Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Im Infected!


  • Please log in to reply
3 replies to this topic

#1 youngmomma

youngmomma

  • Members
  • 169 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 12 July 2008 - 09:08 PM

this is a new computer and its kinda old but i have some viruses and trojans i cannot get rid of for some reasons. they were not on here yesterday and now all of a sudden they are? I have done smitfraudfix atf cleaner malware bites and they get rid of some stuff but not all i am having popups and that icon for internet security suite keeps coming back even after i delete it? and i have also ran those programs in safe mode please help i am about to go crazy. by the way i am running windows xp professional thanks ahead of time for any help it is very aprecciated jess

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:32 PM

Posted 12 July 2008 - 10:37 PM

hello, have u tried superantispy if not dowload and update and run complete scan in safe mode.



http://www.superantispyware.com/

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 youngmomma

youngmomma
  • Topic Starter

  • Members
  • 169 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 12 July 2008 - 10:57 PM

i have done this and this is the log from the scan but i am still having some issues? any other suggestions? thanks for your help and any more help you can give me jess :thumbsup:


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/12/2008 at 10:30 PM

Application Version : 4.15.1000

Core Rules Database Version : 3503
Trace Rules Database Version: 1494

Scan type : Complete Scan
Total Scan Time : 00:37:34

Memory items scanned : 148
Memory threats detected : 1
Registry items scanned : 3200
Registry threats detected : 118
File items scanned : 7136
File threats detected : 86

Trojan.Vundo-Variant/Small-GEN
C:\WINDOWS\SYSTEM32\JKKLBURI.DLL
C:\WINDOWS\SYSTEM32\JKKLBURI.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82336A8D-6CD0-4647-B791-75FCA8CF2B39}
HKCR\CLSID\{82336A8D-6CD0-4647-B791-75FCA8CF2B39}
HKCR\CLSID\{82336A8D-6CD0-4647-B791-75FCA8CF2B39}\InprocServer32
HKCR\CLSID\{82336A8D-6CD0-4647-B791-75FCA8CF2B39}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C054D29D-553A-44BE-8F09-8751D0CACC03}
HKCR\CLSID\{C054D29D-553A-44BE-8F09-8751D0CACC03}
HKCR\CLSID\{C054D29D-553A-44BE-8F09-8751D0CACC03}\InprocServer32
HKCR\CLSID\{C054D29D-553A-44BE-8F09-8751D0CACC03}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\SSQNEVUV.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{82336A8D-6CD0-4647-B791-75FCA8CF2B39}
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\jkkLBuRI
C:\WINDOWS\SYSTEM32\AWTTROHW.DLL
C:\WINDOWS\SYSTEM32\CBXQGGGA.DLL
C:\WINDOWS\SYSTEM32\FCCABQGY.DLL
C:\WINDOWS\SYSTEM32\HGGVUVON.DLL

Trojan.Unclassified/BrowserDriver
[{D7-72-2F-F2-DW}] C:\WINDOWS\SYSTEM32\RRWNW64K.EXE
C:\WINDOWS\SYSTEM32\RRWNW64K.EXE
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\START MENU\PROGRAMS\STARTUP\DW_START.LNK
C:\WINDOWS\SYSTEM32\RWWNW64D.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{99735FCB-A381-43EE-89E4-D608507DFCB7}\RP19\A0009463.LNK
C:\WINDOWS\SYSTEM32\IMP32\KEYSRVE.EXE
C:\WINDOWS\Prefetch\KEYSRVE.EXE-1EB3DDA5.pf

Trojan.Downloader-Gen/MROFIN
[runner1] C:\WINDOWS\MROFINU1000106.EXE
C:\WINDOWS\MROFINU1000106.EXE
C:\WINDOWS\MROFINU572.EXE

Adware.SpeedRunner
[SpeedRunner] C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\SPEEDRUNNER\SPEEDRUNNER.EXE
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\SPEEDRUNNER\SPEEDRUNNER.EXE
C:\Documents and Settings\Administrator\Application Data\SpeedRunner\config.cfg
C:\Documents and Settings\Administrator\Application Data\SpeedRunner\SRUninstall.exe
C:\Documents and Settings\Administrator\Application Data\SpeedRunner
HKU\S-1-5-21-1606980848-1563985344-842925246-500\Software\SpeedRunner
HKU\S-1-5-21-1606980848-1563985344-842925246-500\Software\Microsoft\Windows\CurrentVersion\Run#SpeedRunner [ C:\Documents and Settings\Administrator\Application Data\SpeedRunner\SpeedRunner.exe ]
HKU\S-1-5-21-1606980848-1563985344-842925246-500\Software\Microsoft\Windows\CurrentVersion\Run#SfKg6wIP [ C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\cvfpecy.exe ]

Trojan.Dropper/Gen-Packed
[SfKg6wIP] C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MICROSOFT\WINDOWS\CVFPECY.EXE
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MICROSOFT\WINDOWS\CVFPECY.EXE
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\NN4FO8QE\SRUNINSTALLER.PROD.V12000.11JAN2008.EXE[1]

Adware.ClickSpring
HKLM\Software\Classes\CLSID\{8D14B066-73A8-712A-FF3F-0CA294EA4FCA}
HKCR\CLSID\{8D14B066-73A8-712A-FF3F-0CA294EA4FCA}
HKCR\CLSID\{8D14B066-73A8-712A-FF3F-0CA294EA4FCA}\InprocServer32
HKCR\CLSID\{8D14B066-73A8-712A-FF3F-0CA294EA4FCA}\InprocServer32#ThreadingModel
HKCR\CLSID\{8D14B066-73A8-712A-FF3F-0CA294EA4FCA}\Programmable
HKCR\CLSID\{8D14B066-73A8-712A-FF3F-0CA294EA4FCA}\TypeLib
C:\WINDOWS\SYSTEM32\DRVVJ.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D14B066-73A8-712A-FF3F-0CA294EA4FCA}
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\!UPDATE.EXE
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\NDR6.TMP
C:\SYSTEM VOLUME INFORMATION\_RESTORE{99735FCB-A381-43EE-89E4-D608507DFCB7}\RP19\A0008470.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{99735FCB-A381-43EE-89E4-D608507DFCB7}\RP19\A0008471.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{99735FCB-A381-43EE-89E4-D608507DFCB7}\RP19\A0009459.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{99735FCB-A381-43EE-89E4-D608507DFCB7}\RP20\A0009470.EXE
C:\WINDOWS\SYSTEM32\?DOBE\N?TDDE.EXE

Adware.AdRotate/System
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{722cea29-c5c3-5bdd-7bd1-c39b706773e4}
HKCR\CLSID\{722CEA29-C5C3-5BDD-7BD1-C39B706773E4}
HKCR\CLSID\{722CEA29-C5C3-5BDD-7BD1-C39B706773E4}
HKCR\CLSID\{722CEA29-C5C3-5BDD-7BD1-C39B706773E4}\InProcServer32
HKCR\CLSID\{722CEA29-C5C3-5BDD-7BD1-C39B706773E4}\InProcServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\ABNHHZKHIAH.DLL

Browser Hijacker.Internet Explorer Zone Hijack
HKU\S-1-5-21-1606980848-1563985344-842925246-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amaena.com
HKU\S-1-5-21-1606980848-1563985344-842925246-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amaena.com#*
HKU\S-1-5-21-1606980848-1563985344-842925246-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\imagesrvr.com
HKU\S-1-5-21-1606980848-1563985344-842925246-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\imagesrvr.com#*

Unclassified.Unknown Origin
HKLM\System\ControlSet001\Services\cmdService
C:\WINDOWS\DXNLCG\COMMAND.EXE
HKLM\System\ControlSet001\Enum\Root\LEGACY_cmdService
HKLM\System\ControlSet002\Services\cmdService
HKLM\System\ControlSet002\Enum\Root\LEGACY_cmdService
HKLM\System\CurrentControlSet\Services\cmdService
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_cmdService
C:\WINDOWS\Prefetch\COMMAND.EXE-15CB7B88.pf

Rootkit.TNCore-Variant/A
HKLM\System\ControlSet001\Services\raspptpp
C:\WINDOWS\SYSTEM32\DRIVERS\RASPPTPP.SYS
HKLM\System\ControlSet001\Enum\Root\LEGACY_raspptpp
HKLM\System\ControlSet002\Services\raspptpp
HKLM\System\ControlSet002\Enum\Root\LEGACY_raspptpp
HKLM\System\CurrentControlSet\Services\raspptpp
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_raspptpp

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@pcprivacycleaner[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.think-adz[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@288_[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ex=5_[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@rotator.its.adjuggler[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.outerinfoads[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@gomyhit[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@wmvmedialease[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@288_[2].txt

Trojan.NetMon/DNSChange
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#Type
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#Start
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor#ObjectName
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Security
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#DeviceDesc
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#Contact
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#NoRemove
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#NoRepair
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#UninstallString
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Network Monitor
C:\WINDOWS\Prefetch\NETMON.EXE-09C9CC43.pf

Trojan.cmdService
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#Type
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#Start
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#ObjectName
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Security
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#NextInstance
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#Contact
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#NoRemove
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#NoRepair
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#UninstallString
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#DeviceDesc

Trojan.ZenoSearch
C:\WINDOWS\system32\msnav32.ax

Adware.Adservs
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\DXNLCG\ASAPPSRV.DLL
C:\WINDOWS\SYSTEM32\OBDE\IDEXPND.EXE
C:\WINDOWS\Prefetch\IDEXPND.EXE-160CA3FA.pf

Trojan.Unknown Origin
HKLM\Software\xpre
HKLM\Software\xpre#execount
C:\WINDOWS\DXNLCG\XRH5W0.VBS
C:\WINDOWS\UNINSTALL_NMON.VBS

Adware.ClickSpring/Outer Info Network
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#HelpLink
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#InstallLocation
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoRepair
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayIcon
C:\Program Files\Outerinfo\FF\chrome.manifest
C:\Program Files\Outerinfo\FF\components\FF.dll
C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\Outerinfo\FF\components
C:\Program Files\Outerinfo\FF\install.rdf
C:\Program Files\Outerinfo\FF
C:\Program Files\Outerinfo

Trojan.Downloader-Gen/RetAd
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#runner1 [ C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 ]

RootKit.TnCore/Trace
C:\WINDOWS\system32\drivers\core.cache.dsk

Adware.WinTouch/XInside
C:\Program Files\InetGet2\Installeur.exe
C:\Program Files\InetGet2

Trojan.Unclassified/NVCOI
C:\Program Files\Temporary\inPV.exe
C:\Program Files\Temporary\WnInt.exe
C:\Program Files\Temporary

Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\FCOVM
HKLM\SOFTWARE\Microsoft\RemoveRP

Trojan.Downloader-CommandDesktop
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\CMDINST.EXE

Trojan.Downloader-Gen/SnapSNet
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\SNAPSNET.EXE

Rogue.PCPrivacyCleaner
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\LYH3SK3S\PCPC_SETUP_FREE[1].EXE

Adware.ClickSpring/Yazzle
C:\PROGRAM FILES\COMMON FILES\YAZZLE1281OINADMIN.EXE
C:\PROGRAM FILES\COMMON FILES\YAZZLE1281OINUNINSTALLER.EXE

Trojan.Downloader-Gen/Bundle Installer
C:\WINDOWS\B116.EXE
C:\WINDOWS\B152.EXE
C:\WINDOWS\B155.EXE
C:\WINDOWS\B156.EXE
C:\WINDOWS\B157.EXE

Trojan.Vundo-Variant/Small
C:\WINDOWS\SYSTEM32\BYXQJYRQ.DLL

Trojan.Downloader-Gen/Suspicious
C:\WINDOWS\SYSTEM32\PROVDLL\GLOBSETUP.EXE
C:\WINDOWS\Prefetch\GLOBSETUP.EXE-24F66159.pf

Rootkit.TNCore-Installer
C:\WINDOWS\SYSTEM32\SFIG\MCIREV2.EXE

Adware.Unknown Origin
C:\WINDOWS\SYSTEM32\ZXDNT3D.CFG

Trace.Known Threat Sources
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\R0O0P19C\26453da423d82a5fc6fae941d05f1151[1].zip
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\NN4FO8QE\retadpu[3].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\DE9J83DB\ack[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\DE9J83DB\b433b5a80d2cb00f8f1c54387f9aa332[1].zip

Edited by youngmomma, 12 July 2008 - 10:59 PM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,945 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:32 PM

Posted 13 July 2008 - 11:48 AM

One or more of the identified infections was related to a rootkit component. Rootkits are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Although the rootkit was identified and removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because the rootkit has been removed the computer is now secure. Further, in some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

"When should I re-format? How should I reinstall?"
"Help: I Got Hacked. Now What Do I Do?"
"Where to draw the line? When to recommend a format and reinstall?"

Should you decide not to follow that advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. If you wish to proceed, please do the following.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Instructions with screenshots if needed.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users