Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected


  • Please log in to reply
14 replies to this topic

#1 Old Pete

Old Pete

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 27 May 2008 - 06:29 AM

After downloading an active x control, object?, from a porn site, digital bugs took over the screen and started "eating away" at the screen. System restore was locked at that point, so now can someone help me?

BC AdBot (Login to Remove)

 


#2 OldGrumpyBastard

OldGrumpyBastard

  • Members
  • 781 posts
  • OFFLINE
  •  
  • Location:"Way South of 'da Bridge"
  • Local time:11:10 PM

Posted 27 May 2008 - 06:38 AM

That is the risk of allowing "Active X" controls specially on those types of sites. To get the best advice on how to remove the effects of this Please open up a new topic in the "Am I infected, What do I do now" in the security section farther down the main page. They will be able to assist you in the removal process.

http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/

Edited by douglas martin, 27 May 2008 - 06:39 AM.

Does this look like an OldGrumpyBastard or what?

#3 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:12:10 AM

Posted 27 May 2008 - 06:43 AM

I'll just move this one over there......
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#4 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:12:10 AM

Posted 27 May 2008 - 07:25 AM

I would start with this scan and cleaner, MBAM

http://www.bleepingcomputer.com/forums/ind...mp;#entry811062

please let us know what operating system you are running and what spyware/virus software you use?

Edited by DaChew, 27 May 2008 - 07:25 AM.

Chewy

No. Try not. Do... or do not. There is no try.

#5 Old Pete

Old Pete
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 27 May 2008 - 09:23 PM

I am new to these protocols. I am running WinXPproServ2 with AVG 7.5, Regcure and it's antivirus scanner. Upon logging on,Windows shows
---cannot find 'file:///C :/windows/privacy_danger/index.htm.'
Also I ignorantly ran Combofix with only paetial success. Please help. Thank You

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:10 AM

Posted 27 May 2008 - 09:51 PM

Would you post the results log of the MalwareBytes scan please.

---cannot find 'file:///C :/windows/privacy_danger/index.htm.'

This is usually the result of using specialized malware removal tools. You have brokr the path for the program to open with. Windows wants to open it and can not...hence the message.

To resolve this, download Autoruns, search for the related entry and then delete it.
Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there. (click HERE if you're not sure how to do this.)
Open the folder and double-click on autoruns.exe to launch it.
Please be patient as it scans and populates the entries.
When done scanning, it will say Ready at the bottom.
Scroll through the list and look for a startup entry related to the file(s) in the error message.
Right-click on the entry and choose delete.
Reboot your computer and see if the startup error returns.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Old Pete

Old Pete
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 28 May 2008 - 09:15 AM

Malwarebytes' Anti-Malware 1.12
Database version: 793

Scan type: Quick Scan
Objects scanned: 40104
Time elapsed: 5 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 23
Registry Values Infected: 5
Registry Data Items Infected: 2
Folders Infected: 47
Files Infected: 106

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\khfffeBs.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\ljJbxUKe.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{721b7c33-de06-4ca4-80e8-36684561aac4} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{721b7c33-de06-4ca4-80e8-36684561aac4} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Antiviruspcsuite (Rogue.Antiviruspcsuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bcbeb0eb-744a-4f05-99a5-636b721c318e} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bcbeb0eb-744a-4f05-99a5-636b721c318e} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljjbxuke (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8bde3840-82be-4106-b8d7-dfe0e46b5cc4} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e792d2c0-42c8-40d6-a1e9-1f45e0feff22} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{11b771f0-c8fd-426a-b537-f9aae4059895} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11b771f0-c8fd-426a-b537-f9aae4059895} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\trojansfilter (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c8d17570 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f06e2abe-3a50-4079-be25-fc100d9eaa25} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{bcbeb0eb-744a-4f05-99a5-636b721c318e} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\vregfwlx (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\vltdfabw (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\khfffebs -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\khfffebs -> Delete on reboot.

Folders Infected:
C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\Antiviruspcsuite (Rogue.Antiviruspcsuite) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\Antiviruspcsuite\Logs (Rogue.Antiviruspcsuite) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareMaster (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\BrowserSearch (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Button_0 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Button_1 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Button_10 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Button_11 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Button_2 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Button_3 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Button_4 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Button_5 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Button_6 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Button_7 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Button_8 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Button_9 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\configurator (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\ErrorSearch (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\postInstallLayout (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\products (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\TimerManager (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\ToolbarSearch (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Updater (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Button_0 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Button_1 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Button_2 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Button_3 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Button_4 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Button_5 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Button_6 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Button_7 (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Shared (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Button_0\images (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Button_1\images (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Button_2\images (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Button_3\images (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Button_4\images (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Button_5\images (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Button_6\images (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Button_7\images (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Shared\images (Adware.BHO) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\khfffeBs.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\sBefffhk.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\sBefffhk.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sbxhihrw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wrhihxbs.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\shpwiuwf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fwuiwphs.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blackster.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ctfmonb.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\down.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\Antiviruspcsuite\avtasks.dat (Rogue.Antiviruspcsuite) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\Antiviruspcsuite\PGE.dat (Rogue.Antiviruspcsuite) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\Antiviruspcsuite\Logs\av.log (Rogue.Antiviruspcsuite) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\Antiviruspcsuite\Logs\ga6Support.log (Rogue.Antiviruspcsuite) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\Antiviruspcsuite\Logs\update.log (Rogue.Antiviruspcsuite) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareMaster\AntiSpywareMaster.lnk (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareMaster\Uninstall AntiSpywareMaster.lnk (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\RegistrySmart\Log\2008 Mar 21 - 09_23_38 AM_625.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\toolbar.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\BrowserSearch\BrowserSearch.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Button_0\Button_0.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Button_0\Button_0.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Button_1\Button_1.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Button_1\Button_1.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Button_10\Button_10.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Button_10\Button_10.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Button_11\Button_11.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Button_11\Button_11.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Button_2\Button_2.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Button_2\Button_2.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Button_3\Button_3.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Button_3\Button_3.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Button_4\Button_4.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Button_4\Button_4.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Button_5\Button_5.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Button_5\Button_5.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Button_6\Button_6.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Button_6\Button_6.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Button_7\Button_7.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Button_7\Button_7.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Button_8\Button_8.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Button_8\Button_8.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Button_9\Button_9.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Button_9\Button_9.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\configurator\configurator.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\configurator\configurator.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\ErrorSearch\ErrorSearch.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\ErrorSearch\ErrorSearch.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\postInstallLayout\postInstallLayout.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\products\products.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\products\products.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Button_0\images\alot_icon_35x16.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Button_1\images\alot_search_24x16.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Button_2\images\default_210_default_233_alot_music_musicsearch.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Button_3\images\default_213_alot_music_lyrics_24x16.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Button_4\images\alert-icon.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Button_4\images\clear.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Button_4\images\cloudy.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Button_4\images\default_281_alot_weather_widget.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Button_4\images\IMG8C.tmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Button_4\images\mcloud.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Button_4\images\nclear.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Button_4\images\ncloudy.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Button_4\images\nmcloud.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Button_4\images\npcloud.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Button_4\images\nrain.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Button_4\images\pcloud.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Button_4\images\rain.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Button_5\images\default_337_alot_music_news_24x16.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Button_6\images\default_220_alot_music_freemusic.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Button_7\images\default_215_alot_music_freeradio.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Shared\domains.dat (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Shared\images\alot_brand.png (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Shared\images\alot_spinner.gif (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Shared\images\widget_bottom.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Shared\images\widget_btnmin0.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Shared\images\widget_btnmin1.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Shared\images\widget_caption.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Shared\images\widget_error_close.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\TimerManager\TimerManager.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\TimerManager\TimerManager.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\ToolbarSearch\ToolbarSearch.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Updater\Updater.xml (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\alot\Updater\Updater.xml.backup (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJbxUKe.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\vregfwlx.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\vltdfabw.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\boqnrwdmkrs.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Desktop\AntiSpywareMaster.lnk (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareMaster.lnk (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Desktop\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Desktop\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Desktop\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Favorites\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Favorites\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.


#8 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,012 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:10 AM

Posted 28 May 2008 - 11:21 AM

Hello Old Pete,

I merged your Malwarebytes log which you posted in the HiJack This forum to your original thread here in the Am I Infected forum. Have you run the Autoruns program as boopme outlined above?

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#9 Old Pete

Old Pete
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 30 May 2008 - 05:48 AM

Here is the Windows warning when I log on: cannot find 'file: lllC:/windows/privacy_danger/index.htm.' Make sure your reference path or internet address is correct

#10 Old Pete

Old Pete
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 30 May 2008 - 05:49 AM

Hello-Yes, I unzipped autoruns and looked for the offending file I sent in a recent post, starting with'cannot find file:lllc etc. However I could not find it and am not sure what to do.
old pete

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,780 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:10 AM

Posted 30 May 2008 - 08:24 AM

Did you reboot the computer after using MBAM? If it encounters a file that is difficult to remove, you need to restart the computer so the malware can be fully removed. Failure to do so will prevent MBAM from removing all the malware. Your log indicates some files will be deleted on reboot. If you have not rebooted, make sure you do this. When done, rescan again with MBAM and post the new log report.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 Old Pete

Old Pete
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 31 May 2008 - 06:22 AM

To Quietman-yes, I did reboot, to no avail; but how do I send log files? Thanks, Old Pete

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,780 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:10 AM

Posted 31 May 2008 - 07:07 AM

Rescan with MBAM same way you did before.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply.

Please print out and follow the instructions for using "Vundofix". -- If using Windows Vista be sure to Run As Administrator.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the 'Fix Vundo' button.
  • After running VundoFix, a text file named vundofix.txt will automatically be saved to the root of the system drive, usually at C:\vundofix.txt.
  • Please copy & paste the contents of that text file into your next reply.
-- If you receive this error: "Run-time error '339': Component 'comdlg32.ocx' or one its dependencies not correctly registered: a file is missing or invalid", a new copy and instructions on where to put it can be found here.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 Old Pete

Old Pete
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 01 June 2008 - 03:40 PM

My son set up a new user account for me yesterday. He also downloaded adaware. All is well so far. Is this a reasonable solution or can I expect trouble? Thanks, Old Pete

#15 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:12:10 AM

Posted 01 June 2008 - 05:03 PM

I had a friend with norton's and a bad infection he kept setting up new profiles for him and his wife every month or so after they developed errors, I found a deeply seated half broken infection with MBAM and superantispyware

those profiles were taking up 25% of his hard drive and almost impossible to delete

I would follow quietman's last request
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users