Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde? Pop Up Problem, Hjt Log Included - All Help Will Be Much Appreciated


  • This topic is locked This topic is locked
8 replies to this topic

#1 BIG_JOE_(UK)

BIG_JOE_(UK)

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:06:05 AM

Posted 02 April 2008 - 03:07 PM

Hi guys, in desperate need of some help here,

My problem is that i keep getting pop ups when browsing the web, also my privacy setting (in Internet Explorer tools) keeps turning down to "Allow all cookies", this might be part of the problem im not sure.

Also i have had my computer turn itself off on 3 occasions now just out of the blue!

A sybot search and destroy scan said i had "Virtumonde" but i cannot get rid of it!!

All help will much appreciated and im willing to donote if you could help me get thius annoying problem fixed !!!

Below is a HJT log





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:00:39, on 02/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
D:\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
D:\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
D:\iTunes\iTunesHelper.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
D:\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
D:\MICROS~3\GAMECO~1\common\swtrayv4.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Microsoft AntiSpyware\gcasDtServ.exe
D:\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smokeriders.co.uk/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [Windows Defender] "D:\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SideWinderTrayV4] d:\MICROS~3\GAMECO~1\common\swtrayv4.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [gcasServ] "D:\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SmcService] D:\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [5449be55] rundll32.exe "C:\WINDOWS\system32\gowollmr.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1196528841906
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196540396921
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - d:\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - d:\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Sygate\SPF\smc.exe

--
End of file - 8524 bytes

BC AdBot (Login to Remove)

 


#2 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:05 AM

Posted 03 April 2008 - 09:49 AM

Hello and welcome to BleepingComputer. :thumbsup:

Please follow the instructions for running ComboFix here and post back with the log.

Cheers.
Hi there, stranger!

#3 BIG_JOE_(UK)

BIG_JOE_(UK)
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:06:05 AM

Posted 04 April 2008 - 11:54 AM

Hi there, thanks for the response, below is the log for combofix,


ComboFix 08-04-03.3 - Scott 2008-04-04 11:32:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.564 [GMT 1:00]
Running from: C:\Documents and Settings\Scott\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM577a8dc9.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cMpVycdd.ini
C:\WINDOWS\system32\cMpVycdd.ini2
C:\WINDOWS\system32\ddcyVpMc.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SZKG5


((((((((((((((((((((((((( Files Created from 2008-03-04 to 2008-04-04 )))))))))))))))))))))))))))))))
.

2008-04-02 20:01 . 2008-04-03 11:36 414 ---hs---- C:\WINDOWS\system32\rmllowog.ini
2008-04-02 16:23 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-04-02 16:23 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-04-02 16:23 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-04-02 16:23 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-04-02 16:23 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-04-02 16:23 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-04-02 16:23 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-04-02 15:27 . 2008-04-02 16:31 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-04-01 22:18 . 2008-04-01 22:18 <DIR> d-------- C:\VundoFix Backups
2008-04-01 22:06 . 2008-04-01 22:06 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-04-01 20:02 . 2008-04-01 20:03 1,074 ---hs---- C:\WINDOWS\system32\pxhinqgq.ini
2008-03-31 22:08 . 2008-04-01 22:06 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-03-31 20:07 . 2008-03-31 20:07 <DIR> d-------- C:\Documents and Settings\Scott\Application Data\Grisoft
2008-03-31 20:07 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-31 20:06 . 2008-03-31 20:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-31 20:02 . 2008-04-01 17:48 1,014 ---hs---- C:\WINDOWS\system32\kkpltarx.ini
2008-03-31 19:54 . 2001-05-22 23:45 45,056 --a------ C:\WINDOWS\PANIC32.dll
2008-03-31 19:54 . 2001-09-16 11:44 40,960 --a------ C:\WINDOWS\PANICNT.dll
2008-03-31 16:55 . 2008-03-31 16:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-03-31 16:54 . 2008-03-31 16:54 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-03-31 16:54 . 2008-03-31 19:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-03-30 22:20 . 2008-03-30 22:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-30 19:58 . 2008-03-31 19:59 594 ---hs---- C:\WINDOWS\system32\sthsmsby.ini
2008-03-29 14:18 . 2008-03-31 17:15 <DIR> d-------- C:\Program Files\Bonjour
2008-03-26 15:34 . 2008-03-27 00:55 <DIR> d-------- C:\Documents and Settings\Scott\Application Data\LimeWire
2008-03-25 23:29 . 2008-02-22 03:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-25 23:28 . 2008-03-26 15:58 <DIR> d-------- C:\Program Files\Java
2008-03-25 23:23 . 2008-03-25 23:23 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-25 20:53 . 2008-03-25 20:56 <DIR> d-------- C:\Documents and Settings\Scott\Application Data\Download Manager
2008-03-05 15:40 . 2008-03-05 15:40 <DIR> d-------- C:\Program Files\DIFX
2008-03-05 15:40 . 2006-07-01 23:39 36,864 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2008-03-05 00:23 . 2008-03-05 00:23 <DIR> d-------- C:\Documents and Settings\Scott\Application Data\Microsoft Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-03 22:39 --------- d-----w C:\Documents and Settings\Scott\Application Data\Skype
2008-04-03 21:22 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-03 21:02 --------- d-----w C:\Documents and Settings\Scott\Application Data\skypePM
2008-04-03 17:06 --------- d-----w C:\Documents and Settings\Scott\Application Data\MailWasher
2008-03-29 13:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-04 23:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-15 15:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-15 15:02 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-11 17:11 40,960 ----a-w C:\WINDOWS\_ds37.tmp
2008-01-28 14:28 22,328 ----a-w C:\Documents and Settings\Scott\Application Data\PnkBstrK.sys
2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-12-01 18:28 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8a27bbfc-dfb9-4919-8dac-5f5c971fcf27}]
C:\WINDOWS\system32\vnvsdsub.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 13:04 77824 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 18:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 18:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 18:14 81920]
"iTunesHelper"="D:\iTunes\iTunesHelper.exe" [2005-12-20 21:54 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-01 13:06 155648]
"Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2003-02-13 11:25 493024]
"Windows Defender"="D:\Windows Defender\MSASCui.exe" [2006-11-03 20:20 866584]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 16:32 225280]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SideWinderTrayV4"="d:\MICROS~3\GAMECO~1\common\swtrayv4.exe" [1999-11-18 19:12 24650]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"gcasServ"="D:\Microsoft AntiSpyware\gcasServ.exe" [2005-11-15 12:12 473928]
"!AVG Anti-Spyware"="D:\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"SmcService"="D:\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - D:\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\ddcyVpMc

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"E:\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"D:\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\sandra.exe"=
"d:\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\RpcSandraSrv.exe"=
"d:\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\Win32\\RpcDataSrv.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\The All-Seeing Eye\\eye.exe"=
"E:\\Activision\\Call of Duty\\CoDUOMP.exe"=
"E:\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"E:\\EA Games\\Nightfire\\Bond.exe"=
"E:\\EA Games\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"E:\\EA Games\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"E:\\Activision\\Call of Duty\\CoDMP.exe"=
"E:\\Codemasters\\Colin McRae Rally 2005\\CMR5.EXE"=
"E:\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"E:\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"E:\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 LogWatch;Event Log Watch;"C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe" [2002-09-20 11:29]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 16:37]
S3 CA_LIC_CLNT;CA License Client;"C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe" [2002-09-20 11:27]
S3 CA_LIC_SRVR;CA License Server;"C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe" [2002-09-20 11:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3766f7c2-9f4f-11dc-a1cd-806d6172696f}]
\Shell\AutoRun\command - I:\Autorun.exe root.ini

.
Contents of the 'Scheduled Tasks' folder
"2008-04-04 10:32:07 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- D:\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-04 17:41:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Completion time: 2008-04-04 17:42:44
ComboFix-quarantined-files.txt 2008-04-04 16:42:36
Pre-Run: 18,413,408,256 bytes free
Post-Run: 18,465,746,944 bytes free
.
2008-04-02 14:03:24 --- E O F ---

#4 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:05 AM

Posted 04 April 2008 - 02:37 PM

Hi again Joe.. :blink:

Please open notepad and copy/paste the text in the quotebox into it

File::
C:\WINDOWS\system32\rmllowog.ini
C:\WINDOWS\system32\pxhinqgq.ini
C:\WINDOWS\system32\kkpltarx.ini
C:\WINDOWS\system32\sthsmsby.ini
C:\WINDOWS\_ds37.tmp
C:\WINDOWS\system32\vnvsdsub.dll

Folder::
C:\VundoFix Backups

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8a27bbfc-dfb9-4919-8dac-5f5c971fcf27}]


Save it as CFScript.txt on your desktop.

Posted Image

Referring to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

--------

Along with the ComboFix log....

Please download Malwarebytes' Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Double-click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • If you have trouble with the update process, please download the latest updates here.
  • Double-click the mbam-rules.exe file on your desktop and let it update the application.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (see extra note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Please copy and paste the entire report in your next reply. :thumbsup:
Extra note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Hi there, stranger!

#5 BIG_JOE_(UK)

BIG_JOE_(UK)
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:06:05 AM

Posted 06 April 2008 - 04:39 AM

Hi there, thanks for all the help again. A little quiry, combofix says that it will take roughly 10 minutes to run, however myne seems to be taking more like 7 hours, i ended up leaving the scan running over night hence the late reply.

Anyway, here is the HJT log



ComboFix 08-04-03.3 - Scott 2008-04-05 23:36:54.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.694 [GMT 1:00]
Running from: C:\Documents and Settings\Scott\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Scott\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\_ds37.tmp
C:\WINDOWS\system32\kkpltarx.ini
C:\WINDOWS\system32\pxhinqgq.ini
C:\WINDOWS\system32\rmllowog.ini
C:\WINDOWS\system32\sthsmsby.ini
C:\WINDOWS\system32\vnvsdsub.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\VundoFix Backups
C:\WINDOWS\_ds37.tmp
C:\WINDOWS\system32\kkpltarx.ini
C:\WINDOWS\system32\pxhinqgq.ini
C:\WINDOWS\system32\rmllowog.ini
C:\WINDOWS\system32\sthsmsby.ini

.
((((((((((((((((((((((((( Files Created from 2008-03-06 to 2008-04-06 )))))))))))))))))))))))))))))))
.

2008-04-02 16:23 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-04-02 16:23 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-04-02 16:23 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-04-02 16:23 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-04-02 16:23 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-04-02 16:23 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-04-02 16:23 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-04-02 15:27 . 2008-04-02 16:31 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-04-01 22:06 . 2008-04-01 22:06 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-03-31 22:08 . 2008-04-01 22:06 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-03-31 20:07 . 2008-03-31 20:07 <DIR> d-------- C:\Documents and Settings\Scott\Application Data\Grisoft
2008-03-31 20:07 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-31 20:06 . 2008-03-31 20:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-31 19:54 . 2001-05-22 23:45 45,056 --a------ C:\WINDOWS\PANIC32.dll
2008-03-31 19:54 . 2001-09-16 11:44 40,960 --a------ C:\WINDOWS\PANICNT.dll
2008-03-31 16:55 . 2008-03-31 16:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-03-31 16:54 . 2008-03-31 16:54 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-03-31 16:54 . 2008-03-31 19:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-03-30 22:20 . 2008-03-30 22:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-29 14:18 . 2008-03-31 17:15 <DIR> d-------- C:\Program Files\Bonjour
2008-03-26 15:34 . 2008-03-27 00:55 <DIR> d-------- C:\Documents and Settings\Scott\Application Data\LimeWire
2008-03-25 23:29 . 2008-02-22 03:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-25 23:28 . 2008-03-26 15:58 <DIR> d-------- C:\Program Files\Java
2008-03-25 23:23 . 2008-03-25 23:23 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-25 20:53 . 2008-03-25 20:56 <DIR> d-------- C:\Documents and Settings\Scott\Application Data\Download Manager

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-05 16:23 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-04 17:37 --------- d-----w C:\Documents and Settings\Scott\Application Data\MailWasher
2008-04-03 22:39 --------- d-----w C:\Documents and Settings\Scott\Application Data\Skype
2008-04-03 21:02 --------- d-----w C:\Documents and Settings\Scott\Application Data\skypePM
2008-03-29 13:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-05 14:40 --------- d-----w C:\Program Files\DIFX
2008-03-04 23:23 --------- d-----w C:\Documents and Settings\Scott\Application Data\Microsoft Games
2008-03-04 23:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-15 15:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-15 15:02 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-01-28 14:28 22,328 ----a-w C:\Documents and Settings\Scott\Application Data\PnkBstrK.sys
2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-12-01 18:28 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((( snapshot@2008-04-04_17.42.23.87 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-03 21:22:09 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
+ 2008-04-05 16:23:31 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 13:04 77824 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 18:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 18:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 18:14 81920]
"iTunesHelper"="D:\iTunes\iTunesHelper.exe" [2005-12-20 21:54 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-01 13:06 155648]
"Realtime Monitor"="C:\PROGRA~1\CA\ETRUST~1\realmon.exe" [2003-02-13 11:25 493024]
"Windows Defender"="D:\Windows Defender\MSASCui.exe" [2006-11-03 20:20 866584]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 16:32 225280]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SideWinderTrayV4"="d:\MICROS~3\GAMECO~1\common\swtrayv4.exe" [1999-11-18 19:12 24650]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"gcasServ"="D:\Microsoft AntiSpyware\gcasServ.exe" [2005-11-15 12:12 473928]
"!AVG Anti-Spyware"="D:\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"SmcService"="D:\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - D:\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"E:\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"D:\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\sandra.exe"=
"d:\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\RpcSandraSrv.exe"=
"d:\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\Win32\\RpcDataSrv.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\The All-Seeing Eye\\eye.exe"=
"E:\\Activision\\Call of Duty\\CoDUOMP.exe"=
"E:\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"E:\\EA Games\\Nightfire\\Bond.exe"=
"E:\\EA Games\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"E:\\EA Games\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"E:\\Activision\\Call of Duty\\CoDMP.exe"=
"E:\\Codemasters\\Colin McRae Rally 2005\\CMR5.EXE"=
"E:\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"E:\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"E:\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 LogWatch;Event Log Watch;"C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe" [2002-09-20 11:29]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 16:37]
S3 CA_LIC_CLNT;CA License Client;"C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe" [2002-09-20 11:27]
S3 CA_LIC_SRVR;CA License Server;"C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe" [2002-09-20 11:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3766f7c2-9f4f-11dc-a1cd-806d6172696f}]
\Shell\AutoRun\command - I:\Autorun.exe root.ini

.
Contents of the 'Scheduled Tasks' folder
"2008-04-06 01:37:20 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- D:\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 09:37:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
------------------------ Other Running Processes ------------------------
.
D:\Windows Defender\MsMpEng.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iPod\bin\iPodService.exe
D:\Microsoft AntiSpyware\gcasDtServ.exe
.
**************************************************************************
.
Completion time: 2008-04-06 9:38:03 - machine was rebooted [Scott]
ComboFix-quarantined-files.txt 2008-04-06 08:37:54
ComboFix2.txt 2008-04-04 16:42:45
Pre-Run: 18,389,594,112 bytes free
Post-Run: 18,378,108,928 bytes free
.
2008-04-02 14:03:24 --- E O F ---







And here is the MBAM log.




Malwarebytes' Anti-Malware 1.10
Database version: 594

Scan type: Quick Scan
Objects scanned: 30500
Time elapsed: 3 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{060bb0ab-4b09-4c51-9ecb-9580a6d08d7f} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:05 AM

Posted 06 April 2008 - 05:08 AM

Go to Start Run type in: regedit OK.
  • On the leftside, click to highlight My Computer at the top.
  • Go up to File Export
    Make sure in that window there is a tick next to "All" under Export Branch.
    Leave the "Save As Type" as "Registration Files".
    Under "Filename" put RegBackup.
  • Choose to save it to C:\
  • Click Save and then go to File Exit.
This is so the registry can be restored to this point if we need it. It may take a minute.

Next, please copy the following text in the quotebox below to a blank notepad file. Make sure the filetype is set to "All Files" and save it as Fixit.reg on your desktop.

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3766f7c2-9f4f-11dc-a1cd-806d6172696f}]

Now double-click on the Fixit.reg on your desktop and allow it to merge with registry by clicking YES on the prompt.

-------

Click on Start -> Run and type in:

ComboFix /u

Click on OK. When shown the disclaimer, select 2.

------

How does the system appear to be running at this point? :thumbsup:
Hi there, stranger!

#7 BIG_JOE_(UK)

BIG_JOE_(UK)
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:06:05 AM

Posted 06 April 2008 - 11:38 AM

Excellent!!!

Thankyou so much for all the help and time that you have given to me.

I will shortly donatemoney to you to show my thanks.


Once again many thanks for all the help,

Regards, Scott

#8 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:05 AM

Posted 06 April 2008 - 01:33 PM

Excellent!!!

Thankyou so much for all the help and time that you have given to me.

I will shortly donatemoney to you to show my thanks.


Once again many thanks for all the help,

Regards, Scott

Thanks & you're welcome, Scott :thumbsup:

Some finishing steps & tips...

Please download OTCleanIt and save it to desktop.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to reboot during the cleanup, select YES.
  • The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Here's some tips for future to prevent spyware:

Detect and Remove Programs:Prevention Programs:
  • Comodo BOClean <= Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free.
  • SpywareBlaster <= SpywareBlaster will prevent spyware from being installed. Detailed installation guide provided.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well known adsites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Other necessary Programs:
  • More Secure Browser <= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox.
And also see TonyKlein's good advice:
So how did I get infected in the first place?
Hi there, stranger!

#9 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:05 AM

Posted 11 April 2008 - 04:32 AM

Since this issue appears to be resolved, this topic has been closed.

Feel free to start a new topic should another problem arise. :thumbsup:
Hi there, stranger!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users