Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Invisible pop up ads?


  • Please log in to reply
8 replies to this topic

#1 daewezzy

daewezzy

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 26 October 2008 - 12:44 AM

Hi everyone,

Just recently I've been getting these invisible pop up ads (don't even know if that makes sense), but while I'm either browsing the internet, chatting on AIM, etc. I can hear the Internet Explorer clicks in the background. I use Firefox so I know its not me doing the clicking. Also, there would sometimes be those ads that would start talking, but when I would minimize there would be no ad or anything showing so there's no stopping it.

Before this happened I had the "red x" virus that would show a red x on the task bar on the bottom right corner. I got rid of this by using Malwarebytes' Anti-Malware program which got rid of that but now I get these random pop up ads and IE clicks. Last thing, my computer would restart by itself over a period of time by getting a blue screen. Any help is appreciated, thanks!

BC AdBot (Login to Remove)

 


#2 iisjman07

iisjman07

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 26 October 2008 - 02:06 AM

OK, please start off by downloading SUPERantispyware from here:
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
. Once installed, update the definitions and run a scan. If you have a big hard drive, run a quick scan, because the scanner isn't very fast... If you can, please post the log back here...

#3 daewezzy

daewezzy
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 27 October 2008 - 12:17 AM

Here's my log. I forgot to copy the first scan, so this is the second scan.


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/26/2008 at 10:13 PM

Application Version : 4.21.1004

Core Rules Database Version : 3609
Trace Rules Database Version: 1595

Scan type : Quick Scan
Total Scan Time : 00:11:37

Memory items scanned : 382
Memory threats detected : 0
Registry items scanned : 324
Registry threats detected : 0
File items scanned : 5872
File threats detected : 17

Adware.Tracking Cookie
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@advertising[2].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@atdmt[1].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@at.atwola[1].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@revsci[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@insightexpressai[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@bs.serving-sys[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.burstbeacon[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.burstnet[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[2].txt

#4 iisjman07

iisjman07

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 27 October 2008 - 02:03 AM

OK, now run a virus scan with ESET.... use Internet Explorer to go here:
http://www.eset.com/onlinescan/
. Tick the box that says 'Yes, I accept the terms of use' , then click 'Start'. The next page should start to appear, although it may look as if it hasn't worked properly, just give it a few seconds. Then press the next button to continue and it should start to download the files to scan your pc. You will probably get some alerts/active X/little yellow toolbar appear asking you to install software. Accept and install anything it asks. Once it starts to scan, you can leave the computer and no interaction should be neccasery.

other instructions:
http://forums.majorgeeks.com/showthread.php?t=149856
http://aumha.net/viewtopic.php?f=43&t=28775

When finished either navigate to or click Start, then Run and type in 'C:\Program Files\EsetOnlineScanner\log.txt' to view your log.... please post it back here when finished

#5 daewezzy

daewezzy
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 27 October 2008 - 04:27 PM

Here's the log from ESET. The "red-x" button my on task bar popped up again this morning.

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3560 (20081027)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=fa416c30bcd9e9448c78ec45fd8b64e8
# end=finished
# remove_checked=true
# unwanted_checked=false
# utc_time=2008-10-27 08:14:28
# local_time=2008-10-27 01:14:28 (-0800, Pacific Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=333138
# found=66
# scan_time=2884
C:\Documents and Settings\Mom & Dad\Application Data\Sun\Java\Deployment\cache\6.0\42\10f85aa-3d25be3a multiple infiltrations (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Application Data\Sun\Java\Deployment\cache\6.0\42\10f85aa-3d25be3a »ZIP »Beyond.class a variant of Java/ClassLoader trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Application Data\Sun\Java\Deployment\cache\6.0\42\10f85aa-3d25be3a »ZIP »BlackBox.class a variant of Java/ClassLoader trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Application Data\Sun\Java\Deployment\cache\6.0\42\10f85aa-3d25be3a »ZIP »VerifierBug.class a variant of Java/TrojanDownloader.Byteverify trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-78d6a057-76acd0d4.zip multiple infiltrations (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-78d6a057-76acd0d4.zip »ZIP »Beyond.class a variant of Java/ClassLoader trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-78d6a057-76acd0d4.zip »ZIP »BlackBox.class a variant of Java/ClassLoader trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-78d6a057-76acd0d4.zip »ZIP »VerifierBug.class a variant of Java/TrojanDownloader.Byteverify trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-5aa0b436-50ecc505.zip Java/TrojanDownloader.OpenStream.W trojan (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-5aa0b436-50ecc505.zip »ZIP »javainstaller/InstallerApplet.class Java/TrojanDownloader.OpenStream.W trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\0yC45R28.exe a variant of Win32/TrojanClicker.Agent.NEB trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\1Ukbd8Nw.exe a variant of Win32/TrojanClicker.Agent.NEB trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\22ADM2s8.exe a variant of Win32/TrojanClicker.Agent.NEB trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\2goUfhXj.exe a variant of Win32/TrojanClicker.Agent.NEB trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\3GxTm6ST.exe a variant of Win32/TrojanClicker.Agent.NEB trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\4K731ykl.exe a variant of Win32/TrojanClicker.Agent.NEB trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\8In2kK6J.exe a variant of Win32/TrojanClicker.Agent.NEB trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\Binaries2.cab3 multiple infiltrations (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\Binaries2.cab3 »CAB »AVEngn.dll Win32/Adware.XPSecurityCenter application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\Binaries2.cab3 »CAB »wscui.cpl a variant of Win32/Adware.XPSecurityCenter application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\c7SiApAP.exe probably a variant of Win32/TrojanClicker.Agent.NEB trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\DMeEsTH6.exe a variant of Win32/TrojanClicker.Agent.NEB trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\doXpj360.exe a variant of Win32/TrojanClicker.Agent.NEB trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\h6Mi445P.exe probably a variant of Win32/TrojanClicker.Agent.NEB trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\j0K2Thi6.exe a variant of Win32/TrojanClicker.Agent.NEB trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\jolqhifa.exe a variant of Win32/Injector.CA trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\L3rKC35v.exe a variant of Win32/TrojanClicker.Agent.NEB trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\mJe33wS8.exe probably a variant of Win32/TrojanClicker.Agent.NEB trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\P05t40Ew.exe a variant of Win32/TrojanClicker.Agent.NEB trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\P4J16gc8.exe a variant of Win32/TrojanClicker.Agent.NEB trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\PJugEkC5.exe a variant of Win32/TrojanClicker.Agent.NEB trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\PkrAD42g.exe a variant of Win32/TrojanClicker.Agent.NEB trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\q5527ogo.exe a variant of Win32/TrojanClicker.Agent.NEB trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\qnRijb4K.exe a variant of Win32/TrojanClicker.Agent.NEB trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\rd5TU8b2.exe a variant of Win32/TrojanClicker.Agent.NEB trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\RXOwHk4l.exe probably a variant of Win32/TrojanClicker.Agent.NEB trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\TDf1MQfQ.exe a variant of Win32/TrojanClicker.Agent.NEB trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\tMKI02s7.exe a variant of Win32/TrojanClicker.Agent.NEB trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\v12KxV8c.exe a variant of Win32/TrojanClicker.Agent.NEB trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\W84pT838.exe a variant of Win32/TrojanClicker.Agent.NEB trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\wd5iHE0I.exe a variant of Win32/TrojanClicker.Agent.NEB trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\wrdwn2 Win32/Adware.XPSecurityCenter application (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\wrdwn2 »CAB »AntiSpywareXP2009.exe Win32/Adware.XPSecurityCenter application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\wrdwn3 Win32/Adware.XPSecurityCenter application (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\wrdwn3 »CAB »AVEngn.dll Win32/Adware.XPSecurityCenter application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\x4u02iEO.exe a variant of Win32/TrojanClicker.Agent.NEB trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Local Settings\Temp\y44ig5kg.exe a variant of Win32/TrojanClicker.Agent.NEB trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Local Settings\Temporary Internet Files\Content.IE5\2TYHA9EX\BinariesAVE[1].cab Win32/Adware.XPSecurityCenter application (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Local Settings\Temporary Internet Files\Content.IE5\2TYHA9EX\BinariesAVE[1].cab »CAB »AVEngn.dll Win32/Adware.XPSecurityCenter application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Local Settings\Temporary Internet Files\Content.IE5\2TYHA9EX\Install[1].exe Win32/Adware.XPAntiSpyware.AA application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Local Settings\Temporary Internet Files\Content.IE5\2TYHA9EX\z[1].htm a variant of Win32/TrojanDownloader.Firu trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Local Settings\Temporary Internet Files\Content.IE5\6L4FGTEJ\Binaries1[1].cab Win32/Adware.XPSecurityCenter application (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Local Settings\Temporary Internet Files\Content.IE5\6L4FGTEJ\Binaries1[1].cab »CAB »AntiSpywareXP2009.exe Win32/Adware.XPSecurityCenter application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad\Local Settings\Temporary Internet Files\Content.IE5\W7U5MXIX\Install[1].exe Win32/Adware.WinAntiSpyware application (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Mom & Dad_2\Local Settings\Temp\0SkM1vA0.exe a variant of Win32/TrojanClicker.Agent.NEB trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\karna.dat Win32/TrojanProxy.Agent.NER trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\4CQcaf8p.exe a variant of Win32/TrojanDownloader.Firu trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\Hp3804ao.exe a variant of Win32/TrojanClicker.Agent.NEB trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\Hp3804ao.exe_ a variant of Win32/TrojanClicker.Agent.NEB trojan (unable to clean - deleted (after the next restart)) 00000000000000000000000000000000
C:\WINDOWS\system32\Jr0561cq.dll probably a variant of Win32/TrojanClicker.Agent.NEB trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\karna.dat Win32/TrojanProxy.Agent.NER trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\wini10253.exe Win32/Adware.XPAntiSpyware.AA application (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\dllcache\beep.sys Win32/Adware.UltimateDefender application (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\drivers\beep.sys Win32/Adware.UltimateDefender application (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\Temp\0SkM1vA0.exe probably a variant of Win32/TrojanClicker.Agent.NEB trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\Temp\T8En7G26.exe probably a variant of Win32/TrojanClicker.Agent.NEB trojan (unable to clean - deleted) 00000000000000000000000000000000

Edited by daewezzy, 27 October 2008 - 04:28 PM.


#6 iisjman07

iisjman07

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 28 October 2008 - 08:43 AM

It seemed to have trouble removing quite a few trojans....
Try the bitdefender online scan instead:
http://www.bitdefender.com/scan8/ie.html
Install everything it asks you to allow the scanner to load up. When at the 'Scanning Options' page, under 'Settings' click the 'click here' red button.
Make sure the first 'Action option' is 'Disinfect' and the second 'Delete'. Then expand 'Scan files' under the 'Scanning Options' and tick 'Scan All Files'.
Then click the big 'Start' to start your scan.

When finished, update SUPERantispyware and run a quick scan.

#7 daewezzy

daewezzy
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 28 October 2008 - 04:00 PM

Here's the log for SUPERantispyware

p://www.superantispyware.com

Generated 10/28/2008 at 12:50 PM

Application Version : 4.21.1004

Core Rules Database Version : 3609
Trace Rules Database Version: 1595

Scan type : Quick Scan
Total Scan Time : 00:10:48

Memory items scanned : 335
Memory threats detected : 0
Registry items scanned : 329
Registry threats detected : 2
File items scanned : 5874
File threats detected : 80

Adware.Tracking Cookie
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@advertising[1].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@ehg-eset.hitbox[1].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@atdmt[1].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@adopt.euroclick[1].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@doubleclick[1].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@hitbox[2].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@at.atwola[1].txt
C:\Documents and Settings\Mom & Dad\Cookies\mom & dad@revsci[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@247realmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@yieldmanager[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@clickbooth[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@reduxmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@azjmp[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@banner_js[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@statcounter[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@2o7[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@smileycentral[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@interclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@affiliate.kitaramedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@media-servers[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@burstnet[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@serv.clicksor[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@intermundomedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@onlinerewardcenter[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@insightexpressai[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@login.tracking101[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@bs.serving-sys[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@myroitracking[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@c5.zedo[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.claxonmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@zedo[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.burstbeacon[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.burstnet[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@indextools[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@revsci[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@network.realmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@login.revenueloop[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@eas.apm.emediate[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediafileshost[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@media.ntsserve[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@mmcounter[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@bootcampmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@edge.ru4[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@affiliate.abmtracker[1].txt
C:\WINDOWS\Temp\Cookies\system@doubleclick[1].txt
C:\WINDOWS\Temp\Cookies\system@adecn[1].txt
C:\WINDOWS\Temp\Cookies\system@atdmt[2].txt
C:\WINDOWS\Temp\Cookies\system@azjmp[2].txt
C:\WINDOWS\Temp\Cookies\system@specificmedia[1].txt
C:\WINDOWS\Temp\Cookies\system@serv.clicksor[1].txt
C:\WINDOWS\Temp\Cookies\system@media6degrees[1].txt
C:\WINDOWS\Temp\Cookies\system@ads.realtechnetwork[1].txt
C:\WINDOWS\Temp\Cookies\system@adserver.adtechus[1].txt
C:\WINDOWS\Temp\Cookies\system@ad.yieldmanager[1].txt
C:\WINDOWS\Temp\Cookies\system@realmedia[2].txt
C:\WINDOWS\Temp\Cookies\system@myroitracking[1].txt
C:\WINDOWS\Temp\Cookies\system@c5.zedo[1].txt
C:\WINDOWS\Temp\Cookies\system@zedo[1].txt
C:\WINDOWS\Temp\Cookies\system@www.burstnet[1].txt
C:\WINDOWS\Temp\Cookies\system@adserver.easyad[1].txt
C:\WINDOWS\Temp\Cookies\system@questionmarket[2].txt
C:\WINDOWS\Temp\Cookies\system@network.realmedia[1].txt
C:\WINDOWS\Temp\Cookies\system@adopt.specificclick[1].txt
C:\WINDOWS\Temp\Cookies\system@specificclick[2].txt
C:\WINDOWS\Temp\Cookies\system@media.ntsserve[2].txt
C:\WINDOWS\Temp\Cookies\system@adopt.euroclick[2].txt
C:\WINDOWS\Temp\Cookies\system@trafficmp[2].txt

Trojan.Downloader-Gen
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run#brastk [ C:\WINDOWS\system32\brastk.exe ]
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run#brastk [ C:\WINDOWS\system32\brastk.exe ]

#8 iisjman07

iisjman07

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 29 October 2008 - 03:29 AM

Have you run the bitdefender scan yet? Are you still infected?

#9 daewezzy

daewezzy
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 31 October 2008 - 01:49 AM

I did run bitdefender and i believe it got most of it out. I'll run it again and see. Thanks a lot for your help.

Edited by daewezzy, 31 October 2008 - 01:49 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users