Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trogan.in-t-e-r-n-e-t


  • Please log in to reply
11 replies to this topic

#1 xsuzme

xsuzme

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 17 March 2008 - 11:18 AM

I had all kinds of bad stuff on this computer got rid of almost all but had trouble getting rid of this last one. Is there anyway someone can look at my combofix log and tell me what you think. Before I ran combo fix i was getting mass pop-ups not getting any now. Thanks

BC AdBot (Login to Remove)

 


m

#2 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 17 March 2008 - 01:03 PM

Hi; it would be helpful to know which windows version you are using, what antivirus program and other protection programs you have already run?

ONLY post the Combofix log IF an expert on here requests it as this tool is NOT for unsupervised use
also who suggested you run a combo fix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

please read the disclaimer about half way down the page


please advise what symptoms the computer was/is displaying and, to avoid duplication of advise, what you have so far done to try to clean the computer
what has so far been found ON it infection- wise?

of interest, do you do any P2P stuff on there?

#3 xsuzme

xsuzme
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 17 March 2008 - 02:29 PM

Running norton antivirus 10. Which now Auto-Protect won't enable. I have used spybot S&D Norton Spyware Scan AD-Aware to clean what they could. Had to use Lspfix to fix my internet cause this nasty infection messed up the Lsp Winsock. Running XP Service Pack 2. One thing i notice is that it seems to take like 5 mins for the desktop to come up after entering the password. but like I said I was able to remove most if not all infections (at lease I Think) Just was wondering if I could get someone to look at that Combofix Log I not a wiz at reading that one. Couldn't tell you all the infections i just let the programs get rid of them. No P2P on this system. I ran Combofix on my own and have in the past with success, with all the pop-ups couldn't stay on one site. since ran that not 1 pop-up Thanks for all your help

Edited by xsuzme, 17 March 2008 - 02:35 PM.


#4 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 17 March 2008 - 04:40 PM

could you run a couple of scans and let us have THEIR reports?
try superantispyware
http://www.superantispyware.com/superantis...efreevspro.html

its exe is
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE


and asquared FREE

http://www.emsisoft.com/en/software/free/
its exe is
http://download6.emsisoft.com/a2FreeSetup.exe

please download each, fully update the definitions, reboot into safe mode if it will let you and run a full deep scan with each

tehy will produce reports which it would be helpful to post on here for others to see

this forum does NOT request a Combofix log to be posted unless requested NOR to actually RUN the program unsupervised due to its partucular actions of performance which need supervision to run;; you CAN do far more harm than good BY runnign it unrequested and unsupervised by a TRAINED expert

let us know what those scans produce? they CAN take a while to run so let 'em and tell us what they find?

#5 xsuzme

xsuzme
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 17 March 2008 - 08:41 PM

here are the logs you requested

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/17/2008 at 06:34 PM

Application Version : 4.0.1154

Core Rules Database Version : 3420
Trace Rules Database Version: 1412

Scan type : Complete Scan
Total Scan Time : 00:36:12

Memory items scanned : 163
Memory threats detected : 0
Registry items scanned : 4949
Registry threats detected : 1
File items scanned : 12415
File threats detected : 27

Adware.AdSponsor/ISM
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{1BAC9A2A-4755-43c3-A430-D3512C5B8A4E}

Adware.Tracking Cookie
C:\Documents and Settings\Home1\Cookies\home1@adrevolver[2].txt
C:\Documents and Settings\Home1\Cookies\home1@hornymatches[2].txt
C:\Documents and Settings\Home1\Cookies\home1@ads.pointroll[1].txt
C:\Documents and Settings\Home1\Cookies\home1@rotator.adjuggler[2].txt
C:\Documents and Settings\Home1\Cookies\home1@mediaplex[1].txt
C:\Documents and Settings\Home1\Cookies\home1@ad.yieldmanager[1].txt
C:\Documents and Settings\Home1\Cookies\home1@adinterax[1].txt
C:\Documents and Settings\Home1\Cookies\home1@revsci[2].txt
C:\Documents and Settings\Home1\Cookies\home1@richmedia.yahoo[2].txt
C:\Documents and Settings\Home1\Cookies\home1@atdmt[2].txt
C:\Documents and Settings\Home1\Cookies\home1@media.adrevolver[1].txt
C:\Documents and Settings\Home1\Cookies\home1@ads.bleepingcomputer[2].txt
C:\Documents and Settings\Home1\Cookies\home1@advertising[1].txt
C:\Documents and Settings\Home1\Cookies\home1@bluestreak[2].txt
C:\Documents and Settings\Home1\Cookies\home1@doubleclick[1].txt
C:\Documents and Settings\Home1\Cookies\home1@tribalfusion[2].txt
C:\Documents and Settings\Home1\Cookies\home1@statcounter[1].txt
C:\Documents and Settings\Home1\Cookies\home1@adopt.euroclick[2].txt
C:\Documents and Settings\Home1\Cookies\home1@questionmarket[1].txt

Unclassified.Unknown Origin
C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\BACKUPS\BACKUP-20071201-164856-483.DLL
C:\WINDOWS\SG9TZQ\COMMAND.EXE

Adware.ClickSpring
C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\BACKUPS\BACKUP-20071202-191923-255.DLL

Adware.Adservs
C:\WINDOWS\SG9TZQ\ASAPPSRV.DLL
C:\WINDOWS\SYSTEM32\FXTMP\V32API.EXE

Trojan.Unknown Origin
C:\WINDOWS\SG9TZQ\M36QTK.VBS

Rogue.Unclassified/Loader
C:\WINDOWS\SYSTEM32\MGMRWMRV.EXE

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\NQSTV.INI


a-squared Free - Version 3.1
Last update: 3/17/2008 5:47:35 PM

Scan settings:

Objects: Memory, Traces, Cookies, C:\, H:\, I:\, J:\, K:\, N:\
Scan archives: On
Heuristics: On
ADS Scan: On

Scan start: 3/17/2008 6:49:04 PM

Key: HKEY_CURRENT_USER\software\kazaa detected: Trace.Registry.KaZaA
c:\documents and settings\all users\start menu\programs\the weather channel detected: Trace.Directory.Desktop Weather
c:\documents and settings\all users\start menu\programs\the weather channel\desktop weather detected: Trace.Directory.Desktop Weather
c:\program files\the weather channel fw detected: Trace.Directory.Desktop Weather
c:\program files\the weather channel fw\desktop weather detected: Trace.Directory.Desktop Weather
c:\program files\the weather channel fw\framework detected: Trace.Directory.Desktop Weather
c:\program files\gamespy arcade detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\addins detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\cstrike detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\cstrike\frontline detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\halflife detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\halflife\action detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\halflife\cstrike detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\halflife\firearms detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\halflife\frontline detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\halflife\gearbox detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\halflife\tfc detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake2 detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake2\aq2 detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake2\battle detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake2\chaosdm detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake2\duel detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake2\freeze detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake2\gloom detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake2\gxmod detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake2\holywars detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake2\jail detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake2\kots detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake2\lfiredm detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake2\lithium2 detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake2\lmctf detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake2\pball detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake2\q2comp detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake2\qpong detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake2\ra2 detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake2\requiem detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake2\sconfig detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake2\tourney detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake2\wf detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake2\wod detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake3 detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake3\alliance detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake3\beryllium detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake3\excessive detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake3\instagib detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake3\jailbreak detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake3\matchmod detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake3\osp detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake3\q3comp detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake3\q3f detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake3\q3ut2 detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake3\requiem detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake3\rocketarena3 detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\quake3\wfa detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\tribes detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\tribes\arena detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\tribes\ch detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\tribes\ctf detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\tribes\ctfb detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\tribes\ctfplus detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\tribes\dd detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\tribes\dm detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\tribes\duel detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\tribes\fr detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\tribes\mt detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\tribes\open cal detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\tribes\rpg detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\tribes\tac detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\ut detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\ut\excessive detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\ut\rocketarena detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\custom\ut\swat detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\images detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\images\icons detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\images\portraits detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\profiles detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\profiles\(default) detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\services detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\services\_common detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\services\_demospy detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\services\_fplanet detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\services\_gnews detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\services\_gspyder detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\services\_news detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\services\_support detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\skins detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\sounds detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\sounds\(default) detected: Trace.Directory.GameSpy Arcade
c:\program files\gamespy arcade\sounds\classic detected: Trace.Directory.GameSpy Arcade
c:\documents and settings\home1\start menu\programs\gamespy arcade detected: Trace.Directory.GameSpy Arcade
c:\documents and settings\all users\start menu\programs\the weather channel\desktop weather\help.lnk detected: Trace.File.Desktop Weather
c:\documents and settings\all users\start menu\programs\the weather channel\desktop weather\settings.lnk detected: Trace.File.Desktop Weather
c:\documents and settings\all users\start menu\programs\the weather channel\desktop weather\the weather channel desktop.lnk detected: Trace.File.Desktop Weather
c:\documents and settings\home1\desktop\the weather channel desktop.lnk detected: Trace.File.Desktop Weather
c:\program files\the weather channel fw\desktop weather\desktopweather.exe detected: Trace.File.Desktop Weather
c:\program files\the weather channel fw\desktop weather\eula.html detected: Trace.File.Desktop Weather
c:\program files\the weather channel fw\desktop weather\install.log detected: Trace.File.Desktop Weather
c:\program files\the weather channel fw\desktop weather\theweatherchannelcustomuninstall.exe detected: Trace.File.Desktop Weather
c:\program files\the weather channel fw\framework\install.log detected: Trace.File.Desktop Weather
c:\program files\the weather channel fw\framework\theweatherchannelne.exe detected: Trace.File.Desktop Weather
c:\program files\the weather channel fw\framework\theweatherchannelqc.exe detected: Trace.File.Desktop Weather
c:\program files\the weather channel fw\framework\theweatherchannelqx.exe detected: Trace.File.Desktop Weather
c:\program files\the weather channel fw\framework\theweatherchannelsetup.exe detected: Trace.File.Desktop Weather
c:\program files\the weather channel fw\framework\theweatherchannelslnchr.exe detected: Trace.File.Desktop Weather
c:\program files\the weather channel fw\framework\theweatherchannelupdate.exe detected: Trace.File.Desktop Weather
c:\program files\the weather channel fw\framework\wiseinstallutility.dll detected: Trace.File.Desktop Weather
c:\program files\the weather channel fw\framework\wxfw.cpl detected: Trace.File.Desktop Weather
c:\program files\the weather channel fw\framework\wxfw.dll detected: Trace.File.Desktop Weather
c:\program files\gamespy arcade\4dca9208.dat detected: Trace.File.GameSpy Arcade
c:\program files\gamespy arcade\aphex.exe detected: Trace.File.GameSpy Arcade
c:\program files\gamespy arcade\arcres.dll detected: Trace.File.GameSpy Arcade
c:\program files\gamespy arcade\dat.bmp detected: Trace.File.GameSpy Arcade
c:\program files\gamespy arcade\def_banner.gif detected: Trace.File.GameSpy Arcade
c:\program files\gamespy arcade\def_banner.html detected: Trace.File.GameSpy Arcade
c:\program files\gamespy arcade\def_bannerbg.jpg detected: Trace.File.GameSpy Arcade
c:\program files\gamespy arcade\def_loading.gif detected: Trace.File.GameSpy Arcade
c:\program files\gamespy arcade\def_logo.jpg detected: Trace.File.GameSpy Arcade
c:\program files\gamespy arcade\def_news.html detected: Trace.File.GameSpy Arcade
c:\program files\gamespy arcade\fpupdate.exe detected: Trace.File.GameSpy Arcade
c:\program files\gamespy arcade\gamespy arcade - debug.lnk detected: Trace.File.GameSpy Arcade
c:\program files\gamespy arcade\gamespy arcade help.url detected: Trace.File.GameSpy Arcade
c:\program files\gamespy arcade\gamespy arcade website.url detected: Trace.File.GameSpy Arcade
c:\program files\gamespy arcade\gamespy arcade.lnk detected: Trace.File.GameSpy Arcade
c:\program files\gamespy arcade\gamespy.com gaming's homepage.url detected: Trace.File.GameSpy Arcade
c:\program files\gamespy arcade\gsapak.exe detected: Trace.File.GameSpy Arcade
c:\program files\gamespy arcade\gslan.dll detected: Trace.File.GameSpy Arcade
c:\program files\gamespy arcade\gsws.dll detected: Trace.File.GameSpy Arcade
c:\program files\gamespy arcade\install.log detected: Trace.File.GameSpy Arcade
c:\program files\gamespy arcade\pw32.dll detected: Trace.File.GameSpy Arcade
c:\program files\gamespy arcade\readme.html detected: Trace.File.GameSpy Arcade
c:\program files\gamespy arcade\register gamespy arcade.url detected: Trace.File.GameSpy Arcade
c:\program files\gamespy arcade\rptcrash.exe detected: Trace.File.GameSpy Arcade
c:\program files\gamespy arcade\services\_news\rsrc.dir detected: Trace.File.GameSpy Arcade
c:\program files\gamespy arcade\services\_news\service_tab.psd detected: Trace.File.GameSpy Arcade
c:\program files\gamespy arcade\services\_news\service_tab+.tga detected: Trace.File.GameSpy Arcade
c:\program files\gamespy arcade\services\_support\rsrc.dir detected: Trace.File.GameSpy Arcade
c:\program files\gamespy arcade\services\_support\service_tab.psd detected: Trace.File.GameSpy Arcade
c:\program files\gamespy arcade\ws_default.html detected: Trace.File.GameSpy Arcade
Value: HKEY_CURRENT_USER\Software\The Weather Channel\Apps\{04484283-6CDE-4374-A939-AB50B2481621} --> InstallDir detected: Trace.Registry.Desktop Weather
Value: HKEY_CURRENT_USER\Software\The Weather Channel\Apps\{04484283-6CDE-4374-A939-AB50B2481621} --> Version detected: Trace.Registry.Desktop Weather
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\The Weather Channel Desktop --> DisplayName detected: Trace.Registry.Desktop Weather
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\The Weather Channel Desktop --> UninstallString detected: Trace.Registry.Desktop Weather
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services --> DisplayName detected: Trace.Registry.Desktop Weather
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services --> UninstallString detected: Trace.Registry.Desktop Weather
Value: HKEY_CURRENT_USER\Software\GameSpy\GameSpy Arcade --> InstDir detected: Trace.Registry.GameSpy Arcade
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GameSpy Arcade --> DisplayName detected: Trace.Registry.GameSpy Arcade
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GameSpy Arcade --> UninstallString detected: Trace.Registry.GameSpy Arcade
C:\Documents and Settings\Home1\Cookies\home1@com[2].txt detected: Trace.TrackingCookie
C:\Documents and Settings\Home1\Desktop\ducsetup.exe detected: Email-Worm.Win32.Runouce.b
C:\Documents and Settings\Home1\My Documents\My Music\NFSProStreet_Demo.exe detected: Trojan.RAR.KillFiles.b
C:\QooBox\Quarantine\C\Documents and Settings\Home1\My Documents\MCROSO~1.NET\ѕervices.exe.vir detected: Adware.Win32.PurityScan.gw
C:\QooBox\Quarantine\C\Program Files\Common Files\CROSOF~1.NET\explorer.exe.vir detected: Trojan-Downloader.Win32.Agent.kwg
C:\QooBox\Quarantine\C\Program Files\Common Files\mevo555077.dll.vir detected: Adware.Win32.TTC.a
C:\QooBox\Quarantine\C\WINDOWS\system32\rfplgqyq.dll.vir detected: Adware.Win32.PurityScan.gv
C:\QooBox\Quarantine\catchme2008-03-17_103947.76.zip/hsfdpsp22.sys detected: Rootkit.Win32.Agent.to
C:\WINDOWS\quit.exe detected: Trojan-Downloader.Win32.VB.cym
K:\Programs\Radmin_Remote_Administrator_Ver.2.2\RADMIN22.EXE detected: Riskware.RemoteAdmin.Win32.RAdmin.20
K:\Programs\_Programs_-_Invision.2.0b3515.mIRC6.14&keygen+instructions.{.rar/mirc.exe detected: Riskware.Client-IRC.Win32.mIRC.12
K:\Programs\_Programs_-_Invision.2.0b3515.mIRC6.14&keygen+instructions.{.rar/mirc614.exe detected: Riskware.Client-IRC.Win32.mIRC.614

Scanned

Files: 133715
Traces: 170995

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:05 PM

Posted 17 March 2008 - 09:21 PM

How is your PC running now? You should also run another scan.

Please download Malwarebytes Anti-Malwareand save it to your desktop.
alternate download link
Double-click on Download_mbam-setup.exe to install the application. (If using Windows Vista, be sure to "Run As Administrator")
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish
.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
On the Scanner tab:
Make sure the "Perform Quick Acan" option is selected.
Then click on the Scan button.

The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process and, if asked to restart the computer, please do so immediately.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 xsuzme

xsuzme
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 17 March 2008 - 09:49 PM

Here is the log you requested

Malwarebytes' Anti-Malware 1.08
Database version: 499

Scan type: Quick Scan
Objects scanned: 29734
Time elapsed: 3 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\winfrun32.bin (Malware.Trace) -> Quarantined and deleted successfully.


still takes forever to log into the system just hangs after you input username and password

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:05 PM

Posted 17 March 2008 - 09:58 PM

Let's clear out some other things and see what happens.

Please download ATF Cleaner by Atribune. (This program is for XP and Windows 2000 only)Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 xsuzme

xsuzme
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 17 March 2008 - 10:27 PM

did that ----- still no help with logging in ---- also my antivirus is broke Auto-Protect won't enable

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:05 PM

Posted 17 March 2008 - 10:37 PM

What is that Antivirus program? also this is an XP machine and do you have Spybot installed/
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 xsuzme

xsuzme
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 17 March 2008 - 11:03 PM

Norton Antivirus Corp 10.0.1.1000

Yes Spybot S&D is installed

Edited by xsuzme, 18 March 2008 - 04:17 PM.


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:05 PM

Posted 18 March 2008 - 10:16 PM

Hello sorry to take so long to get back, but I was looking at a few of the malwares picked up. Some of these are quite dangerous... mIRC.614... Rootkit.Win32.Agent.to .. and some others.
Although they were removed thesemalwares can hide and are security risks.
I fell it is best to post in the HiJackThis forum and have the experts in there make certain there are no traces of these things. This may also be the cause of the slowness as perhaps they are loading things at start up.

Please use these instructions, You may move to step 9 now.
Preparation Guide for use before posting a HijackThis Log
Create the log and give it a descriptive topic (eg mIRC and rootkit).
Then post that log in this forum HijackThis Logs and Malware Removal..NOT here please.

Also post the complete log,top to bottom.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users