Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

1antivirus Title And 3 Programs That Maybe Causing Me Problems!


  • Please log in to reply
11 replies to this topic

#1 Groffeaston

Groffeaston

  • Members
  • 518 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easton,PA
  • Local time:11:50 PM

Posted 18 May 2008 - 05:15 PM

Hello everyone

I went to visit a website last night/ this morning, to do a little research, But when I clicked to enter that site, I got a window warning me that my computer may not have virus protection! I know it has virus protection! So I clicked to close the window and to leave the site immediately! But The website started an antivirus scan with "Antivirus 2008". It did not say what company it was from or which program, such as "Norton's". It just said "Antivirus 2008".

Then after it started the scan it immediately picked up 3 things as high alert. They are in order:
1)Backdoor.Win32.TheThing.a 2) Trojan.DOS.Tornado_Patch and 3) Trojan-PSW.Win32.Coced.215

When it tried to download their prorgam to "protect my computer" I clicked cancel. I checked the certificate because Windows would not let it download because of a revoked crtificate. When I checked the Revoked Cetificates List, it did not say why it was revoked. Is there a way to find out? Also How can I tell if this is a legit online scanner or not?

I will do a little more searching, myself to see if I can dig up anything else. Then get back to you all. But let me know if anyone has any information on this things, please. Thank you!

BC AdBot (Login to Remove)

 


#2 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:04:50 AM

Posted 18 May 2008 - 05:43 PM

one might ask you to give the URL of the site but if it is infected that is not a good idea and maybe a Mod or admin might be 'interested 'IN the url to notify the appropriate people?

may I suggest, if you have not already done so; run a scan with superantispyware


Superantispyware; guide on how to install and run



If you have not already got a Downloads folder , I suggest you create a new folder in My Documents, and name it Downloads ;

Installing superantispywareSuperantispyware is found here


http://www.superantispyware.com/index.html

Download to the Downloads folder the free exe to superantispyware from here


http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

you install superantispyware by clicking on the icon in the downloads folder ;
it will launch the installation process;
follow the instructions and I suggest you ask for a default installation ;
ensure it creates a desktop icon for you ;
once the program has been installed it should ask you if you wish to update the program ; say YES

if it does not ask you , you need TO fully update the definitions by opening the program and find the ‘check for updates ‘tab in the bottom left of the menus you see; click on it and it will do the update for you ;
I suggest you ask it to check for updates again once the first update is complete just to be sure


please then reboot your computer ; it is preferable to run the scan in your computers safe mode;

please open this program from the desktop icon
please run the scan while you are OFF line and do not have the computer doing any other work while the scan runs

go to the preferences tab on the right
on the General tab I suggest you disable the scan on start up

on the Hijack protection tab I suggest you tick BOTH items; this enables the program to give you a Hijack home page alert if your home page gets changes ; if you DO get a home page hijack, when you boot up the computer superantispyware will open and tell you the home page has changed and will ask you if this is a legitimate change;

in statistics/logs- go to the bottom and you will see two boxes asking about keeping a log of scanning results and saving empty logs?

Tick both of them

Then go back to the main screen and see the tab that says scan your computer? Do you see that ?

Click on it

A screen will open ;on the left hand side ensure your FIXED drive ( most probably the C drive) is ticked;
Also tick in there any other section that is used and attached .
On the right had side you see three scanning options?; please click the Complete scan option

OK; you are now set to scan

Please then click on the ‘next’ tab and let the scan run please run the scan while you are OFF line and do not have the computer doing any other work while the scan runs

From my experience running this program the complete full scan CAN take many hours to run depending on how much is on your computer so be patient and let it run; maybe go for a cuppa or watch a favourite program while this one runs

Once the scan IS complete you will be presented with a box telling you what the scan has found ( if anything); if harmful objects have been found click on the OK button ; on the next screen all the harmful objects should have a check mark beside them, ; click ‘next’


A notification should appear that

‘quarantine and removal is complete’

click ‘ok’
and then the Finish button to get returned to the main menu


If you have run the scan in computers safe mode you will need to reboot to computer normal mode

If you have run in computer’s normal mode I suggest you reboot to enable the ‘fix’ the program has performed to consolidate

You then need to retrieve the scan result

Open the program and return to the statistics /logs section ; locate the most recent log ; left mouse click on it to highlight it and click the ‘view log’ tab

The log should appear in maybe note pad ; you need to copy and paste that log for folks to see what might be going on n
Once you have posted that please close the superantispyware program

see what that tells us?

#3 Groffeaston

Groffeaston
  • Topic Starter

  • Members
  • 518 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easton,PA
  • Local time:11:50 PM

Posted 19 May 2008 - 02:09 AM

Hello ruby1

I ran 2 scans. 1 scan with a squared free and 1 with Spybot S&D Free. Thos scans turned up nothing, except the cookies on my computer! So I am begining to think that it might be a scam or that it picked up something so new that these prorgrams did not have the updates yet! My programs were updated before I ran the scans! I ran the scans in my computer's normal mode, but while I was offline!

I will do the SUPERAntiSpyware free, scan later today! I will make those adjustments, if they are not already made to the program! I will run it on deep scan or full scan what ever it is called! I think I did update it on Saturday But will do it again to make sure!

I cannot remember the website's URL that I went to, to do some research! Now I cannot even remember what I was looking up! :flowers: :thumbsup: I guess it must have slipped my mind, when I saw that scanner pop up and tell me about those those problems it found! And then I tried to get out of the site immediately! When I reallized that my antivirus never even sounded an alarm that it picked up anything when it scanned!

So I will let you know what the SUPERAntiSpyware Free turns up later! I think I also saved the logs from the other scans! So I will check to make sure, and then if I did I will post them here also with the one from SUPER!

Matt

#4 Groffeaston

Groffeaston
  • Topic Starter

  • Members
  • 518 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easton,PA
  • Local time:11:50 PM

Posted 19 May 2008 - 11:22 AM

Hello Everyone

Well here are the results of the scans that I ran: The first scan I did was with a squared free. That I ran while I was off line and did a deep scan. All it turned up was cookies! The second scan I did was with Spybot S&D free. That I also ran while I was offline. That turned up no infections/detections, but showed 49 problems to fix. Which I then fixed. Finally I just got done with a scan with SUPERAntiSpyware Free. It also showed nothing but cookies! I will include the logs, for the preceding scans, below!

Here is the SUPERAntiSpyware Free scan log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/19/2008 at 11:01 AM

Application Version : 4.0.1154

Core Rules Database Version : 3463
Trace Rules Database Version: 1454

Scan type : Complete Scan
Total Scan Time : 00:21:00

Memory items scanned : 221
Memory threats detected : 0
Registry items scanned : 7034
Registry threats detected : 0
File items scanned : 22939
File threats detected : 10

Adware.Tracking Cookie
C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Cookies\matthew@richmedia.yahoo[1].txt
C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Cookies\matthew@ar.atwola[2].txt
C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Cookies\matthew@atwola[2].txt
C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Cookies\matthew@revsci[1].txt
C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Cookies\matthew@tacoda[1].txt
C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Cookies\Low\matthew@richmedia.yahoo[1].txt
C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Cookies\Low\matthew@ads.sun[2].txt
C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Cookies\Low\matthew@ads.revsci[1].txt
C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Cookies\Low\matthew@adultfriendfinder[2].txt
C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Cookies\Low\matthew@media6degrees[1].txt


Here is the scan report for asqured:

a-squared Free - Version 3.5
Last update: 5/18/2008 12:36:29 AM

Scan settings:

Objects: Memory, Traces, Cookies, C:\, D:\
Scan archives: On
Heuristics: On
ADS Scan: On

Scan start: 5/18/2008 8:47:21 PM


Scanned

Files: 190458
Traces: 324217
Cookies: 44
Processes: 75

Found

Files: 0
Traces: 0
Cookies: 0
Processes: 0
Registry keys: 0

Scan end: 5/18/2008 11:34:48 PM
Scan time: 2:47:27

Here are the logs/reports from Spybot S&D free:

18.05.2008 23:37:19 - ##### check started #####
18.05.2008 23:37:19 - ### Version: 1.5.2
18.05.2008 23:37:19 - ### Date: 5/18/2008 11:37:19 PM
18.05.2008 23:37:21 - ##### checking bots #####
18.05.2008 23:50:43 - ##### checking usage tracking #####
18.05.2008 23:50:43 - found: Log Install: setupact.log setupact.log
18.05.2008 23:50:43 - found: Log Install: setupapi.log setupapi.log
18.05.2008 23:50:43 - found: Log Install: DtcInstall.log DtcInstall.log
18.05.2008 23:50:43 - found: Log Shutdown: System32\wbem\logs\wmiprov.log System32\wbem\logs\wmiprov.log
18.05.2008 23:50:44 - found: Internet Explorer Typed URL list 6 files
18.05.2008 23:50:44 - found: Internet Explorer Download directory
18.05.2008 23:50:44 - found: Internet Explorer User agent
18.05.2008 23:50:44 - found: Internet Explorer User agent
18.05.2008 23:50:44 - found: Internet Explorer User agent
18.05.2008 23:50:44 - found: Internet Explorer User agent
18.05.2008 23:50:44 - found: Internet Explorer User agent
18.05.2008 23:50:44 - found: MS Management Console Recent command list 4 files
18.05.2008 23:50:44 - found: MS Media Player Recent file list 9 files
18.05.2008 23:50:44 - found: MS Media Player Save as Directory
18.05.2008 23:50:44 - found: MS Media Player Client ID
18.05.2008 23:50:44 - found: MS Direct3D Most recent application
18.05.2008 23:50:44 - found: MS Direct3D Most recent application
18.05.2008 23:50:44 - found: MS Direct3D Most recent application
18.05.2008 23:50:44 - found: MS Direct3D Most recent application
18.05.2008 23:50:44 - found: MS DirectDraw Most recent application
18.05.2008 23:50:45 - found: MS DirectInput Most recent application
18.05.2008 23:50:45 - found: MS DirectInput Most recent application
18.05.2008 23:50:45 - found: MS DirectInput Most recent application
18.05.2008 23:50:45 - found: MS DirectInput Most recent application ID
18.05.2008 23:50:45 - found: MS DirectInput Most recent application ID
18.05.2008 23:50:45 - found: MS DirectInput Most recent application ID
18.05.2008 23:50:45 - found: MS Office 12.0 (Word) Recent Document List 5 files
18.05.2008 23:50:45 - found: MS Paint Recent file list 4 files
18.05.2008 23:50:46 - found: Windows Drivers installation paths
18.05.2008 23:50:46 - found: Windows.OpenWith Open with list - .BMP extension 3 files
18.05.2008 23:50:47 - found: Windows.OpenWith Open with list - .CER extension 2 files
18.05.2008 23:50:47 - found: Windows Explorer User Assistant history IE 1 files
18.05.2008 23:50:47 - found: Windows Explorer User Assistant history files 65 files
18.05.2008 23:50:47 - found: Windows Explorer Recent file global history
18.05.2008 23:50:47 - found: Windows Media SDK Computer name
18.05.2008 23:50:47 - found: Windows Media SDK Computer name
18.05.2008 23:50:47 - found: Windows Media SDK Computer name
18.05.2008 23:50:47 - found: Windows Media SDK Computer name
18.05.2008 23:50:47 - found: Windows Media SDK Unique ID
18.05.2008 23:50:47 - found: Windows Media SDK Unique ID
18.05.2008 23:50:47 - found: Windows Media SDK Unique ID
18.05.2008 23:50:47 - found: Windows Media SDK Unique ID
18.05.2008 23:50:47 - found: Windows Media SDK Volume serial number
18.05.2008 23:50:47 - found: Windows Media SDK Volume serial number
18.05.2008 23:50:47 - found: Windows Media SDK Volume serial number
18.05.2008 23:50:47 - found: Windows Media SDK Volume serial number
18.05.2008 23:50:47 - found: Cookie Cookie (38)
18.05.2008 23:50:47 - found: Cache Cache (1079)
18.05.2008 23:50:47 - found: History History (656)
18.05.2008 23:50:47 - ##### check finished #####


- Report generated: 2008-05-18 23:50 ---

Log: Install: setupact.log (Backup file, nothing done)
C:\Windows\setupact.log

Log: Install: setupapi.log (Backup file, nothing done)
C:\Windows\setupapi.log

Log: Install: DtcInstall.log (Backup file, nothing done)
C:\Windows\DtcInstall.log

Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\Windows\System32\wbem\logs\wmiprov.log

Internet Explorer: [SBI $1E8157BE] Typed URL list (6 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\Microsoft\Internet Explorer\TypedURLs

Internet Explorer: [SBI $FF589D0C] Download directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\Microsoft\Internet Explorer\Download Directory

Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

MS Management Console: [SBI $ECD50EAD] Recent command list (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\Microsoft\Microsoft Management Console\Recent File List

MS Media Player: [SBI $E48560B4] Recent file list (9 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\Microsoft\MediaPlayer\Player\RecentFileList

MS Media Player: [SBI $3EE69CC3] Save as Directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\Microsoft\MediaPlayer\Player\Settings\SaveAsDir

MS Media Player: [SBI $5C51E349] Client ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

MS DirectInput: [SBI $9A063C91] Most recent application (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\DirectInput\MostRecentApplication\Name

MS DirectInput: [SBI $9A063C91] Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\Microsoft\DirectInput\MostRecentApplication\Name

MS DirectInput: [SBI $9A063C91] Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\DirectInput\MostRecentApplication\Name

MS DirectInput: [SBI $7B184199] Most recent application ID (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\DirectInput\MostRecentApplication\Id

MS DirectInput: [SBI $7B184199] Most recent application ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\Microsoft\DirectInput\MostRecentApplication\Id

MS DirectInput: [SBI $7B184199] Most recent application ID (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\DirectInput\MostRecentApplication\Id

MS Office 12.0 (Word): [SBI $E357B233] Recent Document List (5 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\Microsoft\Office\12.0\Word\File MRU

MS Paint: [SBI $07867C39] Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List

Windows: [SBI $1E4E2003] Drivers installation paths (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

Windows.OpenWith: [SBI $E9115E4D] Open with list - .CER extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CER\OpenWithList

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (65 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Cookie: Cookie (38) (Cookie, nothing done)


Cache: Cache (1079) (Cache, nothing done)


History: History (656) (History, nothing done)


Congratulations!: No immediate threats were found. ()



--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---

2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2008-04-23 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2008-04-16 Includes\Adware.sbi (*)
2008-05-14 Includes\AdwareC.sbi (*)
2008-05-14 Includes\Cookies.sbi (*)
2007-12-26 Includes\Dialer.sbi (*)
2008-05-14 Includes\DialerC.sbi (*)
2008-05-14 Includes\HeavyDuty.sbi (*)
2008-04-30 Includes\Hijackers.sbi (*)
2008-05-14 Includes\HijackersC.sbi (*)
2008-04-30 Includes\Keyloggers.sbi (*)
2008-05-14 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-04-22 Includes\Malware.sbi (*)
2008-05-14 Includes\MalwareC.sbi (*)
2008-03-26 Includes\PUPS.sbi (*)
2008-05-14 Includes\PUPSC.sbi (*)
2008-05-14 Includes\Revision.sbi (*)
2008-01-09 Includes\Security.sbi (*)
2008-05-14 Includes\SecurityC.sbi (*)
2008-04-16 Includes\Spybots.sbi (*)
2008-05-14 Includes\SpybotsC.sbi (*)
2008-04-16 Includes\Spyware.sbi (*)
2008-05-14 Includes\SpywareC.sbi (*)
2007-11-06 Includes\Tracks.uti (*)
2008-04-30 Includes\Trojans.sbi (*)
2008-05-14 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

-- Report generated: 2008-05-19 00:01 ---

Log: Install: setupact.log (Backup file, fixed)
C:\Windows\setupact.log

Log: Install: setupapi.log (Backup file, fixed)
C:\Windows\setupapi.log

Log: Install: DtcInstall.log (Backup file, fixed)
C:\Windows\DtcInstall.log

Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, fixed)
C:\Windows\System32\wbem\logs\wmiprov.log

Internet Explorer: [SBI $1E8157BE] Typed URL list (6 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\Microsoft\Internet Explorer\TypedURLs

Internet Explorer: [SBI $FF589D0C] Download directory (Registry change, fixed)
HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\Microsoft\Internet Explorer\Download Directory

Internet Explorer: [SBI $0BC7B918] User agent (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry change, fixed)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry change, fixed)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry change, fixed)
HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

MS Management Console: [SBI $ECD50EAD] Recent command list (4 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\Microsoft\Microsoft Management Console\Recent File List

MS Media Player: [SBI $E48560B4] Recent file list (9 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\Microsoft\MediaPlayer\Player\RecentFileList

MS Media Player: [SBI $3EE69CC3] Save as Directory (Registry change, fixed)
HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\Microsoft\MediaPlayer\Player\Settings\SaveAsDir

MS Media Player: [SBI $5C51E349] Client ID (Registry change, fixed)
HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, fixed)
HKEY_USERS\S-1-5-20\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, fixed)
HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

MS DirectInput: [SBI $9A063C91] Most recent application (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\DirectInput\MostRecentApplication\Name

MS DirectInput: [SBI $9A063C91] Most recent application (Registry change, fixed)
HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\Microsoft\DirectInput\MostRecentApplication\Name

MS DirectInput: [SBI $9A063C91] Most recent application (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\DirectInput\MostRecentApplication\Name

MS DirectInput: [SBI $7B184199] Most recent application ID (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\DirectInput\MostRecentApplication\Id

MS DirectInput: [SBI $7B184199] Most recent application ID (Registry change, fixed)
HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\Microsoft\DirectInput\MostRecentApplication\Id

MS DirectInput: [SBI $7B184199] Most recent application ID (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\DirectInput\MostRecentApplication\Id

MS Office 12.0 (Word): [SBI $E357B233] Recent Document List (5 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\Microsoft\Office\12.0\Word\File MRU

MS Paint: [SBI $07867C39] Recent file list (4 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List

Windows: [SBI $1E4E2003] Drivers installation paths (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (3 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

Windows.OpenWith: [SBI $E9115E4D] Open with list - .CER extension (2 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CER\OpenWithList

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (1 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (65 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, fixed)
HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, fixed)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, fixed)
HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, fixed)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, fixed)
HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, fixed)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, fixed)
HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Cookie: Cookie (38) (Cookie, fixed)


Cache: Cache (1079) (Cache, fixed)


History: History (656) (History, fixed)


Congratulations!: No immediate threats were found. ()



--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---

2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2008-04-23 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2008-04-16 Includes\Adware.sbi (*)
2008-05-14 Includes\AdwareC.sbi (*)
2008-05-14 Includes\Cookies.sbi (*)
2007-12-26 Includes\Dialer.sbi (*)
2008-05-14 Includes\DialerC.sbi (*)
2008-05-14 Includes\HeavyDuty.sbi (*)
2008-04-30 Includes\Hijackers.sbi (*)
2008-05-14 Includes\HijackersC.sbi (*)
2008-04-30 Includes\Keyloggers.sbi (*)
2008-05-14 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-04-22 Includes\Malware.sbi (*)
2008-05-14 Includes\MalwareC.sbi (*)
2008-03-26 Includes\PUPS.sbi (*)
2008-05-14 Includes\PUPSC.sbi (*)
2008-05-14 Includes\Revision.sbi (*)
2008-01-09 Includes\Security.sbi (*)
2008-05-14 Includes\SecurityC.sbi (*)
2008-04-16 Includes\Spybots.sbi (*)
2008-05-14 Includes\SpybotsC.sbi (*)
2008-04-16 Includes\Spyware.sbi (*)
2008-05-14 Includes\SpywareC.sbi (*)
2007-11-06 Includes\Tracks.uti (*)
2008-04-30 Includes\Trojans.sbi (*)
2008-05-14 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

There are all the logs/reports for the scans that I performed and after the fixes I did! Sorry to make this post so long! Please let me know if there is anything elese I can do to help you help me! THank you!

#5 OldGrumpyBastard

OldGrumpyBastard

  • Members
  • 781 posts
  • OFFLINE
  •  
  • Location:"Way South of 'da Bridge"
  • Local time:10:50 PM

Posted 19 May 2008 - 12:58 PM

You may want to take a look at this:

http://www.xp-vista.com/

This Blog addresses Antivirus 2008 as a scam utility coersing you to purchase a phony product that may install some really nasty goodies on your system.

I'm not really qualified to give you advice on how to remove it from your system but others here are.
Does this look like an OldGrumpyBastard or what?

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:50 PM

Posted 19 May 2008 - 02:09 PM

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Acan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Groffeaston

Groffeaston
  • Topic Starter

  • Members
  • 518 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easton,PA
  • Local time:11:50 PM

Posted 19 May 2008 - 03:04 PM

Hello everyone

I pretty much figured out that the Antivirus 2008 scanner was a Bogus program, especially when it said I had several trojans and other malware programs! And to top it all off non of my antivirus programs that are on my computer picked anything up before hand or since! The only thing that shows up is the cookies! Well, I changed the mode on the Spybot from Default to Advanced. So I can see what all else it is picking up and scanning! Also I can see what files and all is listed on my computer and then can better be able to provide that information to you!

I did not install anything from the website that I was trying to go to do look something up or from the Antivirus 2008 scanner website!

Should I still download Malwarebytes Anti-Malware? And then do the scan and follow quietman7's instructions ?

If yes, I will do it later on tonight after I do some errands and my meeting I have to go to!

Actually, I will download it anyway! Just to be safe! Better to be safe, than sorry! I will do it later on tonight incase the download time is longer than I expected!

Talk to you soon!

#8 Groffeaston

Groffeaston
  • Topic Starter

  • Members
  • 518 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easton,PA
  • Local time:11:50 PM

Posted 19 May 2008 - 03:36 PM

Hello Everyone

Well, I downloaded Malwarebytes-Anti-Malware and did the Quick Scan! Nothing showed up!

Here is the log:

Malwarebytes' Anti-Malware 1.12
Database version: 768

Scan type: Quick Scan
Objects scanned: 36590
Time elapsed: 3 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

So now what do I do? I quess it looks like I did not pick up anything from those websites! Knock on wood! :thumbsup: :flowers: :trumpet: :inlove:

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:50 PM

Posted 19 May 2008 - 07:11 PM

All those scans were clean.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:50 PM

Posted 19 May 2008 - 08:16 PM

I quess it looks like I did not pick up anything from those websites!

If your not getting any more warning messages then it appears you are in the clear.

To protect yourself against malware infection, be sure to read:
• "Simple and easy ways to keep your computer safe".
• "How did I get infected?, With steps so it does not happen again!".
• "Best Practices - Internet Safety for 2008".
• "Hardening Windows Security - Part 1 & Part 2".
• "IE Recommended Minimal Security Settings".
• "How to Set Security Options in the Firefox Browser".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Groffeaston

Groffeaston
  • Topic Starter

  • Members
  • 518 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easton,PA
  • Local time:11:50 PM

Posted 19 May 2008 - 08:25 PM

Hello everyone

I guess it looks like I do not have to do anything else for now. Right?

Thank you for all your help! If anything else pops up I will let you know!

Matt

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:50 PM

Posted 19 May 2008 - 08:32 PM

That's it and your welcome.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users