Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan-spy.win32.keylogger.aa


  • Please log in to reply
6 replies to this topic

#1 Wzup3

Wzup3

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:43 AM

Posted 06 September 2008 - 04:19 PM

I am having pop ups every so often that say I have on these viruses, mixing it up every time.

Trojan-Clicker.Win32.Tiny.h
Trojan-Downloader.Win32.Agent.bq
Trojan-Spy.Win32.Keylogger.aa
Trojan-Spy.Win32.GreenScreen
Trojan-Spy.HTML.Bankfraud.dq

I followed the advice that was given to user mhill8888 on 19 August 2008 and I am still seeing the popups. I have run and updated MalwareBytes. I have run my system in safe mode and run ATF-Cleaner and SUPERAntiSpyware but I just got another pop-up. Here is my scanner log that I just received after running SUPER:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/06/2008 at 02:48 PM

Application Version : 4.21.1004

Core Rules Database Version : 3558
Trace Rules Database Version: 1546

Scan type : Complete Scan
Total Scan Time : 01:51:23

Memory items scanned : 253
Memory threats detected : 0
Registry items scanned : 5768
Registry threats detected : 4
File items scanned : 29114
File threats detected : 95

Trojan.Dropper/Gen
[ComCfgWin] C:\WINDOWS\SYSTEM32\WJIHUZSB.EXE
C:\WINDOWS\SYSTEM32\WJIHUZSB.EXE
[smartinfo] C:\WINDOWS\SYSTEM32\RCFEBMZI.EXE
C:\WINDOWS\SYSTEM32\RCFEBMZI.EXE
C:\WINDOWS\SYSTEM32\DORIFQTI.EXE

Adware.SpywareStrike
C:\Program Files\SpywareStrike

Adware.WhenU
C:\Program Files\Save
C:\Program Files\Common Files\WhenU

Adware.MovieLand/MediaPipe
C:\Program Files\ItBill
C:\Program Files\MediaPipe

Adware.180solutions/ZangoSearch
C:\Program Files\Zango Programs

Adware.Surf Accuracy
C:\Program Files\SurfAccuracy

Adware.IST/ISTBar (Slotch Bar)
C:\Program Files\ISTsvc

Adware.Ezula
C:\Program Files\Ezula

Trojan.SpySheriff
C:\Program Files\SpySheriff

Adware.WebHancer
C:\Program Files\WEBHANCER
C:\Program Files\whInstall

Spyware.WebSearch (WinTools/Huntbar)
C:\Program Files\Common Files\WinTools

Adware.BookedSpace
C:\WINDOWS\bsx32
C:\WINDOWS\zAbstract

Trojan.MalwareWipe
C:\Program Files\MalwareWipe
C:\Program Files\Malware-Wiped

Trojan.WinAntiSpyware/WinAntiVirus 2006/2007
C:\Program Files\Common Files\WinAntiVirus Pro 2007
C:\Program Files\WinAntiVirus Pro 2007

Trojan.WinFixer 2006
C:\Program Files\WinFixerFree

Adware.SurfSideKick
C:\Program Files\Common Files\VCClient

Adware.Avenue Media/Internet Optimizer
C:\Program Files\Internet Optimizer

Adware.UCMore/The Search Accelerator
C:\Program Files\TheSearchAccelerator

Trojan.NewDotNet
C:\Program Files\NewDotNet

Adware.IST/YourSiteBar
C:\Program Files\YourSiteBar

Trojan.UnSpyPC Spyware Scanner
C:\Program Files\UnSpyPC

Trojan.NetMon/DNSChange
C:\Program Files\Network Monitor

Trojan.Services/Inet
C:\WINDOWS\inet20001

Trojan.PestTrap
C:\Program Files\PestTrap

Trojan.AdwareSheriff
C:\Program Files\AdwareSheriff

Adware.Toolbar888
C:\Program Files\Toolbar888

Trojan.SpyFalcon
C:\Program Files\SpyFalcon

Trojan.Security Toolbar
C:\Program Files\Security Toolbar

Trojan.BraveSentry
C:\Program Files\BraveSentry

Adware.Best Offers Network
C:\Program Files\TBONBin

Malware.SpywareQuake
C:\Program Files\SpywareQuake

Adware.ClickSpring/Yazzle
C:\Program Files\Yazzle Sudoku

Adware.MyWay
C:\Program Files\MyWay

Adware.Elite Media
C:\WINDOWS\etb

Spyware.E2G
C:\Program Files\E2G

Adware.IPWins
C:\Program Files\ipwindows

Adware.BargainBuddy/NaviSearch
C:\Program Files\BullsEye Network

Malware.SpyHeal
C:\Program Files\SpyHealer

Malware.KillAndClean
C:\Program Files\KillAndClean

Trojan.Media-Codec
C:\Program Files\IntCodec
C:\Program Files\Media-Codec
C:\Program Files\iCodecPack
C:\Program Files\strCodec
C:\Program Files\MPVIDEOCODEC
C:\Program Files\VideosCodec
C:\Program Files\SoftCodec
C:\Program Files\X Password Generator
C:\Program Files\VideoKeyCodec
C:\Program Files\QualityCodec
C:\Program Files\iVideoCodec
C:\Program Files\Perfect Codec
C:\Program Files\Super Codec
C:\Program Files\Gold Codec
C:\Program Files\VIDEO ACTIVEX OBJECT
C:\Program Files\Image ActiveX Object
C:\Program Files\VAXCodec
C:\Program Files\Video Access ActiveX Object

Malware.VirusBurst
C:\Program Files\VirusBurster
C:\Program Files\VirusBursters
C:\Program Files\Virus-Bursters

Malware.AntiVermins
C:\Program Files\AntiVermins
C:\Program Files\AntiVermeans

Trojan.DNSChanger-Codec
HKU\S-1-5-21-2401792212-482818428-578701776-1006\Software\uninstall
C:\Program Files\VideoAccessCodec

Trojan.VideoCach/Gen
C:\Program Files\NewMediaCodec

Trojan.Media-Codec/V2
C:\Program Files\Video AX Object

Trojan.Media-Codec/V3
C:\Program Files\Video ActiveX Access

Adware.IST/SideFind
C:\Program Files\SideFind

Trojan.Downloader-Gen/WinPop
C:\Program Files\WinPop

Desktop Hijacker.AboutYourPrivacy
C:\WINDOWS\privacy_danger

Adware.WsnPoem
C:\WINDOWS\system32\wsnpoem

Adware.AdSponsor/ISM
C:\Program Files\QDRMODULE
C:\Program Files\QDRPACK
C:\Program Files\QDRDRIVE
C:\Program Files\ISM

Malware.SpyShredder
C:\Program Files\SpyShredder

Trojan.Media-Codec/V4
C:\Program Files\Online Video Add-on
C:\Program Files\Video Add-on

Rogue.WindowsSecurityAdviser
C:\Program Files\Microsoft Security Adviser

Adware.E404 Helper
C:\Program Files\SOTFONE

Rogue.VirusHeat
C:\Program Files\VirusHeat 3.9

Adware.WinTouch/XInside
C:\Program Files\InetGet2
C:\Program Files\Router

Trojan.Media-Codec/V5
C:\Program Files\NetProject

Trojan.Unclassified/NVCOI
C:\Program Files\Temporary

Rogue.Installer/Trace
C:\Program Files\180search assistant
C:\Program Files\180searchassistant
C:\Program Files\180solutions

Rogue.PC-Cleaner
HKU\S-1-5-21-2401792212-482818428-578701776-1006\Software\mwc


What next? Help?

BC AdBot (Login to Remove)

 


#2 Wzup3

Wzup3
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:43 AM

Posted 06 September 2008 - 05:57 PM

I ran Malware again and here are the results:

Malwarebytes' Anti-Malware 1.26
Database version: 1120
Windows 5.1.2600 Service Pack 2

9/6/2008 4:55:53 PM
mbam-log-2008-09-06 (16-55-53).txt

Scan type: Full Scan (C:\|)
Objects scanned: 201178
Time elapsed: 49 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:43 AM

Posted 06 September 2008 - 07:37 PM

Wow you might have had all of them. :thumbsup:

With that much stuff I would check for program updates and rescan again with MBAM and SAS and post the logs.
You could even run SDFix first...post it's log also.


Please print out and follow these instructions: "How to use SDFix". <- This program is for Windows 2000/XP ONLY.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.
  • When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.
  • If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.
  • Please copy and paste the contents of Report.txt in your next reply.
  • Be sure to renable you anti-virus and and other security programs before connecting to the Internet.
-- If the computer has been infected with the VirusAlert! malware warning from the clock and the Start Menu icons or drives are not visible, open the SDFix folder, right-click on either the XP_VirusAlert_Repair.inf or W2K VirusAlert_Repair.inf (depending on your version of Windows) and select Install from the Context menu. Then reboot to apply the changes.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 Wzup3

Wzup3
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:43 AM

Posted 06 September 2008 - 10:37 PM

I ran SDFix and here is the log:
SDFix: Version 1.221
Run by on Sat 09/06/2008 at 09:10 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found

#5 Wzup3

Wzup3
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:43 AM

Posted 07 September 2008 - 12:43 AM

I just finished running SUPER again with the following log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/06/2008 at 11:36 PM

Application Version : 4.21.1004

Core Rules Database Version : 3558
Trace Rules Database Version: 1546

Scan type : Complete Scan
Total Scan Time : 01:52:01

Memory items scanned : 245
Memory threats detected : 0
Registry items scanned : 5766
Registry threats detected : 2
File items scanned : 29225
File threats detected : 4

Trojan.Dropper/Gen
[actmsg] C:\WINDOWS\SYSTEM32\PIHSDWRQ.EXE
C:\WINDOWS\SYSTEM32\PIHSDWRQ.EXE
[SetAdm] C:\WINDOWS\SYSTEM32\EJAVITKP.EXE
C:\WINDOWS\SYSTEM32\EJAVITKP.EXE
C:\WINDOWS\SYSTEM32\BAJSRGBE.EXE
C:\WINDOWS\SYSTEM32\XURMFYTI.EXE

#6 Wzup3

Wzup3
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:43 AM

Posted 07 September 2008 - 09:25 AM

This is the latest Malware log:

Malwarebytes' Anti-Malware 1.26
Database version: 1122
Windows 5.1.2600 Service Pack 2

9/7/2008 8:24:08 AM
mbam-log-2008-09-07 (08-24-08).txt

Scan type: Full Scan (C:\|)
Objects scanned: 201008
Time elapsed: 44 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:43 AM

Posted 08 September 2008 - 10:49 PM

How is the PC runing now?

I meant to advise you earlier that some of these malwares are Infostealers, Eg the keylogger
There is a very good explantion of it here Trojan-Keylogger.

This information is saying that any Passwords ,account numbers,credit card numbers that were typed on this PC were stolen and should be changed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users