Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware coctail. Logs attached


  • Please log in to reply
18 replies to this topic

#1 caghan

caghan

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 29 November 2008 - 07:51 AM

hi guys i got another computer which i need to fix and i think it has a lot of different sypwares which some are possibly not being recognised. i ran an MBAM scan which came up clean and also a spybot which found around 40 errors. i have attached the logs of both. i dont know what else to do coz im sure the laptop is not clean. thanks in advance for the help

Malwarebytes' Anti-Malware 1.30
Database version: 1433
Windows 5.1.2600 Service Pack 2

11/29/2008 3:47:49 PM
mbam-log-2008-11-29 (15-47-49).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 137366
Time elapsed: 52 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)\

spybot search and destroy log


29.11.2008 15:57:13 - ##### check started #####
29.11.2008 15:57:13 - ### Version: 1.6.0
29.11.2008 15:57:13 - ### Date: 11/29/2008 3:57:13 PM
29.11.2008 15:57:15 - ##### checking bots #####
29.11.2008 15:59:54 - found: Microsoft.Windows.Security.InternetExplorer Settings
29.11.2008 16:09:28 - found: HitsLink Tracking cookie (Internet Explorer: Asal)
29.11.2008 16:09:28 - found: CasaleMedia Tracking cookie (Internet Explorer: Asal)
29.11.2008 16:09:28 - found: Tradedoubler Tracking cookie (Internet Explorer: Asal)
29.11.2008 16:09:28 - found: Statcounter Tracking cookie (Internet Explorer: Asal)
29.11.2008 16:09:28 - found: HitBox Tracking cookie (Internet Explorer: Asal)
29.11.2008 16:09:28 - found: BurstMedia Tracking cookie (Internet Explorer: Asal)
29.11.2008 16:09:28 - found: Right Media Tracking cookie (Internet Explorer: Asal)
29.11.2008 16:09:28 - found: DoubleClick Tracking cookie (Internet Explorer: Asal)
29.11.2008 16:09:28 - found: WebTrends live Tracking cookie (Internet Explorer: Asal)
29.11.2008 16:09:28 - found: AdRevolver Tracking cookie (Internet Explorer: Asal)
29.11.2008 16:09:28 - found: MediaPlex Tracking cookie (Internet Explorer: Asal)
29.11.2008 16:09:28 - found: BlueStreak Tracking cookie (Internet Explorer: Asal)
29.11.2008 16:09:28 - found: WebTrends live Tracking cookie (Internet Explorer: Asal)
29.11.2008 16:09:28 - found: MediaPlex Tracking cookie (Internet Explorer: Asal)
29.11.2008 16:09:28 - found: HitBox Tracking cookie (Internet Explorer: Asal)
29.11.2008 16:09:28 - found: AdRevolver Tracking cookie (Internet Explorer: Asal)
29.11.2008 16:09:28 - found: FastClick Tracking cookie (Internet Explorer: Asal)
29.11.2008 16:09:28 - found: Zedo Tracking cookie (Internet Explorer: Asal)
29.11.2008 16:09:28 - found: AdRevolver Tracking cookie (Internet Explorer: Asal)
29.11.2008 16:09:28 - found: HitBox Tracking cookie (Internet Explorer: Asal)
29.11.2008 16:09:28 - found: HitBox Tracking cookie (Internet Explorer: Asal)
29.11.2008 16:09:28 - found: Right Media Tracking cookie (Internet Explorer: Asal)
29.11.2008 16:09:28 - found: LinkSynergy Tracking cookie (Internet Explorer: Asal)
29.11.2008 16:09:29 - found: BurstMedia Tracking cookie (Internet Explorer: Asal)
29.11.2008 16:09:29 - found: HitsLink Tracking cookie (Internet Explorer: Asal)
29.11.2008 16:09:29 - found: Right Media Tracking cookie (Internet Explorer: Asal)
29.11.2008 16:09:29 - found: Clickbank Tracking cookie (Internet Explorer: Asal)
29.11.2008 16:09:29 - found: AdRevolver Tracking cookie (Firefox: default)
29.11.2008 16:09:29 - found: AdRevolver Tracking cookie (Firefox: default)
29.11.2008 16:09:29 - found: MediaPlex Tracking cookie (Firefox: default)
29.11.2008 16:09:29 - found: BurstMedia Tracking cookie (Firefox: default)
29.11.2008 16:09:29 - found: DoubleClick Tracking cookie (Firefox: default)
29.11.2008 16:09:29 - found: FastClick Tracking cookie (Firefox: default)
29.11.2008 16:09:29 - found: FastClick Tracking cookie (Firefox: default)
29.11.2008 16:09:29 - found: FastClick Tracking cookie (Firefox: default)
29.11.2008 16:09:29 - found: Statcounter Tracking cookie (Firefox: default)
29.11.2008 16:09:29 - found: Statcounter Tracking cookie (Firefox: default)
29.11.2008 16:09:29 - found: Statcounter Tracking cookie (Firefox: default)
29.11.2008 16:09:29 - found: Statcounter Tracking cookie (Firefox: default)
29.11.2008 16:09:29 - found: Zedo Tracking cookie (Firefox: default)
29.11.2008 16:09:29 - found: Zedo Tracking cookie (Firefox: default)
29.11.2008 16:09:29 - found: AdRevolver Tracking cookie (Firefox: default)
29.11.2008 16:09:29 - ##### check finished #####

BC AdBot (Login to Remove)

 


#2 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 29 November 2008 - 08:17 AM

Hi,

Why do you think your laptop is infected?

#3 caghan

caghan
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  

Posted 29 November 2008 - 08:27 AM

everytime i plug in my usb a file is copied onto it which then extracts itself and silently installs when inserted into other non-infected computers. this is why and its so annoying

#4 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 29 November 2008 - 08:29 AM

Hi,

1. Download Flashdisinfector to your desktop: http://www.techsupportforum.com/sectools/s...Disinfector.exe
Run it from there.

2. Please use the Internet Explorer browser (or FireFox with IETab), and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
  • Once the files are downloaded click on Next
  • Click on Scan Settings and configure as follows:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:Scan Archives
      Scan Mail Bases
  • Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
Posted Image
Posted Image
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.

#5 caghan

caghan
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 29 November 2008 - 12:51 PM

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, November 29, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, November 29, 2008 12:40:36
Records in database: 1426420
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 59648
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 01:14:55


File name / Threat name / Threats count
C:\WINDOWS\syskernel.dll Infected: Trojan.Win32.Agent.amoj 1

The selected area was scanned.

#6 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 29 November 2008 - 01:42 PM

Hi,

Go to www.virustotal.com
Upload the following file: C:\WINDOWS\syskernel.dll
Post the results in your next reply. :thumbsup:

#7 caghan

caghan
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  

Posted 29 November 2008 - 03:33 PM

File syskernel.dll received on 11.29.2008 21:21:27 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2008.11.28.2 2008.11.29 -
AntiVir 7.9.0.36 2008.11.29 TR/Drop.Agent.qwa
Authentium 5.1.0.4 2008.11.29 -
Avast 4.8.1281.0 2008.11.29 Win32:Trojan-gen {Other}
AVG 8.0.0.199 2008.11.29 SHeur.CRBN
BitDefender 7.2 2008.11.29 -
CAT-QuickHeal 10.00 2008.11.29 -
ClamAV 0.94.1 2008.11.29 -
DrWeb 4.44.0.09170 2008.11.29 Win32.HLLW.Autoruner.3654
eSafe 7.0.17.0 2008.11.27 Win32.Agent.amoj
eTrust-Vet 31.6.6234 2008.11.28 -
Ewido 4.0 2008.11.29 -
F-Prot 4.4.4.56 2008.11.29 -
F-Secure 8.0.14332.0 2008.11.29 Trojan.Win32.Agent.amoj
Fortinet 3.117.0.0 2008.11.29 W32/Agent.AMOJ!tr
GData 19 2008.11.29 Win32:Trojan-gen {Other}
Ikarus T3.1.1.45.0 2008.11.29 Trojan.Win32.Agent
K7AntiVirus 7.10.538 2008.11.29 Trojan.Win32.Agent.amoj
Kaspersky 7.0.0.125 2008.11.29 Trojan.Win32.Agent.amoj
McAfee 5449 2008.11.29 Generic.dx
McAfee+Artemis 5448 2008.11.28 Generic.dx
Microsoft 1.4104 2008.11.29 -
NOD32 3650 2008.11.28 -
Norman 5.80.02 2008.11.28 W32/Agent.JFUN
Panda 9.0.0.4 2008.11.29 -
PCTools 4.4.2.0 2008.11.29 -
Prevx1 V2 2008.11.29 -
Rising 21.05.52.00 2008.11.29 -
SecureWeb-Gateway 6.7.6 2008.11.29 Trojan.Drop.Agent.qwa
Sophos 4.36.0 2008.11.29 Mal/Generic-A
Sunbelt 3.1.1832.2 2008.11.27 -
Symantec 10 2008.11.29 -
TheHacker 6.3.1.1.166 2008.11.28 Trojan/Agent.amoj
TrendMicro 8.700.0.1004 2008.11.28 -
VBA32 3.12.8.9 2008.11.29 Trojan.Win32.Agent.amoj
ViRobot 2008.11.29.1492 2008.11.29 Trojan.Win32.Agent.131072.I
VirusBuster 4.5.11.0 2008.11.29 -
Additional information
File size: 131072 bytes
MD5...: c3d078ae2d9f0739db916531d5e5d253
SHA1..: b590b968fe20245e6d70a0ba752a8de859b83a6a
SHA256: 5dcd6f56721f034d0fc9cbb735ee8a57eb7139b5d1170e663b5070e119247658
SHA512: 0a99ebd27bd64b4a27c6aec77123dce13f048d0321a6ac4cb3b4a45e9f783127<br>e8371b42c010a985b43eb1a721d2783f87c6c626b9399a98001012ab30c2f194<br>
ssdeep: 3072:a+C2ZppJgVop4ylYb0QEEomn68wmeN3cKCv+aVpJQRSrr:N93n7CbP1wDNJ<br>CvDVpJH<br>
PEiD..: -
TrID..: File type identification<br>Win32 Executable Microsoft Visual Basic 6 (86.2%)<br>Win32 Executable Generic (5.8%)<br>Win32 Dynamic Link Library (generic) (5.1%)<br>Generic Win/DOS Executable (1.3%)<br>DOS Executable Generic (1.3%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x401578<br>timedatestamp.....: 0x4868df23 (Mon Jun 30 13:26:59 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x78c0 0x8000 5.57 015732233a86ca13d8f8578bd181a9df<br>.data 0x9000 0xd28 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110<br>.rsrc 0xa000 0x156f8 0x16000 7.89 3e4450c142bea74d9d01183dce13aba1<br><br>( 1 imports ) <br>&gt; MSVBVM60.DLL: __vbaR8FixI4, _CIcos, _adj_fptan, __vbaVarMove, __vbaAryMove, __vbaFreeVar, __vbaLenBstr, __vbaStrVarMove, __vbaFreeVarList, __vbaEnd, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaRecAnsiToUni, -, __vbaStrCat, __vbaLsetFixstr, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryVar, -, __vbaAryDestruct, __vbaOnError, _adj_fdiv_m16i, _adj_fdivr_m16i, __vbaStrFixstr, _CIsin, __vbaErase, __vbaChkstk, __vbaFileClose, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaStrCmp, -, __vbaAryConstruct2, __vbaGet4, __vbaPutOwner4, __vbaI2I4, DllFunctionCall, __vbaRedimPreserve, _adj_fpatan, __vbaRedim, __vbaRecUniToAnsi, EVENT_SINK_Release, -, _CIsqrt, EVENT_SINK_QueryInterface, __vbaUI1I4, __vbaVarMul, __vbaExceptHandler, __vbaStrToUnicode, __vbaPrintFile, -, _adj_fprem, _adj_fdivr_m64, -, __vbaFPException, __vbaUbound, __vbaStrVarVal, __vbaVarCat, __vbaI2Var, -, _CIlog, __vbaErrorOverflow, __vbaFileOpen, __vbaInStr, __vbaNew2, __vbaVar2Vec, -, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, -, __vbaFreeStrList, __vbaDerefAry1, _adj_fdivr_m32, __vbaPowerR8, _adj_fdiv_r, -, __vbaI4Var, __vbaAryLock, __vbaVarAdd, __vbaStrToAnsi, __vbaVarDup, -, __vbaFpI4, _CIatan, __vbaAryCopy, __vbaStrMove, _allmul, _CItan, __vbaAryUnlock, _CIexp, __vbaFreeStr, __vbaFreeObj, -<br><br>( 0 exports ) <br>

Antivirus Version Last Update Result
AhnLab-V3 2008.11.28.2 2008.11.29 -
AntiVir 7.9.0.36 2008.11.29 TR/Drop.Agent.qwa
Authentium 5.1.0.4 2008.11.29 -
Avast 4.8.1281.0 2008.11.29 Win32:Trojan-gen {Other}
AVG 8.0.0.199 2008.11.29 SHeur.CRBN
BitDefender 7.2 2008.11.29 -
CAT-QuickHeal 10.00 2008.11.29 -
ClamAV 0.94.1 2008.11.29 -
DrWeb 4.44.0.09170 2008.11.29 Win32.HLLW.Autoruner.3654
eSafe 7.0.17.0 2008.11.27 Win32.Agent.amoj
eTrust-Vet 31.6.6234 2008.11.28 -
Ewido 4.0 2008.11.29 -
F-Prot 4.4.4.56 2008.11.29 -
F-Secure 8.0.14332.0 2008.11.29 Trojan.Win32.Agent.amoj
Fortinet 3.117.0.0 2008.11.29 W32/Agent.AMOJ!tr
GData 19 2008.11.29 Win32:Trojan-gen {Other}
Ikarus T3.1.1.45.0 2008.11.29 Trojan.Win32.Agent
K7AntiVirus 7.10.538 2008.11.29 Trojan.Win32.Agent.amoj
Kaspersky 7.0.0.125 2008.11.29 Trojan.Win32.Agent.amoj
McAfee 5449 2008.11.29 Generic.dx
McAfee+Artemis 5448 2008.11.28 Generic.dx
Microsoft 1.4104 2008.11.29 -
NOD32 3650 2008.11.28 -
Norman 5.80.02 2008.11.28 W32/Agent.JFUN
Panda 9.0.0.4 2008.11.29 -
PCTools 4.4.2.0 2008.11.29 -
Prevx1 V2 2008.11.29 -
Rising 21.05.52.00 2008.11.29 -
SecureWeb-Gateway 6.7.6 2008.11.29 Trojan.Drop.Agent.qwa
Sophos 4.36.0 2008.11.29 Mal/Generic-A
Sunbelt 3.1.1832.2 2008.11.27 -
Symantec 10 2008.11.29 -
TheHacker 6.3.1.1.166 2008.11.28 Trojan/Agent.amoj
TrendMicro 8.700.0.1004 2008.11.28 -
VBA32 3.12.8.9 2008.11.29 Trojan.Win32.Agent.amoj
ViRobot 2008.11.29.1492 2008.11.29 Trojan.Win32.Agent.131072.I
VirusBuster 4.5.11.0 2008.11.29 -

Additional information
File size: 131072 bytes
MD5...: c3d078ae2d9f0739db916531d5e5d253
SHA1..: b590b968fe20245e6d70a0ba752a8de859b83a6a
SHA256: 5dcd6f56721f034d0fc9cbb735ee8a57eb7139b5d1170e663b5070e119247658
SHA512: 0a99ebd27bd64b4a27c6aec77123dce13f048d0321a6ac4cb3b4a45e9f783127<br>e8371b42c010a985b43eb1a721d2783f87c6c626b9399a98001012ab30c2f194<br>
ssdeep: 3072:a+C2ZppJgVop4ylYb0QEEomn68wmeN3cKCv+aVpJQRSrr:N93n7CbP1wDNJ<br>CvDVpJH<br>
PEiD..: -
TrID..: File type identification<br>Win32 Executable Microsoft Visual Basic 6 (86.2%)<br>Win32 Executable Generic (5.8%)<br>Win32 Dynamic Link Library (generic) (5.1%)<br>Generic Win/DOS Executable (1.3%)<br>DOS Executable Generic (1.3%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x401578<br>timedatestamp.....: 0x4868df23 (Mon Jun 30 13:26:59 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x78c0 0x8000 5.57 015732233a86ca13d8f8578bd181a9df<br>.data 0x9000 0xd28 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110<br>.rsrc 0xa000 0x156f8 0x16000 7.89 3e4450c142bea74d9d01183dce13aba1<br><br>( 1 imports ) <br>&gt; MSVBVM60.DLL: __vbaR8FixI4, _CIcos, _adj_fptan, __vbaVarMove, __vbaAryMove, __vbaFreeVar, __vbaLenBstr, __vbaStrVarMove, __vbaFreeVarList, __vbaEnd, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaRecAnsiToUni, -, __vbaStrCat, __vbaLsetFixstr, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryVar, -, __vbaAryDestruct, __vbaOnError, _adj_fdiv_m16i, _adj_fdivr_m16i, __vbaStrFixstr, _CIsin, __vbaErase, __vbaChkstk, __vbaFileClose, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaStrCmp, -, __vbaAryConstruct2, __vbaGet4, __vbaPutOwner4, __vbaI2I4, DllFunctionCall, __vbaRedimPreserve, _adj_fpatan, __vbaRedim, __vbaRecUniToAnsi, EVENT_SINK_Release, -, _CIsqrt, EVENT_SINK_QueryInterface, __vbaUI1I4, __vbaVarMul, __vbaExceptHandler, __vbaStrToUnicode, __vbaPrintFile, -, _adj_fprem, _adj_fdivr_m64, -, __vbaFPException, __vbaUbound, __vbaStrVarVal, __vbaVarCat, __vbaI2Var, -, _CIlog, __vbaErrorOverflow, __vbaFileOpen, __vbaInStr, __vbaNew2, __vbaVar2Vec, -, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, -, __vbaFreeStrList, __vbaDerefAry1, _adj_fdivr_m32, __vbaPowerR8, _adj_fdiv_r, -, __vbaI4Var, __vbaAryLock, __vbaVarAdd, __vbaStrToAnsi, __vbaVarDup, -, __vbaFpI4, _CIatan, __vbaAryCopy, __vbaStrMove, _allmul, _CItan, __vbaAryUnlock, _CIexp, __vbaFreeStr, __vbaFreeObj, -<br><br>( 0 exports ) <br>


i also went ahead and installed Bitdefender 2009 and picked up what kaspersky missed. heres the log if it helps

BitDefender Log File


Product : BitDefender Total Security 2009
Version : BitDefender UIScanner v.12
Scanning task : Deep System Scan
Log date : 23:46:59 29/11/2008
Log path : C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1227989819_1_02.xml

Scan Paths:Path 0000: C:\
Path 0001: D:\
Path 0002: E:\

Scan Options:Scan for viruses : Yes
Scan for adware : Yes
Scan for spyware : Yes
Scan for applications : Yes
Scan for dialers : Yes
Scan for rootkits : Yes

Target Selection Options:Scan registry keys : Yes
Scan cookies : Yes
Scan boot sectors : Yes
Scan memory processes : Yes
Scan archives : Yes
Scan runtime packers : Yes
Scan emails : No
Scan all files : Yes
Heuristic Scan : Yes
Scanned extensions :
Excluded extensions :

Target Processing:Default action for infected objects : Disinfect
Default action for suspicious objects : None
Default action for hidden objects : None

Scan engines summaryNumber of virus signatures : 2280709
Archive plugins : 43
Email plugins : 6
Scan plugins : 12
System plugins : 5
Unpack plugins : 7

Overall scan summaryScanned items : 189660
Infected items : 10
Suspicious items : 0
Resolved items : 8
Unresolved items : 33
Password-protected items : 31
Individual viruses found : 3
Scanned directories : 6351
Scanned boot sectors : 12
Scanned archives : 1382
Input-output errors : 32
Scan time : 00:44:08
Files per second : 71

Scanned processes summaryScanned : 59
Infected : 0

Scanned registry keys summaryScanned : 1143
Infected : 0

Scanned cookies summaryScanned : 1143
Infected : 0

Remaining issues:Object Name Threat Name Final Status
C:\Documents and Settings\Asal\Desktop\bit_defender\bit defender\_action_download_sid_b0917c07442e35886e2fd1b3614b79d7~\Patch\Patch.exe Application.Keygen.BD Disinfect Failed
[System]=]HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\smss=]C:\WINDOWS\SECURITY\SMSS.EXE Trojan.Generic.1136970 Infected


Resolved issues:Object Name Threat Name Final Status
C:\System Volume Information\_restore{B6806330-5BB8-49E2-8D41-BC79994DC5D5}\RP234\A0091827.exe Trojan.Generic.1136970 Deleted
C:\System Volume Information\_restore{B6806330-5BB8-49E2-8D41-BC79994DC5D5}\RP235\A0091906.exe Trojan.Generic.1136970 Deleted
C:\System Volume Information\_restore{B6806330-5BB8-49E2-8D41-BC79994DC5D5}\RP236\A0091948.exe Trojan.Generic.1136970 Deleted
C:\System Volume Information\_restore{B6806330-5BB8-49E2-8D41-BC79994DC5D5}\RP236\A0092025.exe Trojan.Generic.1136970 Deleted
C:\System Volume Information\_restore{B6806330-5BB8-49E2-8D41-BC79994DC5D5}\RP238\A0093013.exe Trojan.Generic.1136970 Deleted
C:\System Volume Information\_restore{B6806330-5BB8-49E2-8D41-BC79994DC5D5}\RP239\A0096075.exe Trojan.Generic.1136970 Deleted
C:\System Volume Information\_restore{B6806330-5BB8-49E2-8D41-BC79994DC5D5}\RP243\A0097203.exe Trojan.Generic.1136970 Deleted
C:\WINDOWS\security\smss.exe Trojan.Generic.1136970 Deleted

Objects that were not scanned:Object Name Reason Final Status
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityInternetExplorer.zip=]sbRecovery.reg Password-protected No action was possible
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityInternetExplorer.zip=]sbRecovery.ini Password-protected No action was possible
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig709\ENU_\Data1.cab=]WebSearchENU.pdf Password-protected No action was possible
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig709\ENU_\Data1.cab=]RdrMsgENU.pdf Password-protected No action was possible
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig709\ENU_\Data1.cab=]RdrMsgSplash.pdf Password-protected No action was possible
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig709\ENU__\Data1.cab=]WebSearchENU.pdf Password-protected No action was possible
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig709\ENU__\Data1.cab=]RdrMsgENU.pdf Password-protected No action was possible
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig709\ENU__\Data1.cab=]RdrMsgSplash.pdf Password-protected No action was possible
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig709\ENU___\Data1.cab=]WebSearchENU.pdf Password-protected No action was possible
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig709\ENU___\Data1.cab=]RdrMsgENU.pdf Password-protected No action was possible
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig709\ENU___\Data1.cab=]RdrMsgSplash.pdf Password-protected No action was possible
C:\Program Files\JetAudio\jetUpdate.dat=]_TUProj.dat Password-protected No action was possible
C:\Program Files\JetAudio\jetUpdate.dat=]_TUProjDT.dat Password-protected No action was possible
C:\Program Files\JetAudio\jetUpdate.dat=]IRZip.lmd Password-protected No action was possible
C:\WINDOWS\system32\httpsurl.dat=]bpjm.txt Password-protected No action was possible
C:\WINDOWS\system32\httpsurl.dat=]NOGOPRG.INI Password-protected No action was possible
C:\WINDOWS\system32\httpsurl.dat=]nochook.ini Password-protected No action was possible
C:\WINDOWS\system32\httpsurl.dat=]chat.txt Password-protected No action was possible
C:\WINDOWS\system32\httpsurl.dat=]dating.txt Password-protected No action was possible
C:\WINDOWS\system32\httpsurl.dat=]webmail.txt Password-protected No action was possible
C:\WINDOWS\system32\httpsurl.dat=]porn.txt Password-protected No action was possible
C:\WINDOWS\system32\httpsurl.dat=]aggressive.txt Password-protected No action was possible
C:\WINDOWS\system32\httpsurl.dat=]violence.txt Password-protected No action was possible
C:\WINDOWS\system32\httpsurl.dat=]warez.txt Password-protected No action was possible
C:\WINDOWS\system32\httpsurl.dat=]hacking.txt Password-protected No action was possible
C:\WINDOWS\system32\httpsurl.dat=]gamble.txt Password-protected No action was possible
C:\WINDOWS\system32\httpsurl.dat=]games.txt Password-protected No action was possible
C:\WINDOWS\system32\httpsurl.dat=]drugs.txt Password-protected No action was possible
C:\WINDOWS\system32\httpsurl.dat=]abzocke.txt Password-protected No action was possible
C:\WINDOWS\system32\httpsurl.dat=]exclude.txt Password-protected No action was possible
C:\WINDOWS\system32\httpsurl.dat=]versioninfo.txt Password-protected No action was possible

Edited by caghan, 29 November 2008 - 03:36 PM.


#8 caghan

caghan
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 29 November 2008 - 05:44 PM

flash disinfect didnt work but i managed to isolate the file which is stored on the usb ready for extraction upon click. it is an EXE file named "xp32.exe" and got some info on it. http://www.prevx.com/filenames/11227772515.../XP322EEXE.html . it also comes attached with autorun.inf and its contents are;
[AutoRun]
open=xp32.exe
shell\open\Command=xp32.exe
shell\open\Default=1
shell\explore\Command=xp32.exe

i guess this is the reason why the program autostarts.

i am not sure but i THINK that it starts a process which then tries to connect to the internet and its named "smss.exe"(i know there is a legit smss.exe but this isnt it) anyway this is the info i got. i live in cyprus and all the computers on the island are infected with it. i really wanna teach my antivirus to detect it and delete it before it is excecuted.. thanks

#9 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 30 November 2008 - 05:38 AM

Hi,

Please delete this file if it still exist:
C:\WINDOWS\syskernel.dll

How about the problems now? :thumbsup:

#10 caghan

caghan
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  

Posted 30 November 2008 - 04:19 PM

hey its not going well. while i was looking though my start up programs with autoruns i encountered this in the first 3 mins.

Explorer.exeWindows Explorer Microsoft Corporation c:\windows\explorer.exe

i looked it up and many websites refer to it as a virus. do u think its a virus?

#11 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 01 December 2008 - 01:36 AM

Hi,

No, explorer.exe is a normal windows process.
Have you deleted the file I told you to delete? Do you still have problems? :thumbsup:

#12 caghan

caghan
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 01 December 2008 - 11:52 AM

i have deleted the file that you told me to delete then i booted in safe mode to run an ad-aware and this is the log.

Ad-Aware Build
Log File Created on: 2008-12-01 20:06:32
Using Definitions File: C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\core.aawdef
Computer name: ASAL-644656198C
Name of user performing scan: SYSTEM

System information
===========================
Number of processors: 2
Processor type: Intel® Core™2 CPU T7200 @ 2.00GHz
Memory Available: 65%
Total Physical Memory: 1072029696 Bytes
Available Physical Memory: 694366208 Bytes
Total Page File Size: 2582593536 Bytes
Available On Page File: 2324692992 Bytes
Total Virtual Memory: 2147352576 Bytes
Available Virtual Memory: 1775390720 Bytes
OS: Microsoft Windows XP Service Pack 3 (Build 2600)

Ad-Aware Settings
===========================
Skipping files larger than 1048576 kB
Ignoring infections with lower TAI than: 3


Extended Ad-Aware Settings
===========================
Unloading known modules during scan
Ignoring spanned files when scanning cab archives
Reanalyzing results after scanning before displaying results
Trying to unload modules prior to removal
Let Windows remove files currently in use at next reboot
Removing quarantined objects after restore
Deactivating Ad-Watch during scans
Writeprotecting system files after repairs
Include info about ignored objects in log file
Including basic settings in log file
Including advanced settings in log file
Including user and computer name in log file
Create and save WebUpdate log file

Databaseinfo
===========================
Version number: 143
Build Number: 1
Build Date and Time: 2008/11/28 16:54:42

Scan Statistics
===========================
Method: Full
Scan tracking cookies.............................: On
Scan ADS filestreams..............................: Off

Item Scanned: 201483
Infections Detected: 15
Infections Ignored: 0

Scan detailed statistics
===========================
Type Critical Total
Process Scan....: 0 0
Registry Scan...: 1 1
Registry PE Scan: 0 0
Hosts File Scan.: 0 0
File Scan.......: 0 0
Folder Scan.....: 0 0
LSP Scan........: 0 0
ADS Scan........: 0 0
Cookie Scan.....: 0 0
File Hash Scan..: 11 11

Infections Found
===========================
Family Id: 936 Name: Win32.Trojan.Agent Category: Malware TAI:10
Item Id: 187180 Value: File: C:\System Volume Information\_restore{B6806330-5BB8-49E2-8D41-BC79994DC5D5}\RP234\A0091829.dll
Item Id: 187180 Value: File: C:\System Volume Information\_restore{B6806330-5BB8-49E2-8D41-BC79994DC5D5}\RP235\A0091908.dll
Item Id: 187180 Value: File: C:\System Volume Information\_restore{B6806330-5BB8-49E2-8D41-BC79994DC5D5}\RP236\A0091946.dll
Item Id: 187180 Value: File: C:\System Volume Information\_restore{B6806330-5BB8-49E2-8D41-BC79994DC5D5}\RP236\A0092022.dll
Item Id: 187180 Value: File: C:\System Volume Information\_restore{B6806330-5BB8-49E2-8D41-BC79994DC5D5}\RP238\A0093012.dll
Item Id: 187180 Value: File: C:\System Volume Information\_restore{B6806330-5BB8-49E2-8D41-BC79994DC5D5}\RP239\A0096077.dll
Item Id: 187180 Value: File: C:\System Volume Information\_restore{B6806330-5BB8-49E2-8D41-BC79994DC5D5}\RP243\A0097205.dll
Item Id: 183703 Value: File: C:\System Volume Information\_restore{B6806330-5BB8-49E2-8D41-BC79994DC5D5}\RP244\A0097792.exe
Item Id: 185055 Value: File: C:\System Volume Information\_restore{B6806330-5BB8-49E2-8D41-BC79994DC5D5}\RP252\A0098431.exe
Item Id: 187180 Value: File: C:\System Volume Information\_restore{B6806330-5BB8-49E2-8D41-BC79994DC5D5}\RP263\A0104772.dll
Item Id: 35369 Value: Root: HKLM Path: SYSTEM\ControlSet001\Control\SafeBoot\Minimal\\ctl_w32.sys
Family Id: 263 Name: ContraVirus Category: Misc TAI:3
Item Id: 107188 Value: File: C:\System Volume Information\_restore{B6806330-5BB8-49E2-8D41-BC79994DC5D5}\RP244\A0097791.exe
Family Id: 9999 Name: MRU Object Category: MRU Object TAI:0
Item Id: 1 Value: MRU Path: C:\Documents and Settings\Asal\Recent Count: 1
Item Id: 2 Value: MRU Registry Key: S-1-5-21-448539723-1972579041-839522115-1003\Software\Microsoft\Search Assistant\ACMru\5603 Count: 1
Item Id: 3 Value: MRU Registry Key: S-1-5-21-448539723-1972579041-839522115-1003\Software\Microsoft\Internet Explorer\TypedURLs Count: 5

Items Ignored During Scan
===========================


Listing of running processes
===========================
C:\WINDOWS\SYSTEM32\SMSS.EXE
c:\windows\system32\smss.exe

c:\windows\system32\ntdll.dll

C:\WINDOWS\SYSTEM32\CSRSS.EXE
c:\windows\system32\csrss.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\csrsrv.dll

c:\windows\system32\basesrv.dll

c:\windows\system32\winsrv.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\sxs.dll

C:\WINDOWS\SYSTEM32\WINLOGON.EXE
c:\windows\system32\winlogon.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\authz.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\nddeapi.dll

c:\windows\system32\profmap.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\psapi.dll

c:\windows\system32\regapi.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\version.dll

c:\windows\system32\winsta.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\msgina.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\odbc32.dll

c:\windows\system32\comdlg32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\system32\odbcint.dll

c:\windows\system32\shsvcs.dll

c:\windows\system32\sfc.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\ole32.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\winmm.dll

c:\program files\superantispyware\saswinlo.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\ati2evxx.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\cscdll.dll

c:\windows\system32\wlnotify.dll

c:\windows\system32\mpr.dll

c:\windows\system32\winscard.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winspool.drv

c:\windows\system32\wgalogon.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\samlib.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\cscui.dll

c:\windows\system32\xpsp2res.dll

C:\WINDOWS\SYSTEM32\SERVICES.EXE
c:\windows\system32\services.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ncobjapi.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\scesrv.dll

c:\windows\system32\authz.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\umpnpmgr.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acadproc.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\version.dll

c:\windows\system32\eventlog.dll

c:\windows\system32\psapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\wtsapi32.dll

C:\WINDOWS\SYSTEM32\LSASS.EXE
c:\windows\system32\lsass.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\lsasrv.dll

c:\windows\system32\mpr.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\samsrv.dll

c:\windows\system32\cryptdll.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\msprivs.dll

c:\windows\system32\kerberos.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\netlogon.dll

c:\windows\system32\w32time.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\schannel.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\wdigest.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\scecli.dll

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\samlib.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\rpcss.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\rpcss.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\wshisn.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\wldap32.dll

c:\program files\bonjour\mdnsnsp.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

C:\PROGRAM FILES\LAVASOFT\AD-AWARE\AAWSERVICE.EXE
c:\program files\lavasoft\ad-aware\aawservice.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\program files\lavasoft\ad-aware\ceapi.dll

c:\windows\system32\wininet.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\program files\lavasoft\ad-aware\pkarchive85u.dll

c:\windows\system32\shell32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\psapi.dll

c:\windows\system32\version.dll

c:\windows\system32\userenv.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\rsaenh.dll

C:\WINDOWS\EXPLORER.EXE
c:\windows\explorer.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\browseui.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ole32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\shdocvw.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\cryptui.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\version.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\apphelp.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\acsignicon.dll

c:\windows\system32\winspool.drv

c:\windows\system32\cscui.dll

c:\windows\system32\cscdll.dll

c:\windows\system32\themeui.dll

c:\windows\system32\msimg32.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\msutb.dll

c:\windows\system32\msctf.dll

c:\windows\system32\linkinfo.dll

c:\windows\system32\ntshrui.dll

c:\windows\system32\atl.dll

c:\windows\system32\samlib.dll

c:\windows\system32\msi.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\psapi.dll

c:\windows\system32\netshell.dll

c:\windows\system32\credui.dll

c:\windows\system32\dot3api.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\dot3dlg.dll

c:\windows\system32\onex.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\eappcfg.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\eappprxy.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\mlang.dll

c:\program files\bitdefender\bitdefender 2009\bdfvsctx.dll

c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll

c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll

c:\windows\system32\txmlutil.dll

c:\windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll

c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80enu.dll

c:\program files\bitdefender\bitdefender 2009\enu\bdfvsctx.ui

c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll

c:\windows\system32\browselc.dll

c:\windows\system32\mpr.dll

c:\windows\system32\drprov.dll

c:\windows\system32\ntlanman.dll

c:\windows\system32\netui0.dll

c:\windows\system32\netui1.dll

c:\windows\system32\netrap.dll

c:\windows\system32\davclnt.dll

c:\windows\system32\netprovcredman.dll

c:\windows\system32\rsaenh.dll

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\samlib.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\cryptsvc.dll

c:\windows\system32\certcli.dll

c:\windows\system32\atl.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\cryptui.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\esent.dll

c:\windows\system32\dmserver.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\srsvc.dll

c:\windows\system32\powrprof.dll

c:\windows\system32\wbem\wmisvc.dll

c:\windows\system32\vssapi.dll

c:\windows\pchealth\helpctr\binaries\pchsvc.dll

c:\windows\system32\winsta.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\wbem\wbemcore.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\wbem\esscli.dll

c:\windows\system32\wbem\wbemcomn.dll

c:\windows\system32\wbem\fastprox.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\wbem\wmiutils.dll

c:\windows\system32\wbem\repdrvfs.dll

c:\windows\system32\wbem\wmiprvsd.dll

c:\windows\system32\ncobjapi.dll

c:\windows\system32\wbem\wbemess.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\wbem\ncprov.dll

c:\windows\system32\wbem\wbemcons.dll

c:\windows\system32\wtsapi32.dll

C:\PROGRAM FILES\LAVASOFT\AD-AWARE\AD-AWARE.EXE
c:\program files\lavasoft\ad-aware\ad-aware.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\secur32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ole32.dll

c:\windows\system32\version.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\comdlg32.dll

c:\program files\lavasoft\ad-aware\lavalicense.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\winmm.dll

c:\windows\system32\oleacc.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\shfolder.dll

c:\windows\system32\lpk.dll

c:\windows\system32\usp10.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\uxtheme.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\acsignicon.dll

c:\windows\system32\winspool.drv

c:\windows\system32\userenv.dll

c:\windows\system32\olepro32.dll

c:\windows\system32\rsaenh.dll

c:\program files\lavasoft\ad-aware\lavamessage.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\samlib.dll

c:\windows\system32\wldap32.dll

End of Scan Section
===========================


it also found a malware called "win32.trojan.agent" but failed to delete it. i dont know what else to do they keep appearing.

#13 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 01 December 2008 - 11:58 AM

Hi,

Where did you find that trojan?
The malware in "System Volume Information" will be cleaned at last. So don't worry about that.

#14 caghan

caghan
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 01 December 2008 - 12:25 PM

adaware did

Family Id: 936 Name: Win32.Trojan.Agent Category: Malware TAI:10

i couldnt find it myself tho so im not sure where it is.

#15 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 01 December 2008 - 12:27 PM

Hi,

Nothing to worry about. We will deal with it.
Do you still have problems?

If not, do this:
(With step 1, you delete the infections that were shown by Ad-Aware)

1. Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
2. Go to the Windows update site and download and install all available updates, so your computer is prtected against malware.

3. Read this page To prevent yourself against re-infection.

You can delete all used tools and programs. (You can keep MBAM)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users