FBE-B70F-441D-BBCA-6E536C04924A}\InProcServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\WUUAWKZ.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{747e1fbe-b70f-441d-bbca-6e536c04924a}

Trojan.Media-Codec/V4
HKLM\Software\Classes\CLSID\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}
HKCR\CLSID\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}
HKCR\CLSID\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}#xxx
HKCR\CLSID\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}\InprocServer32
HKCR\CLSID\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\NETPROJECT\SBMDL.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}
HKCR\videoPl.chl
HKCR\videoPl.chl\CLSID

Trojan.Smitfraud Variant/IE Anti-Spyware
HKLM\Software\Microsoft\Internet Explorer\Extensions\{9034A523-D068-4BE8-A284-9DF278BE776E}

Trojan.Security Toolbar
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url

Trojan.DNSChanger-Codec
HKCR\CLSID\E404.e404mgr
HKCR\CLSID\E404.e404mgr#UserId

Malware.VirusProtect
HKCR\Interface\{0979850F-6C3E-4294-B225-B3D3C4A6F2A1}
HKCR\Interface\{0979850F-6C3E-4294-B225-B3D3C4A6F2A1}\ProxyStubClsid
HKCR\Interface\{0979850F-6C3E-4294-B225-B3D3C4A6F2A1}\ProxyStubClsid32
HKCR\Interface\{0979850F-6C3E-4294-B225-B3D3C4A6F2A1}\TypeLib
HKCR\Interface\{0979850F-6C3E-4294-B225-B3D3C4A6F2A1}\TypeLib#Version
HKCR\Interface\{1BB2DA5F-B78F-44EA-BDA1-771CBE1DEC68}
HKCR\Interface\{1BB2DA5F-B78F-44EA-BDA1-771CBE1DEC68}\ProxyStubClsid
HKCR\Interface\{1BB2DA5F-B78F-44EA-BDA1-771CBE1DEC68}\ProxyStubClsid32
HKCR\Interface\{1BB2DA5F-B78F-44EA-BDA1-771CBE1DEC68}\TypeLib
HKCR\Interface\{1BB2DA5F-B78F-44EA-BDA1-771CBE1DEC68}\TypeLib#Version
HKCR\Interface\{2A4E73C5-BA3C-4391-B7E5-FFE8D3BD6245}
HKCR\Interface\{2A4E73C5-BA3C-4391-B7E5-FFE8D3BD6245}\ProxyStubClsid
HKCR\Interface\{2A4E73C5-BA3C-4391-B7E5-FFE8D3BD6245}\ProxyStubClsid32
HKCR\Interface\{2A4E73C5-BA3C-4391-B7E5-FFE8D3BD6245}\TypeLib
HKCR\Interface\{2A4E73C5-BA3C-4391-B7E5-FFE8D3BD6245}\TypeLib#Version
HKCR\Interface\{44A923CA-F430-4F85-9F84-5153ECDB882E}
HKCR\Interface\{44A923CA-F430-4F85-9F84-5153ECDB882E}\ProxyStubClsid
HKCR\Interface\{44A923CA-F430-4F85-9F84-5153ECDB882E}\ProxyStubClsid32
HKCR\Interface\{44A923CA-F430-4F85-9F84-5153ECDB882E}\TypeLib
HKCR\Interface\{44A923CA-F430-4F85-9F84-5153ECDB882E}\TypeLib#Version
HKCR\Interface\{4E6E21EC-9D72-4164-8A53-74786A467872}
HKCR\Interface\{4E6E21EC-9D72-4164-8A53-74786A467872}\ProxyStubClsid
HKCR\Interface\{4E6E21EC-9D72-4164-8A53-74786A467872}\ProxyStubClsid32
HKCR\Interface\{4E6E21EC-9D72-4164-8A53-74786A467872}\TypeLib
HKCR\Interface\{4E6E21EC-9D72-4164-8A53-74786A467872}\TypeLib#Version
HKCR\Interface\{631E9E48-B066-43DA-92AC-6DADF61B173B}
HKCR\Interface\{631E9E48-B066-43DA-92AC-6DADF61B173B}\ProxyStubClsid
HKCR\Interface\{631E9E48-B066-43DA-92AC-6DADF61B173B}\ProxyStubClsid32
HKCR\Interface\{631E9E48-B066-43DA-92AC-6DADF61B173B}\TypeLib
HKCR\Interface\{631E9E48-B066-43DA-92AC-6DADF61B173B}\TypeLib#Version
HKCR\Interface\{65C1361C-E696-4AF0-9E21-81910193F352}
HKCR\Interface\{65C1361C-E696-4AF0-9E21-81910193F352}\ProxyStubClsid
HKCR\Interface\{65C1361C-E696-4AF0-9E21-81910193F352}\ProxyStubClsid32
HKCR\Interface\{65C1361C-E696-4AF0-9E21-81910193F352}\TypeLib
HKCR\Interface\{65C1361C-E696-4AF0-9E21-81910193F352}\TypeLib#Version
HKCR\Interface\{77DCE805-C8CE-48AA-A47F-BFA6CC7704B3}
HKCR\Interface\{77DCE805-C8CE-48AA-A47F-BFA6CC7704B3}\ProxyStubClsid
HKCR\Interface\{77DCE805-C8CE-48AA-A47F-BFA6CC7704B3}\ProxyStubClsid32
HKCR\Interface\{77DCE805-C8CE-48AA-A47F-BFA6CC7704B3}\TypeLib
HKCR\Interface\{77DCE805-C8CE-48AA-A47F-BFA6CC7704B3}\TypeLib#Version
HKCR\Interface\{8D42769F-07D8-494D-AAB4-AA1652C541FA}
HKCR\Interface\{8D42769F-07D8-494D-AAB4-AA1652C541FA}\ProxyStubClsid
HKCR\Interface\{8D42769F-07D8-494D-AAB4-AA1652C541FA}\ProxyStubClsid32
HKCR\Interface\{8D42769F-07D8-494D-AAB4-AA1652C541FA}\TypeLib
HKCR\Interface\{8D42769F-07D8-494D-AAB4-AA1652C541FA}\TypeLib#Version
HKCR\Interface\{A1922071-390C-418D-916D-91209E95D286}
HKCR\Interface\{A1922071-390C-418D-916D-91209E95D286}\ProxyStubClsid
HKCR\Interface\{A1922071-390C-418D-916D-91209E95D286}\ProxyStubClsid32
HKCR\Interface\{A1922071-390C-418D-916D-91209E95D286}\TypeLib
HKCR\Interface\{A1922071-390C-418D-916D-91209E95D286}\TypeLib#Version
HKCR\Interface\{A1F8CD95-CFB3-43D1-A956-63441CC058C1}
HKCR\Interface\{A1F8CD95-CFB3-43D1-A956-63441CC058C1}\ProxyStubClsid
HKCR\Interface\{A1F8CD95-CFB3-43D1-A956-63441CC058C1}\ProxyStubClsid32
HKCR\Interface\{A1F8CD95-CFB3-43D1-A956-63441CC058C1}\TypeLib
HKCR\Interface\{A1F8CD95-CFB3-43D1-A956-63441CC058C1}\TypeLib#Version
HKCR\Interface\{A63B46AD-96A7-4A2C-BD8F-8CD097E1593A}
HKCR\Interface\{A63B46AD-96A7-4A2C-BD8F-8CD097E1593A}\ProxyStubClsid
HKCR\Interface\{A63B46AD-96A7-4A2C-BD8F-8CD097E1593A}\ProxyStubClsid32
HKCR\Interface\{A63B46AD-96A7-4A2C-BD8F-8CD097E1593A}\TypeLib
HKCR\Interface\{A63B46AD-96A7-4A2C-BD8F-8CD097E1593A}\TypeLib#Version
HKCR\Interface\{A65F98DD-2360-468C-B76E-B1B84C0D547C}
HKCR\Interface\{A65F98DD-2360-468C-B76E-B1B84C0D547C}\ProxyStubClsid
HKCR\Interface\{A65F98DD-2360-468C-B76E-B1B84C0D547C}\ProxyStubClsid32
HKCR\Interface\{A65F98DD-2360-468C-B76E-B1B84C0D547C}\TypeLib
HKCR\Interface\{A65F98DD-2360-468C-B76E-B1B84C0D547C}\TypeLib#Version
HKCR\Interface\{AE2AEED0-BE1B-4BA2-826E-20D1991081B8}
HKCR\Interface\{AE2AEED0-BE1B-4BA2-826E-20D1991081B8}\ProxyStubClsid
HKCR\Interface\{AE2AEED0-BE1B-4BA2-826E-20D1991081B8}\ProxyStubClsid32
HKCR\Interface\{AE2AEED0-BE1B-4BA2-826E-20D1991081B8}\TypeLib
HKCR\Interface\{AE2AEED0-BE1B-4BA2-826E-20D1991081B8}\TypeLib#Version
HKCR\Interface\{D7F73787-6206-4BBA-BDC0-7CFA9940DBCB}
HKCR\Interface\{D7F73787-6206-4BBA-BDC0-7CFA9940DBCB}\ProxyStubClsid
HKCR\Interface\{D7F73787-6206-4BBA-BDC0-7CFA9940DBCB}\ProxyStubClsid32
HKCR\Interface\{D7F73787-6206-4BBA-BDC0-7CFA9940DBCB}\TypeLib
HKCR\Interface\{D7F73787-6206-4BBA-BDC0-7CFA9940DBCB}\TypeLib#Version
HKCR\Interface\{E770F739-2968-4ED9-A63C-DC1938DC82A2}
HKCR\Interface\{E770F739-2968-4ED9-A63C-DC1938DC82A2}\ProxyStubClsid
HKCR\Interface\{E770F739-2968-4ED9-A63C-DC1938DC82A2}\ProxyStubClsid32
HKCR\Interface\{E770F739-2968-4ED9-A63C-DC1938DC82A2}\TypeLib
HKCR\Interface\{E770F739-2968-4ED9-A63C-DC1938DC82A2}\TypeLib#Version

Rogue.VirusHeat
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\fkzagEqAsjyu
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\InProcServer32
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\InProcServer32#ThreadingModel
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\utkUffo
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\xUqWt
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\YkbadjtoP
HKCR\CLSID\{E94EB13E-D78F-0857-7734-5E67A49FFFF1}\zxVwlXlt
C:\Program Files\VirusHeat 3.9

Trojan.Unknown Origin
C:\PROGRAM FILES\NETPROJECT\OT.ICO
C:\PROGRAM FILES\NETPROJECT\TS.ICO

Trojan.Media-Codec/V5
C:\PROGRAM FILES\NETPROJECT\SBMNTR.EXE
C:\PROGRAM FILES\NETPROJECT\SBSM.EXE
C:\PROGRAM FILES\NETPROJECT\SCIT.EXE
C:\PROGRAM FILES\NETPROJECT\SCM.EXE
C:\PROGRAM FILES\NETPROJECT\SCU.EXE
C:\PROGRAM FILES\NETPROJECT\WAUN.EXE

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,039 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:10 PM

Posted 16 February 2008 - 09:08 PM

You're welcome. You did well. How is the Computer now. Normal speeed ,no popups or Page redirects? You have removed a lot of nasty there.
Tell me what Antivirus and spyware tools you have,also which firewall you use,thanks.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users