Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help Getting Rid Of Trojan.32.pakes.czg


  • Please log in to reply
5 replies to this topic

#1 atomicluis

atomicluis

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 10 June 2008 - 08:14 PM

I ran the free trial of kaspersky (trial version) and this issue keeps coming back:

My PC background has been changed to a wallpaper that says "Warning! Spyware has been detected on your computer".
Also, a screen saver that is a bunch of little bugs eating the screen and pop ups that state that I have been infected and that I need to install software to remove it.

Kaspersky keeps detecting the following: Trojan.32.Pakes.czg

Thank you so much

BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:04:07 AM

Posted 10 June 2008 - 08:56 PM

http://www.malwareremoval.com/tutorials/safemodeboot.php

try a scan with Kasp in safe mode please
Chewy

No. Try not. Do... or do not. There is no try.

#3 atomicluis

atomicluis
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 11 June 2008 - 09:48 PM

I ran Kaspersky in safe mode, deleted trojan.win32.pakes.czg... but no improvement.... = (

#4 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:04:07 AM

Posted 11 June 2008 - 09:57 PM

http://www.bleepingcomputer.com/forums/ind...mp;#entry811062

Would you try a scan and fix with MBAM next
Chewy

No. Try not. Do... or do not. There is no try.

#5 atomicluis

atomicluis
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:07 AM

Posted 12 June 2008 - 09:07 PM

DaChew,

I did MBAM scan... after rebooting...the message "Warning! Spyware detected on your computer" and "Malware Protector 2008" are still there..

Here is the log:

Malwarebytes' Anti-Malware 1.17
Database version: 851

9:53:27 PM 6/12/2008
mbam-log-6-12-2008 (21-53-27).txt

Scan type: Quick Scan
Objects scanned: 43177
Time elapsed: 7 minute(s), 20 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 5
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 15
Files Infected: 41

Memory Processes Infected:
C:\Program Files\AXPDefender\AXPDefender.exe (Rogue.AdvancedXPDefender) -> Unloaded process successfully.

Memory Modules Infected:
C:\Program Files\AXPDefender\AXPDefenderSkin.dll (Rogue.AdvancedXPDefender) -> Unloaded module successfully.
C:\Program Files\AXPDefender\MFC71.dll (Rogue.AdvancedXPDefender) -> Unloaded module successfully.
C:\Program Files\AXPDefender\MFC71ENU.DLL (Rogue.AdvancedXPDefender) -> Unloaded module successfully.
C:\Program Files\AXPDefender\msvcp71.dll (Rogue.AdvancedXPDefender) -> Unloaded module successfully.
C:\Program Files\AXPDefender\msvcr71.dll (Rogue.AdvancedXPDefender) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{00009e9f-ddd7-aa59-aa7d-aa4b7d6be000} (Spyware.Passwords) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00009e9f-ddd7-aa59-aa7d-aa4b7d6be000} (Spyware.Passwords) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AXPDefender (Rogue.AdvancedXPDefender) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Advanced XP Defender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stacey Omealia\Application Data\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stacey Omealia\Application Data\AXPDefender\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stacey Omealia\Application Data\AXPDefender\AXPDefender\Quarantine (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stacey Omealia\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stacey Omealia\Application Data\AXPDefender\AXPDefender\Quarantine\BrowserObjects (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stacey Omealia\Application Data\AXPDefender\AXPDefender\Quarantine\Packages (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stacey Omealia\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKCU (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stacey Omealia\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKLM (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stacey Omealia\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\StartMenuAllUsers (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stacey Omealia\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\StartMenuCurrentUser (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stacey Omealia\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKCU\RunOnce (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stacey Omealia\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKLM\RunOnce (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008 (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\mscorews.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\25.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\28.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphc9hwj0ea6a.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\AXPDefender\AXPDefender.exe (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Program Files\AXPDefender\AXPDefender.exe.local (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Program Files\AXPDefender\AXPDefenderSkin.dll (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Program Files\AXPDefender\database.dat (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Program Files\AXPDefender\license.txt (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Program Files\AXPDefender\MFC71.dll (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Program Files\AXPDefender\MFC71ENU.DLL (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Program Files\AXPDefender\msvcp71.dll (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Program Files\AXPDefender\msvcr71.dll (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Program Files\AXPDefender\Uninstall.exe (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Advanced XP Defender\Advanced XP Defender.lnk (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Advanced XP Defender\How to register.lnk (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Advanced XP Defender\License Agreement.lnk (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Advanced XP Defender\Register.lnk (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Advanced XP Defender\Uninstall.lnk (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\How to Register Malware Protector 2008.lnk (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\License Agreement.lnk (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Malware Protector 2008.lnk (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Register Malware Protector 2008.lnk (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Uninstall.lnk (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stacey Omealia\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware Protector 2008.lnk (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stacey Omealia\Application Data\Microsoft\Internet Explorer\Quick Launch\AXPDefender.lnk (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msratnit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comsatac.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cmnocfg.xml (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qviexio3.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008.lnk (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\Malware Protector 2008.lnk (Rogue.MalwareProtector2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Advanced XP Defender.lnk (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\AXPDefender.lnk (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stacey Omealia\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stacey Omealia\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stacey Omealia\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stacey Omealia\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stacey Omealia\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stacey Omealia\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stacey Omealia\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

Thanks.

#6 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:04:07 AM

Posted 12 June 2008 - 10:11 PM

http://www.bleepingcomputer.com/forums/ind...mp;#entry839950

Let's run another quick scan with MBAM, followed immediately by an ATF clean and a complete scan and fix with SAS

As soon as the programs are installed and updated, disconnect from the internet(physically) and run the procedure
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users