Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malicious Spyware Infecting My Cpu


  • Please log in to reply
20 replies to this topic

#1 skryber64

skryber64

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bleepin' Hoosier
  • Local time:10:28 AM

Posted 30 June 2008 - 09:10 AM

Hello,
My fiancee's teenager and his friend apparently went to some unfriendly websites and now my computer is infected with viruses. I used AVG Antispyware in attempt to get rid of them and didn't fix all of them. I do not have an updated version of this program and whatever virus I have is keeping me from updating it and also from getting on this website. So all of my posts are happening from work. I have a version of ComboFix and HiJackThis on my computer already. I think I DL'ed it Feb or March this year. I'm not sure if there's a newer version. I would appreciate some assistance with getting rid of these viruses. Maybe someone can tell me what progams to DL so I can put them on a disk here at work and take them home to Run. Thanks in advance!! :thumbsup:

Skryber64

Edited by Orange Blossom, 30 June 2008 - 04:46 PM.
Move to more appropriate forum. ~ OB


BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:28 AM

Posted 30 June 2008 - 05:36 PM

Run a full system scan with Malwarebytes' Anti-Malware in Normal Mode.

Then run a full system scan with SuperAntiSpyware in Safe Mode.

How to start Windows in Safe Mode
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 skryber64

skryber64
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bleepin' Hoosier
  • Local time:10:28 AM

Posted 01 July 2008 - 07:41 AM

OK. Thank you very much. I'll DL here at work and take it home and post tomorrow morning. Would you like to see any logs if my problems aren't fixed? Thanks soooooo much!! :thumbsup:
Skryber64

#4 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:28 AM

Posted 01 July 2008 - 09:16 AM

http://www.bleepingcomputer.com/forums/ind...st&p=845007

and post 12
Chewy

No. Try not. Do... or do not. There is no try.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:28 AM

Posted 01 July 2008 - 11:20 AM

I have a version of ComboFix and HiJackThis on my computer already...

Please note the message text in blue at the top of this forum.

You should not be using Combofix unless instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer.

The same thing can happen when using HijackThis without supervision unless you have training in its use and malware removal.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 skryber64

skryber64
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bleepin' Hoosier
  • Local time:10:28 AM

Posted 01 July 2008 - 11:29 AM

Thanks for the advise Quietman. I have used the programs before under supervision of an expert maybe a few months ago. I don't touch it unless instructed to do so, I just wanted to mention that they haven't been deleted. :thumbsup:
Skryber64

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:28 AM

Posted 01 July 2008 - 11:30 AM

Ok. Don't forget to post your SAS and MBAM logs after performing the scans.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 skryber64

skryber64
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bleepin' Hoosier
  • Local time:10:28 AM

Posted 01 July 2008 - 11:33 AM

OK...Thanks!
I might not be able to get on this website at home, but i can access my email. I'll copy to there and post it in the morning from work.
Skryber64

#9 skryber64

skryber64
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bleepin' Hoosier
  • Local time:10:28 AM

Posted 01 July 2008 - 10:04 PM

Okay, coupla' weird things happened and may be unrelated. I was unable to install MBAM from the attachment I sent to myself, it was not coming up at all. I was able to install SAS and ran it in Safe Mode. I didn't know if a log had been created or where it was so after I restarted in Normal mode, I opened SAS to see if I missed a selection or if there was a log there. (1st time using this App). At that moment I got BSD which hadn't happened yet with my virus problems. Then I restarted and it won't boot saying there was an error with the keyboard. I restarted again and same error with the keyboard. I found an adapter from USB to normal keyboard port and used it instead of the USB and it restarted fine. Coincidence? Not sure. Tried to open SAS again in Normal Mode again to find my log and got BSD once again. This time I restarted and it booted up fine, no keyboard error. I apologize if it was bad to open SAS in Normal Mode but I didn't know where the log was. That was the last time I did that. Anyways, I was unable to get to this website or even MBAM website to DL the App from there instead of from the attachment I sent to myself. While at work I found the App, Stopzilla, and DL'ed today (just for the hell of it) along with the others and decided to try it out (now I'm desperate). I found out it was not free but will block new infections. It found infections but I had to register 1st and pay for it before it fixed them. So then, in my last attempt to solve some of the issues, I did a System Restore back to Friday and restarted. Although the prompt said my restore was unsuccessful when it had restarted, my desktop background changed back to normal, (it had a Spyware/Malware Warning before) and StopZilla was running blocking infections like crazy. Whether it was the restore or StopZilla that did this I have no idea. So I attempted to get on this website once again and EUREKA! Again, I apologize for not following directions precisely but I felt my hands we're tied...especially since I can only contact you from work. At least now I can do this at home. So I'm also able to DL MBAM now and produced a log -=whew=-
I will restart in Safe Mode and run SAS next and post shortly.
Thank you Bleeping Computer Techs! You guys are great!
MBAM log follows:







Malwarebytes' Anti-Malware 1.19
Database version: 913
Windows 5.1.2600 Service Pack 2

8:43:38 PM 7/1/2008
mbam-log-7-1-2008 (20-43-38).txt

Scan type: Full Scan (C:\|)
Objects scanned: 82496
Time elapsed: 1 hour(s), 8 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 17
Registry Values Infected: 6
Registry Data Items Infected: 2
Folders Infected: 10
Files Infected: 67

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\uqomazdp.dll (Adware.ClickSpring) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{d63aec49-7e87-0f26-aa49-79a297e842b1} (Adware.ClickSpring) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d63aec49-7e87-0f26-aa49-79a297e842b1} (Adware.ClickSpring) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9506910a-0f94-4ea1-b567-7070428b8b2b} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9f593aac-ca4c-4a41-a7ff-a00812192d61} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{749ec66f-a838-4b38-b8e5-e65d905fff74} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\icheck (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\spywarescanner (Rogue.Antispyware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\SpywareScanner2008 (Rogue.Antispyware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spywarescanner 2008_is1 (Rogue.Antispyware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\GetModule (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iCheck (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MySidesearch (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\spinstall (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IEUpdate (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IEUpdate (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\IEUpdate (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\IEUpdate (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\IEUpdate (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (C:\WINDOWS\system32\spywarewarning.mht) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uoyzsydz.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\netrax06 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1049a (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\axc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bgi (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eb10 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\iCheck (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\SpywareScanner (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:\Program Files\SpywareScanner\dll (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\uqomazdp.dll (Adware.ClickSpring) -> Delete on reboot.
C:\WINDOWS\system32\mysidesearch_sidebar.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\uhhh\Local Settings\Temp\s3ls (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\uhhh\Local Settings\Temp\snpp.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Program Files\iCheck\iCheck.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\iCheck\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\SpywareScanner\spywarescanner.exe (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-1482476501-1757981266-725345543-1003\Dc9.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1D20446-19EC-4B98-86B4-300E9DB32CF0}\RP254\A0047704.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1D20446-19EC-4B98-86B4-300E9DB32CF0}\RP254\A0047705.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1D20446-19EC-4B98-86B4-300E9DB32CF0}\RP254\A0047706.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1D20446-19EC-4B98-86B4-300E9DB32CF0}\RP254\A0047707.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1D20446-19EC-4B98-86B4-300E9DB32CF0}\RP254\A0047708.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1D20446-19EC-4B98-86B4-300E9DB32CF0}\RP254\A0047710.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1D20446-19EC-4B98-86B4-300E9DB32CF0}\RP254\A0047762.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1D20446-19EC-4B98-86B4-300E9DB32CF0}\RP254\A0047763.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1D20446-19EC-4B98-86B4-300E9DB32CF0}\RP254\A0047764.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\444.470 (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eb10\zvuxderr.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netrax06\netrax061083.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Program Files\GetModule\dicik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule\GetModule19.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule\kwdik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule\pckik.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\SpywareScanner\alarm.wav (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:\Program Files\SpywareScanner\click.wav (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:\Program Files\SpywareScanner\config.cfg (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:\Program Files\SpywareScanner\dbinfo (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:\Program Files\SpywareScanner\spywarescanner.url (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:\Program Files\SpywareScanner\success.wav (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:\Program Files\SpywareScanner\unins000.dat (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:\Program Files\SpywareScanner\unins000.exe (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:\Program Files\SpywareScanner\dll\def2.base (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:\Program Files\SpywareScanner\dll\defbase0.db (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:\Program Files\SpywareScanner\dll\defbase1.db (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:\Program Files\SpywareScanner\dll\defbase2.db (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:\Program Files\SpywareScanner\dll\defbase3.db (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:\Program Files\SpywareScanner\dll\defbase4.db (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:\Program Files\SpywareScanner\dll\defbase5.db (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:\Program Files\SpywareScanner\dll\defbase6.db (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:\Program Files\SpywareScanner\dll\defbase7.db (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:\Program Files\SpywareScanner\dll\defbase8.db (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:\Program Files\SpywareScanner\dll\immunization.pl (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:\Program Files\SpywareScanner\dll\license (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:\Program Files\SpywareScanner\dll\sig2.base (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:\Program Files\SpywareScanner\dll\sigrules.rul (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:\Program Files\SpywareScanner\dll\update.scr (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\algk.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\xxxvideo.hta (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\default.htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\loader.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gside.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\astctl32.ocx (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\{1cedd4bd-0a01-5702-25bd-111435af70b4}.dll-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\000050.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\000060.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\000080.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\rundll32.vbe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clbinit.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spywarewarning.mht (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\spywarewarning2.mht (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\uhhh\Application Data\Microsoft\Internet Explorer\Quick Launch\spywarescanner.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.

#10 skryber64

skryber64
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bleepin' Hoosier
  • Local time:10:28 AM

Posted 01 July 2008 - 10:56 PM

Here is the SAS log:

TY!!! :thumbsup: It's workin better already!!




SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/01/2008 at 10:41 PM

Application Version : 4.15.1000

Core Rules Database Version : 3469
Trace Rules Database Version: 1460

Scan type : Complete Scan
Total Scan Time : 00:31:56

Memory items scanned : 153
Memory threats detected : 0
Registry items scanned : 4101
Registry threats detected : 4
File items scanned : 14805
File threats detected : 6

Browser Hijacker.Internet Explorer Settings Hijack
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main#Start Page [ C:\WINDOWS\system32\spywarewarning.mht ]
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main#Start Page [ C:\WINDOWS\system32\spywarewarning.mht ]
HKU\S-1-5-20_Classes\Software\Microsoft\Internet Explorer\Main#Start Page [ C:\WINDOWS\system32\spywarewarning.mht ]
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main#Start Page [ C:\WINDOWS\system32\spywarewarning.mht ]

Adware.Tracking Cookie
C:\Documents and Settings\uhhh\Cookies\uhhh@ad.outerinfoads[2].txt
C:\Documents and Settings\uhhh\Cookies\uhhh@www.stopzilla[1].txt

Trojan.Downloader-Gen/Suspicious
C:\DOCUMENTS AND SETTINGS\UHHH\LOCAL SETTINGS\TEMP\3BTI.EXE

Rogue.Multi-Dropper/Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E1D20446-19EC-4B98-86B4-300E9DB32CF0}\RP254\A0047761.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E1D20446-19EC-4B98-86B4-300E9DB32CF0}\RP254\A0047770.EXE

Adware.ClickSpring/Outerinfo
C:\SYSTEM VOLUME INFORMATION\_RESTORE{E1D20446-19EC-4B98-86B4-300E9DB32CF0}\RP255\A0048804.EXE

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:28 AM

Posted 02 July 2008 - 07:25 AM

You sure had a lot of nasties on your system.

Did you reboot the computer after using MBAM? If it encounters a file that is difficult to remove, you need to restart the computer so the malware can be fully removed. Failure to do so will prevent MBAM from removing all the malware. Your log indicates some files will be deleted on reboot. If you have not rebooted, make sure you do this. When done, rescan again with MBAM, click the Logs tab and copy/paste the contents of the new report in your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 skryber64

skryber64
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bleepin' Hoosier
  • Local time:10:28 AM

Posted 02 July 2008 - 07:37 AM

I will do this as soon as I get home today. Thanks for all your help. If you can believe it, there were actually a lot more nasties that were removed a few days ago with AVG AntiSpyware. I'm trying to find out what website my step-son got them from because he swears up and down he went to the usual YouTube and MySpace. I will try to google some of them and find out more.
:thumbsup:
Skryber64

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:28 AM

Posted 02 July 2008 - 07:44 AM

Using YouTube can be hazardous to your computer.
'Storm Worm' Exploits Youtube
Malware goes to the movies
YouTube Targeted By Malware Writers
Malicious videos open dangerous attack vector (to YouTube and MySpace users)
youtube malware

Using MySpace can be hazardous to your computer.
Phishers Drop MySpace Bait
Maximus root kit downloads via MySpace social engineering trick
Hackers Exploiting Facebook, MySpace Plug-ins
MySpace malware poses as Windows update
MySpace Hacks Predate Recent Hijack of Alicia Keys Site
MySpace Attacked by Flash Worm
Ad-based Trojan hits MySpace, Bebo and others
Dangerous Malware Detected through Flash Advertisements
Banner Ad Trojan Served on MySpace
QuickTime exploit steals MySpace passwords
QuickSpace: MySpace Tracker Launch by QuickTime
New MySpace Nasty
MySpace Pushing Ads for malware: WinAntiVirus, Drive Cleaner
New MySpace Phish using CSS
Myspace Users Hit By Hacker Virus
Myspace Ad Served Spyware To A Million Computers
Phishing Attack Targets Myspace Users
Myspace Xss Quicktime Worm
Myspace Phishing Alert
Malicious videos open dangerous attack vector (to YouTube and MySpace users)
Zango Adware Found On MySpace
Bogus YouTube clip on Myspace installs Zango Cash
[color="blue"]180solutions Jumps In Bed With Myspace
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 skryber64

skryber64
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bleepin' Hoosier
  • Local time:10:28 AM

Posted 02 July 2008 - 07:45 AM

WOW..thanks for the info!

#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:28 AM

Posted 02 July 2008 - 07:56 AM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users