Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help


  • Please log in to reply
7 replies to this topic

#1 ThinIce

ThinIce

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 28 October 2008 - 02:06 PM

Hello people,

This is the scan report of AV 2009 of my PC:


Antivirus 2009 system scan report.
Report generated 28.10.2008 22:03:17

Type Run type Name Details
Spyware C://windows/system32/iesetup.dll Spyware.IEMonster.d "Steals passwords from Internet Explorer, Mozilla Firefox, Outlook and other programs.
Spyware autorun Win32.PerFiler Win32.PerFiler is designed to retrieve and install files when executed. Win32.PerFiler is configured to download from either a designated web or FTP site.
Spyware autorun Spyware.KnownBadSites Uses the Windows hosts file to redirect your browser to a malicious site when you try to access a valid site.
Spyware autorun Spyware.IMMonitor program that can be used to monitor and record conversations in popular instant messaging applications.
Spyware C://windows/system32/ Spyware.007SpySoftware Program designed to monitor user activity. May be used with or without consent.
Adware autorun Zlob.PornAdvertiser.ba Adware that displays pop-up/pop-under advertisements of pornographic or online gambling Web sites.
Adware Registry Adware.eXact.BargainBuddy A browser helper object that monitors internet browsing sessions in an attempt to redirect search queries and distribute unsolicited advertisements.
Trojan autorun Infostealer.Banker.E Steals sensitive information from the infected computer (e.g. logins and passwords from online banking sessions).
Trojan autorun Trojan.Tooso Trojan.Tooso is a trojan which attempts to terminate and delete security related applications.
Trojan C://windows/system32/explorer.exe Trojan.MailGrabber.s Trojan horse that gets access to e-mail accounts on the infected computer.
Trojan C://windows/system32/alg.exe Trojan.Alg.t Trojan program that can compromise your private information stored on the hard drive.
Trojan C://windows/system32/ Trojan.BAT.Adduser.t This Trojan has a malicious payload. It is a BAT file. It is 1129 bytes in size.
Trojan C://windows/hidden/ Trojan.Clicker.EC Trojan.Clicker.EC is an information stealing Trojan that masquerades as a legitimate system file so as to avoid detection and subsequent removal.
Backdoor C://windows/system32/svchost.exe Win32.Rbot.fm An IRC controlled backdoor that can be used to gain unauthorized access to a victim's machine.
Dialer C://windows/system32/cmdial32.dll Dialer.Xpehbam.biz_dialer A Dialer that loads pornographic material. The url information shows Hardcore Pornographic pages.
Rogue C://Program Files/TrustedAntivirus TrustedAntivirus A corrupt and misleading anti-virus program that may be usually installed with the help of malcous Trojans and other malware
Rogue C://Program Files/SecurePCCleaner SecurePCCleaner Rogue Security Software: fake Security software that uses deceptive means for installation and purpose.
Dialer C://windows/hidden/ Dialer.Trafficjam.a Dialer.Trafficjam.a is a premium-rate phone dialer that automatically invokes paid access to various porn-related Web sites.
Trojan hidden autorun Trojan.Poison.J Trojan.Poison.J is a key-logging Trojan for the Windows platform.
Worm C://windows/system32/ Win32.Delbot.AI Win32.Delbot.AI is a worm and IRC backdoor that exploits system and software vulnerabilities in order to provide remote access to the host PC.
Worm C://windows/temp/ Win32.Sdbot.ADN A worm and IRC backdoor that exploits system and software vulnerabilities in order to provide unmitigated remote access to the host machine.
Trojan C://windows/ Trojan-Dropper.Win32.Agent.bot This Trojan is designed to install and launch other malicious programs on the victim machine without the knowledge or consent of the user.
Worm C://windows/temp/ Win32.Rbot.CBX A worm and IRC backdoor that exploits system and software vulnerabilities in order to provide unmitigated remote access to the host machine.
Worm hidden autorun Win32.Miewer.a A Trojan Downloader that masquerades as a legitimate system file. Associated processes connect to the Internet to download additional malicious files
Trojan C://windows/ Trojan-Downloader.VBS.Small.dc This Trojan downloads other files via the FTP protocol and launches them for execution on the victim machine without the userís knowledge.
Worm autorun Win32.Peacomm.dam A Trojan Downloader that is spread as an attachment to emails with news headlines as the subject lines which downloads additional security threats.
Worm C://windows/system/ Worm.Bagle.CP This is a ""Bagle"" mass-mailer which demonstrates typical ""Bagle"" behavior.
Worm C://windows/ Win32.BlackMail.xx "This dangerous worm will destroy certain data files on an infected user's machine on February 3, 2008.
Trojan hidden autorun Trojan.Win32.Agent.ado Trojan downloader that is spread as an attachment to a spam email and tries to download a password stealer.
Trojan autorun Win32.Outsbot.u A backdoor Trojan that is remotely controlled via Internet Relay Chat (IRC). It exploits Sony Digital Rights Management (DRM) software to hide its presence.




The problem is that I do not have an activation code for AV 2009 and I dont know what to do!
Could anyone help me please?

BC AdBot (Login to Remove)

 


#2 xblindx

xblindx

  • Banned
  • 1,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:57 PM

Posted 28 October 2008 - 02:51 PM

(Note: I am not an expert in this field yet, and if you are uncomfortable following any of my instructions before getting a more experienced user's second opinion, that is fine)

Seeing as the files were found, it shouldn't be as hard to remove them. It will still take some time to make your computer mostly safe, I say mostly because if you have been infected with malware, there is no way to know for sure if it is completely clean as fragments of malware files will remain in your system.

One or more of the files found were backdoor trojans, backdoor trojans allow remote access and control of your computer to a third party! There is no way to know for sure if your computer will ever be secure/trusted again. The only surefire way to know is to do a reformat/reinstall of windows, that however is time consuming and most people won't want to go that route, you can still be helped. However, like I said, there will be no way to ever trust your computer 100% without a reinstall

Download, install, update and run MalwareBytes Anti-malware.

Malwarebytes

After the file is installed, open the program and go to the "Update" Tab, check for updates, the program should automatically install the latest updates.

Choose the "scanner" tab, and run a full scan . After the scan is complete, if will display the infected items, make sure all items are selected to be deleted and then delete them. If it encounters a file that is difficult delete, it will require a restart of your computer.It will also display a log file, copy and paste that logfile in your next reply.

*note* If you have to reboot your computer, the logfile will be located in the MBAM program. Open the program and go to the "logs" tab and open the most recent log (the one you just ran)

Edited by xblindx, 28 October 2008 - 04:37 PM.


#3 scff249

scff249

    Indecisive Lurker


  • Members
  • 1,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:A galaxy far, far away...
  • Local time:05:57 PM

Posted 28 October 2008 - 04:14 PM

*drive-by analysis*

Somehow, something screams fake Antivirus program. It's not one that I recongize...

Then again, I could be wrong...but I don't know...

"Ototo'i wa usagi o mita no...Kino wa shika...Kyo wa anata." -Kotomi Ichinose (Clannad) [see below for translation]
"Day before yesterday I saw a rabbit, and yesterday a deer, and today, you." -The Dandelion Girl
"You are not alone, and you are not strange. You are you, and everyone has damage. Be the better person." -Katawa Shoujo


#4 xblindx

xblindx

  • Banned
  • 1,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:57 PM

Posted 28 October 2008 - 05:21 PM

It seems that you have at least 2 instances of rogue security software on your computer. Rogue C://Program Files/TrustedAntivirus TrustedAntivirus A corrupt and misleading anti-virus program that may be usually installed with the help of malcous Trojans and other malware


Rogue C://Program Files/SecurePCCleaner SecurePCCleaner Rogue Security Software: fake Security software that uses deceptive means for installation and purpose.


I would IMMEDIATELY go and uninstall these 2 programs via add/remove programs or through another uninstallation method. I'm not sure if just deleting the folders will do any good. MBAM should delete them for you though.

Edited by xblindx, 28 October 2008 - 05:23 PM.


#5 ThinIce

ThinIce
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 29 October 2008 - 03:02 AM

Hello xblindx and thank you for your help.

I ran a quick scan and here's the report:


Malwarebytes' Anti-Malware 1.30
Database version: 1334
Windows 5.1.2600 Service Pack 3

10/29/2008 3:45:51 AM
mbam-log-2008-10-29 (03-45-51).txt

Scan type: Quick Scan
Objects scanned: 47969
Time elapsed: 11 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{037C7B8A-151A-49E6-BAED-CC05FCB50328} (Adware.Search Toolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037C7B8A-151A-49E6-BAED-CC05FCB50328} (Adware.Search Toolbar) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Antivirus 2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\admin\Start Menu\Antivirus 2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\ieupdates.exe (Trojan.Agent) -> Quarantined and deleted successfully.




Then I ran a full scan and here's the report:


Malwarebytes' Anti-Malware 1.30
Database version: 1334
Windows 5.1.2600 Service Pack 3

10/29/2008 6:48:30 AM
mbam-log-2008-10-29 (06-48-30).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 281104
Time elapsed: 2 hour(s), 39 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




As for the directories you mentioned, I couldn't find either in Prorgam files or on the main directory :|

Any idea about what to do next?

#6 xblindx

xblindx

  • Banned
  • 1,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:57 PM

Posted 29 October 2008 - 06:35 AM

As for the MBAM, it seems to have picked up 2 adware infections. Please reboot your computer to complete infection removal. It also seems that the MBAM removed the rogue antivirus from your computer.

Could you please do a scan with SUPERantispyware. Install the file, and update the definitions. DO NOT SCAN YET

Please reboot your computer in Safe Mode

Run a full scan with SUPERantispyware.
Reboot back into normal mode
Post that log in your next reply.

Edited by xblindx, 29 October 2008 - 06:38 AM.


#7 ThinIce

ThinIce
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 29 October 2008 - 06:11 PM

Thank you xblindx ( I like your name :thumbsup: )

I made the scan twice because it was interrupted the first time, so I had to rescan and here are the two reports:


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/29/2008 at 06:57 PM

Application Version : 4.21.1004

Core Rules Database Version : 3604
Trace Rules Database Version: 1599

Scan type : Complete Scan
Total Scan Time : 03:12:15

Memory items scanned : 156
Memory threats detected : 0
Registry items scanned : 5297
Registry threats detected : 0
File items scanned : 50394
File threats detected : 5

Adware.Tracking Cookie
C:\Documents and Settings\admin\Cookies\admin@advertising[2].txt
C:\Documents and Settings\admin\Cookies\admin@atdmt[2].txt
C:\Documents and Settings\admin\Cookies\admin@xiti[1].txt
C:\Documents and Settings\admin\Cookies\admin@statcounter[1].txt
C:\Documents and Settings\admin\Cookies\admin@ads.bridgetrack[1].txt





SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/30/2008 at 01:12 AM

Application Version : 4.21.1004

Core Rules Database Version : 3604
Trace Rules Database Version: 1599

Scan type : Complete Scan
Total Scan Time : 02:28:36

Memory items scanned : 155
Memory threats detected : 0
Registry items scanned : 5298
Registry threats detected : 0
File items scanned : 43675
File threats detected : 1

Adware.Tracking Cookie
C:\Documents and Settings\admin\Cookies\admin@statcounter[1].txt



Anything else I should do? Because the PC is still slow sometimes and I get my internet connection to be connected without being able to browse sometimes except if i reset the modem like thrice every two hours! :flowers:

#8 xblindx

xblindx

  • Banned
  • 1,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:57 PM

Posted 29 October 2008 - 07:28 PM

Hmm...I would wait for an admin to reply. I also had that modem resetting problem. Mine went away after a while. Thanks for the comment about my name :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users