Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help I'm Infected: Trojandownloader.xs 180solutions And Tx4


  • Please log in to reply
3 replies to this topic

#1 DaisyRaeGirl

DaisyRaeGirl

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 18 March 2008 - 04:49 PM

Hello all. I have received notice from Windows Security Center that I have a possible spyware infection. Guaranteed I have something going on.
Threats that have popped up:
TrojanDownlaoder.XS
180Solutions
2nd Thought

My browser keeps getting hijacked by Internet Speed Monitor and OuterInfo

I have ran Spy Bot, Adware, Avast Antivirus-no infected files. Then ran Hijack This and saved the logfile and then ran Combofix, also saved the logfile.

Now I have a blank screen, no icons, no start menu--nothing, with the exception of a pop up from Spy Bot saying: Search & Destroy has detected an important registry entry that has been changed. Browser Helper Object. Value delted. Entry: {5dafd089-4c5e-bd42-8ca72550717b} with the option to choose "allow change" or Deny Change and Deny Change will not highlight. On the occassion IE will pop up by my hijacked browswer and then a new Threat is detected by Windows Security Center.

Also, ctrl alt delete does not work, saying that it is blocked by the administrator!

I am running Windows XP Home Edition with SP2.

Thanks,

Daisy

Edited by DaisyRaeGirl, 18 March 2008 - 04:52 PM.


BC AdBot (Login to Remove)

 


m

#2 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 18 March 2008 - 05:51 PM

Hi and welcom :thumbsup:
You say you have run a combofix; was this under the instructions of a trained computer expert as this tool is NOT recommended for unsupervised use as it says in the tool's disclaimer

may one ask what you CAN do with the computer and if you have your XP cd available with licence key ?

will it let you download any programs or is that now impossible?

IF you CAN can you try the FREE superantispyware


http://www.superantispyware.com/superantis...efreevspro.html

its exe is http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

itif it will let you , fully update it, reboot and run on a full deep scan and post the log IT produces

#3 DaisyRaeGirl

DaisyRaeGirl
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 19 March 2008 - 03:36 PM

Hello and thank you for your time. I ran combofix after being told by another technical rep, but I'm starting over on this forum as it did not work. No, I do not have XP Cd, nor do I think it came with one, I believe the harddrive was partitioned with this, so no cds came with it. I've looked in all of my paperwork and cannot find the license key, but i do have a license key for my laptop, but that is being used now to email you, etc and still active.

Yes, I was able to download superantispyware, fully update it, rebooted and ran a full deep scan, rebooted and opened the log and saved it. My screen is somewhat back now, still not with my original desktop background, but my icons are back, but Windows Security Center is still saying it has detected malware. Here is the log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 03/19/2008 at 02:11 PM
Application Version : 4.0.1154
Core Rules Database Version : 3421
Trace Rules Database Version: 1404
Scan type : Complete Scan
Total Scan Time : 00:29:43
Memory items scanned : 604
Memory threats detected : 0
Registry items scanned : 6103
Registry threats detected : 8
File items scanned : 16708
File threats detected : 9
Transponder Variant BHO
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}
Unclassified.Unknown Origin
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}
Adware.2020Search
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}
Adware.180solutions/SurfAssistant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}
Adware.Second Thought
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}
Adware.Tracking Cookie
C:\Documents and Settings\Melonie Dickey CEO\Cookies\melonie dickey ceo@adserver[1].txt
C:\Documents and Settings\Melonie Dickey CEO\Cookies\melonie dickey ceo@ad.yieldmanager[1].txt
C:\Documents and Settings\Melonie Dickey CEO\Cookies\melonie dickey ceo@oddcast[2].txt
C:\Documents and Settings\Melonie Dickey CEO\Cookies\melonie dickey ceo@vhost.oddcast[2].txt
C:\Documents and Settings\Melonie Dickey CEO\Cookies\melonie dickey ceo@revsci[1].txt
Adware.AdSponsor/ISM
HKU\S-1-5-21-3007018371-3662614401-2287279173-1006\Software\QdrModule
HKU\S-1-5-21-3007018371-3662614401-2287279173-1006\Software\QdrPack
Adware.180solutions/ZangoSearch
C:\SYSTEM VOLUME INFORMATION\_RESTORE{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP280\A0022250.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP280\A0022251.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP280\A0022252.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{400587B0-8271-42FB-9D8B-7E2D9247E9C7}\RP280\A0022253.DLL

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,701 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:47 AM

Posted 22 March 2008 - 03:33 PM

Hello DaisyRaeGirl,

Given the presence of OuterInfo on the system, I would suggest following the steps in this guide. If you can't do a step, skip it and go on to the next. Then create an HJT log, you will find the directions in step 9 of the guide.

Create a new topic in this forum, not here and give it a good descriptive title. Briefly summarize what the problems are, what you have done to try to solve it, and what worked and didn't work and paste in your HJT log. Also, include the link to this thread and say that we sent you there.

After you post your log, DO NOT make any further changes to your computer: deleting files, editing the registry, using special fix tools, installing or uninstalling software etc. as this will make it more difficult for the HJT team to help you.

Please be patient as the HJT team is very busy. DO NOT bump your log as the team may think that someone is already helping you. If you have not had a response in five days, add a response to the five days no response topic and paste in the link to your thread.

When you have posted your log, please paste in the URL to your new thread so we know the HJT Team is helping you.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users