Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Outerinfo virus


  • Please log in to reply
7 replies to this topic

#1 crackindustries

crackindustries

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 17 October 2008 - 01:39 PM

Hello,

I had antivuris 2008 virus and got it removed, but I keep getting more and more virus's. I installed AVG and it found most until the Outerinfo virus came. I tried to get rid of it but it still won't let me. I did download other antivirus programs and it blocks alot of trojans but can't seem to get rid of any. A blue screen pops up and says that windows needs to shut down, and something about if I have seen this before I need to reboot, and then the system turns off. I have windows XP home edition.

Any help would be wonderful, was thinking of reformating computer but don't want to loose everything - programs ya know.

Thanks alot

c.r.a.c.k.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:51 PM

Posted 17 October 2008 - 02:39 PM

Hello and welcome.. I hope that Crackindustries doesn't refer to the codes as you will be living in a worl of infection.. Anyway please run this first.
Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 crackindustries

crackindustries
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 18 October 2008 - 01:36 PM

Here is the hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:33:26, on 10/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal



{Edited out HJT log as it was not requested and are not to be posted in this forum ~~boopme}

Edited by boopme, 18 October 2008 - 09:17 PM.


#4 crackindustries

crackindustries
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 18 October 2008 - 01:43 PM

Nah, crack industries is a title - C.raving R.edemption A.nd C.onscience K.nowledge

#5 crackindustries

crackindustries
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 18 October 2008 - 02:30 PM

Avira log



Avira AntiVir Personal
Report file date: Saturday, October 18, 2008 14:53

Scanning for 1692263 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Save mode
Username: Owner
Computer name: YOUR-32CCC896B9

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 8/12/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 6/26/2008 14:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 13:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 18:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 13:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 16:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 6/24/2008 19:54:15
ANTIVIR2.VDF : 7.0.7.12 4066816 Bytes 10/8/2008 16:36:23
ANTIVIR3.VDF : 7.0.7.58 315904 Bytes 10/17/2008 18:50:07
Engineversion : 8.2.0.5
AEVDF.DLL : 8.1.0.6 102772 Bytes 10/18/2008 18:50:27
AESCRIPT.DLL : 8.1.1.9 319867 Bytes 10/18/2008 18:50:25
AESCN.DLL : 8.1.1.3 123252 Bytes 10/18/2008 18:50:23
AERDL.DLL : 8.1.1.2 438644 Bytes 10/1/2008 20:58:18
AEPACK.DLL : 8.1.2.4 369014 Bytes 10/18/2008 18:50:22
AEOFFICE.DLL : 8.1.0.28 196987 Bytes 10/18/2008 18:50:18
AEHEUR.DLL : 8.1.0.59 1438071 Bytes 10/1/2008 20:58:12
AEHELP.DLL : 8.1.1.2 115062 Bytes 10/18/2008 18:50:17
AEGEN.DLL : 8.1.0.41 319861 Bytes 10/18/2008 18:50:15
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/18/2008 18:50:12
AECORE.DLL : 8.1.2.6 172406 Bytes 10/18/2008 18:50:10
AEBB.DLL : 8.1.0.3 53618 Bytes 10/18/2008 18:50:08
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 14:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 15:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 10/1/2008 20:57:58
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 17:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 14:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 18:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 23:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 18:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 18:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 19:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 19:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Saturday, October 18, 2008 14:53

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'SpySweeper.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
14 processes with 14 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
C:\WINDOWS\system32\reset5e.dll
[DETECTION] Is the TR/Spy.Wsnpoem.KD Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The driver could not be initialized.
[NOTE] The file is scheduled for deleting after reboot.
C:\WINDOWS\system32\jxcwmyotlgxxp.dll
[DETECTION] Is the TR/Click.Agent.dxt Trojan
[NOTE] The file was moved to '495d312e.qua'!

The registry was scanned ( '91' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP58.tmp\ppclean.exe.569.2.ppu
[0] Archive type: CAB SFX (self extracting)
--> manifest.txt
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\Owner.YOUR-32CCC896B9\Local Settings\temp\5.df1lb
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '495e316c.qua'!
C:\Documents and Settings\Owner.YOUR-32CCC896B9\Local Settings\temp\6.df1lb
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '495e316f.qua'!
C:\Documents and Settings\Owner.YOUR-32CCC896B9\Local Settings\temp\Binaries1.cab2
[0] Archive type: CAB (Microsoft)
--> XP_AntiSpyware.exe
[DETECTION] Is the TR/Fakealert.QE Trojan
[NOTE] The file was moved to '496831d8.qua'!
C:\Documents and Settings\Owner.YOUR-32CCC896B9\Local Settings\temp\Binaries1.cab3
[0] Archive type: CAB (Microsoft)
--> XP_AntiSpyware.exe
[DETECTION] Is the TR/Fakealert.QE Trojan
[NOTE] The file was moved to '496831ec.qua'!
C:\Documents and Settings\Owner.YOUR-32CCC896B9\Local Settings\temp\Binaries2.cab3
[0] Archive type: CAB (Microsoft)
--> Microsoft.VC80.CRT\msvcm80.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\Owner.YOUR-32CCC896B9\Local Settings\temp\Binaries2.cab4
[0] Archive type: CAB (Microsoft)
--> AVEngn.dll
[DETECTION] Is the TR/Fakealert.QF Trojan
--> wscui.cpl
[DETECTION] Is the TR/FakeAV.bak.2 Trojan
[NOTE] The file was moved to '49683206.qua'!
C:\Documents and Settings\Owner.YOUR-32CCC896B9\Local Settings\Temporary Internet Files\Content.IE5\7PUDY8EM\Binaries1[1].cab
[0] Archive type: CAB (Microsoft)
--> XP_AntiSpyware.exe
[DETECTION] Is the TR/Fakealert.QE Trojan
[NOTE] The file was moved to '49683208.qua'!
C:\Documents and Settings\Owner.YOUR-32CCC896B9\Local Settings\Temporary Internet Files\Content.IE5\BWW08YTP\Binaries2[1].cab
[0] Archive type: CAB (Microsoft)
--> AVEngn.dll
[DETECTION] Is the TR/Fakealert.QF Trojan
--> wscui.cpl
[DETECTION] Is the TR/FakeAV.bak.2 Trojan
[NOTE] The file was moved to '49683209.qua'!
C:\Documents and Settings\Owner.YOUR-32CCC896B9\Local Settings\Temporary Internet Files\Content.IE5\HPQN8AO2\Install[1].exe
[DETECTION] Is the TR/Fakealert.QE Trojan
[NOTE] The file was moved to '496d320f.qua'!
C:\WINDOWS\system32\reset5e.dll
[DETECTION] Is the TR/Spy.Wsnpoem.KD Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[WARNING] Error in ARK lib
[NOTE] The file is scheduled for deleting after reboot.
C:\WINDOWS\system32\wini10251.exe
[DETECTION] Is the TR/Fakealert.QE Trojan
[NOTE] The file was moved to '496836e9.qua'!
C:\WINDOWS\system32\wini10254.exe
[DETECTION] Is the TR/Fakealert.QE Trojan
[NOTE] The file was moved to '48aa3b22.qua'!
C:\WINDOWS\temp\6006d222-4612-45ac-951c-30ac40dbb12b.tmp
[0] Archive type: CAB (Microsoft)
--> iTunesMiniPlayer.Resources_iTunesMiniPlayer.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
Begin scan in 'D:\'


End of the scan: Saturday, October 18, 2008 15:22
Used time: 28:59 Minute(s)

The scan has been done completely.

8170 Scanning directories
297938 Files were scanned
15 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
11 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
297922 Files not concerned
7755 Archives were scanned
6 Warnings
13 Notes

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:51 PM

Posted 18 October 2008 - 09:20 PM

Ok thats good.. but You didn't post the SuperAntispyware log>..please do then run a scan with MBAM.

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 crackindustries

crackindustries
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 19 October 2008 - 12:21 PM

Here are the logs

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/19/2008 at 12:41 PM

Application Version : 4.21.1004

Core Rules Database Version : 3602
Trace Rules Database Version: 1588

Scan type : Quick Scan
Total Scan Time : 00:09:31

Memory items scanned : 180
Memory threats detected : 1
Registry items scanned : 477
Registry threats detected : 40
File items scanned : 9280
File threats detected : 53

Trojan.Services/Fake
C:\WINDOWS\SYSTEM32\DRIVERS\SERVICES.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\SERVICES.EXE
[[system]] C:\WINDOWS\SYSTEM32\DRIVERS\SERVICES.EXE
[[system]] C:\WINDOWS\SYSTEM32\DRIVERS\SERVICES.EXE

Trojan.Dropper/Gen-NV
[brastk] C:\WINDOWS\SYSTEM32\BRASTK.EXE
C:\WINDOWS\SYSTEM32\BRASTK.EXE
[brastk] C:\WINDOWS\SYSTEM32\BRASTK.EXE

Trojan.Dropper/SVCHost-Fake
[winlogon] C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-32CCC896B9\SVCHOST.EXE
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-32CCC896B9\SVCHOST.EXE
[winlogon] C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-32CCC896B9\SVCHOST.EXE

Adware.AdSponsor/ISM-GetModule
[GetModule24] C:\PROGRAM FILES\GETMODULE\GETMODULE24.EXE
C:\PROGRAM FILES\GETMODULE\GETMODULE24.EXE

Trojan.FakeAlert-IEBT
HKU\S-1-5-21-1742054520-271253868-2208014461-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{65742936-8079-408B-9F3C-874B78030A72}

Adware.Tracking Cookie
C:\Documents and Settings\Owner.YOUR-32CCC896B9\Cookies\owner@redorbit[2].txt
C:\Documents and Settings\Owner.YOUR-32CCC896B9\Cookies\owner@advertising[1].txt
C:\Documents and Settings\Owner.YOUR-32CCC896B9\Cookies\owner@ads.redorbit[2].txt
C:\Documents and Settings\Owner.YOUR-32CCC896B9\Cookies\owner@media.adrevolver[1].txt
C:\Documents and Settings\Owner.YOUR-32CCC896B9\Cookies\owner@bs.serving-sys[1].txt
C:\Documents and Settings\Owner.YOUR-32CCC896B9\Cookies\owner@ads.adbrite[1].txt
C:\Documents and Settings\Owner.YOUR-32CCC896B9\Cookies\owner@revsci[1].txt
C:\Documents and Settings\Owner.YOUR-32CCC896B9\Cookies\owner@questionmarket[2].txt
C:\Documents and Settings\Owner.YOUR-32CCC896B9\Cookies\owner@media6degrees[2].txt
C:\Documents and Settings\Owner.YOUR-32CCC896B9\Cookies\owner@dynamic.media.adrevolver[2].txt
C:\Documents and Settings\Owner.YOUR-32CCC896B9\Cookies\owner@realmedia[1].txt
C:\Documents and Settings\Owner.YOUR-32CCC896B9\Cookies\owner@tacoda[1].txt
C:\Documents and Settings\Owner.YOUR-32CCC896B9\Cookies\owner@tribalfusion[2].txt
C:\Documents and Settings\Owner.YOUR-32CCC896B9\Cookies\owner@specificclick[2].txt
C:\Documents and Settings\Owner.YOUR-32CCC896B9\Cookies\owner@zedo[1].txt
C:\Documents and Settings\Owner.YOUR-32CCC896B9\Cookies\owner@apmebf[2].txt
C:\Documents and Settings\Owner.YOUR-32CCC896B9\Cookies\owner@fastclick[1].txt
C:\Documents and Settings\Owner.YOUR-32CCC896B9\Cookies\owner@adserver.adtechus[1].txt
C:\Documents and Settings\Owner.YOUR-32CCC896B9\Cookies\owner@interclick[2].txt
C:\Documents and Settings\Owner.YOUR-32CCC896B9\Cookies\owner@atdmt[2].txt
C:\Documents and Settings\Owner.YOUR-32CCC896B9\Cookies\owner@adbrite[1].txt
C:\Documents and Settings\Owner.YOUR-32CCC896B9\Cookies\owner@media.ntsserve[2].txt
C:\Documents and Settings\Owner.YOUR-32CCC896B9\Cookies\owner@specificmedia[2].txt
C:\Documents and Settings\Owner.YOUR-32CCC896B9\Cookies\owner@adopt.specificclick[1].txt
C:\Documents and Settings\Owner.YOUR-32CCC896B9\Cookies\owner@trafficmp[2].txt
C:\Documents and Settings\Owner.YOUR-32CCC896B9\Cookies\owner@adrevolver[1].txt
C:\Documents and Settings\Owner.YOUR-32CCC896B9\Cookies\owner@ads.pointroll[2].txt
C:\Documents and Settings\Owner.YOUR-32CCC896B9\Cookies\owner@mediaplex[2].txt
C:\Documents and Settings\Owner.YOUR-32CCC896B9\Cookies\owner@doubleclick[1].txt
C:\Documents and Settings\Owner.YOUR-32CCC896B9\Cookies\owner@cache.trafficmp[2].txt
C:\Documents and Settings\Owner.YOUR-32CCC896B9\Cookies\owner@ad.yieldmanager[2].txt
C:\Documents and Settings\Owner.YOUR-32CCC896B9\Cookies\owner@serving-sys[2].txt

Adware.ClickSpring/Outer Info Network
HKCR\OINCS.OINAnalytics
HKCR\OINCS.OINAnalytics\CLSID
HKCR\OINCS.OINAnalytics\CurVer
HKCR\OINCS.OINAnalytics.1
HKCR\OINCS.OINAnalytics.1\CLSID
HKCR\CLSID\{6B221E01-F517-4959-8C41-81948E7F2F17}
HKCR\CLSID\{6B221E01-F517-4959-8C41-81948E7F2F17}#AppID
HKCR\CLSID\{6B221E01-F517-4959-8C41-81948E7F2F17}\InprocServer32
HKCR\CLSID\{6B221E01-F517-4959-8C41-81948E7F2F17}\InprocServer32#ThreadingModel
HKCR\CLSID\{6B221E01-F517-4959-8C41-81948E7F2F17}\ProgID
HKCR\CLSID\{6B221E01-F517-4959-8C41-81948E7F2F17}\Programmable
HKCR\CLSID\{6B221E01-F517-4959-8C41-81948E7F2F17}\TypeLib
HKCR\CLSID\{6B221E01-F517-4959-8C41-81948E7F2F17}\VersionIndependentProgID
HKCR\AppId\OINAnalytics.DLL
HKCR\AppId\OINAnalytics.DLL#AppID
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OINAnalytics
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OINAnalytics#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OINAnalytics#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OINAnalytics#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OINAnalytics#HelpLink
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OINAnalytics#InstallLocation
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OINAnalytics#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OINAnalytics#NoRepair
C:\Program Files\OINAnalytics\OINAnalytics.dll
C:\Program Files\OINAnalytics

Trojan.DNSChanger-Codec
HKU\S-1-5-21-1742054520-271253868-2208014461-1006\Software\GetModule
HKU\S-1-5-21-1742054520-271253868-2208014461-1006\Software\GetPack
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iCheck
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iCheck#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iCheck#UninstallString

Adware.AdSponsor/ISM
C:\Program Files\GetModule\dicik.gz
C:\Program Files\GetModule\GetModule23.exe
C:\Program Files\GetModule\kwdik.gz
C:\Program Files\GetModule\ozadik.gz
C:\Program Files\GetModule\squaraksupdate.exe
C:\Program Files\GetModule
C:\WINDOWS\Prefetch\GETMODULE23.EXE-0733627D.pf

Rootkit.Unclassified/KR_Done
C:\WINDOWS\system32\vx.tll

Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\FCOVM
HKLM\SOFTWARE\Microsoft\RemoveRP

Rogue.Web/Registry Sentinel
C:\WINDOWS\uid.tmp

Rogue.AntiVirus 2008
C:\Documents and Settings\Owner.YOUR-32CCC896B9\Application Data\RHCTJ1J0E94L

Trojan.Downloader-Gen
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#brastk [ C:\WINDOWS\system32\brastk.exe ]
HKU\S-1-5-21-1742054520-271253868-2208014461-1006\Software\Microsoft\Windows\CurrentVersion\Run#brastk [ C:\WINDOWS\system32\brastk.exe ]

Adware.AdSponsor/ISM-Installer
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-32CCC896B9\LOCAL SETTINGS\TEMP\GETTPA222.EXE

Trojan.Unclassified/UserInit-Fake
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-32CCC896B9\START MENU\PROGRAMS\STARTUP\USERINIT.EXE

Trojan.Dropper/Gen
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-32CCC896B9\~.EXE

Adware.ClickSpring
C:\WINDOWS\SYSTEM32\CRE.DLL

Unclassified.Unknown Origin/System
C:\WINDOWS\SYSTEM32\UPDATE32.EXE


Malwarebytes' Anti-Malware 1.29
Database version: 1289
Windows 5.1.2600 Service Pack 3

10/19/2008 12:55:26 PM
mbam-log-2008-10-19 (12-55-26).txt

Scan type: Quick Scan
Objects scanned: 52400
Time elapsed: 4 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 13
Registry Values Infected: 8
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Documents and Settings\Owner.YOUR-32CCC896B9\Local Settings\Application Data\CyberDefender\cdmyidd.dll (Trojan.BHO) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\cdmyidd.securitytoolbar (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{cd24eb02-9831-4838-99d0-726d411b1328} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f20da564-9254-49fe-a678-cc3cef172252} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cdmyidd.securitytoolbar.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{453f51e8-fef5-4c54-b136-944bf434360c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{f7fa36a4-3177-4b57-b9c1-e9c5b2e0d3a9} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhctj1j0e94l (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VnrBlock (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Backdoor check (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{453f51e8-fef5-4c54-b136-944bf434360c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhctj1j0e94l (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\getpack22 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vnrblock21 (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\services.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\461942 (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Owner.YOUR-32CCC896B9\Local Settings\Application Data\CyberDefender\cdmyidd.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\system32\dlds8.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\U.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wini10251.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.


Malwarebytes' Anti-Malware 1.29
Database version: 1289
Windows 5.1.2600 Service Pack 3

10/19/2008 1:03:53 PM
mbam-log-2008-10-19 (13-03-53).txt

Scan type: Quick Scan
Objects scanned: 52402
Time elapsed: 4 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\getmodule24 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\getpack22 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vnrblock21 (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:51 PM

Posted 19 October 2008 - 02:10 PM

It seems you have got it all. Run the MBAM once agian to see of it returns all zero's
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users