Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.virantix.c and misleader.app solutions?


  • Please log in to reply
9 replies to this topic

#1 Fuzzyslippers

Fuzzyslippers

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 29 November 2008 - 08:40 PM

I've tried my best not to have to post, but I'm having some serious difficulty with these trojans. It seems some others on these boards have had the exact problem I'm having but no one has followed through with the thread ideas.

Some background:

I fell for the AntivirusPro2009 thing. I know, I feel so ashamed.

Anyway, through reading these boards I have taken care of AntivirusPro2009 and most of the companions it brought along with it. However, Norton keeps finding Trojan.virantix.c and Missleader.App on my computer. I can't get rid of them.

I've scanned with Malwarebytes. The last scan I did said I was clean. I've got spy bot and it said I was clean too. However, one of the online scan tools said that my Norton was compromised.

Just recently my Norton has turned itself off so I know I still have a problem.

To follow directions I'm not going to post any logs until directed to do so.

Could someone please direct me?

Thanks in advance.

BC AdBot (Login to Remove)

 


#2 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 30 November 2008 - 07:02 AM

Hi,

Welcome here. :thumbsup:

Can you please do a full scan with MalwareBytes' Anti-Malware? Post the logfile in your next reply. :flowers:

Edited by superbird, 30 November 2008 - 07:02 AM.


#3 Fuzzyslippers

Fuzzyslippers
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 30 November 2008 - 10:47 AM

Hi,

Welcome here. :thumbsup:

Can you please do a full scan with MalwareBytes' Anti-Malware? Post the logfile in your next reply. :flowers:



Malwarebytes' Anti-Malware 1.30
Database version: 1414
Windows 5.1.2600 Service Pack 3

11/30/2008 10:45:16 AM
mbam-log-2008-11-30 (10-45-16).txt

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 169276
Time elapsed: 1 hour(s), 28 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Malwarebytes and SuperAntispy do not show anything on their scans. Could my problem just be with Norton?

#4 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 30 November 2008 - 10:49 AM

Please use the Internet Explorer browser (or FireFox with IETab), and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
  • Once the files are downloaded click on Next
  • Click on Scan Settings and configure as follows:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:Scan Archives
      Scan Mail Bases
  • Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
Posted Image
Posted Image
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.

#5 Fuzzyslippers

Fuzzyslippers
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 30 November 2008 - 02:40 PM

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, November 30, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, November 30, 2008 11:19:23
Records in database: 1428490
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 129875
Threat name: 45
Infected objects: 202
Suspicious objects: 2
Duration of the scan: 03:15:05


File name / Threat name / Threats count
C:\Documents and Settings\1\.housecall6.6\Quarantine\loaderadv479.jar-22d4df3e-3e2a4e86.zip.bac_a02860 Infected: Trojan-Downloader.Java.OpenStream.c 1
C:\Documents and Settings\1\Desktop\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\1\Desktop\Unused Desktop Shortcuts\freeripmp3.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.br 1
C:\Documents and Settings\1\Local Settings\Temporary Internet Files\Content.IE5\7QWZV11Q\BinariesAVE[1].cab Infected: not-a-virus:FraudTool.Win32.AntiVirusPro.j 1
C:\Documents and Settings\1\Local Settings\Temporary Internet Files\Content.IE5\FTAP46O6\BinariesSC[1].cab Infected: not-a-virus:FraudTool.Win32.AntiVirusPro.j 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\023F5C82.zip Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\023F5C82.zip Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\023F5C82.zip Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\023F5C82.zip Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\041318C9.exe Infected: Packed.Win32.Tibs 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0782653B.exe Infected: Packed.Win32.PolyCrypt.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\079216A5.exe Infected: Trojan-Downloader.Win32.Small.cjk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\091B3E44.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09796DE5.zip Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09796DE5.zip Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09796DE5.zip Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09796DE5.zip Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09C81AE1.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A164671.EXE Infected: Trojan-Downloader.Win32.Turown.i 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A1B2B3D.tmp Infected: Trojan.Java.ClassLoader.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0AC011D0.exe Infected: not-a-virus:AdWare.Win32.Lop.ag 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B7E6760.exe Infected: Packed.Win32.Tibs 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CC06BF5.tmp Infected: Trojan-Downloader.Java.OpenStream.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D2E5620.cla Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D2E5620.zip Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D2E5620.zip Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D2E5620.zip Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D2E5620.zip Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D31001D.cla Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11D519E8.zip Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11D519E8.zip Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11D519E8.zip Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11D519E8.zip Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\127A531B.exe Infected: Trojan-Downloader.Win32.VB.afr 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1312213A.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13964875.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13997271.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\139C1C6E.exe Infected: not-a-virus:AdWare.Win32.Lop.ag 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16BA174E.htm Infected: Trojan-Downloader.VBS.Psyme.ap 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16BE414A.htm Infected: Exploit.HTML.Mht 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1785426F.htm Infected: Trojan-Downloader.VBS.Psyme.ap 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\18D24432.tmp Infected: Trojan.Java.ClassLoader.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\195556AC.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\19CA274F.dll Infected: Trojan-Proxy.Win32.Lager.aq 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1CD12636.htm Infected: Exploit.HTML.Mht 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1EA25D38.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1F095340.exe Infected: Packed.Win32.PolyCrypt.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FCA6B22.zip Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FCA6B22.zip Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FCA6B22.zip Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FCA6B22.zip Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FF772DD.cla Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FF772DD.htm Suspicious: Exploit.HTML.Mht 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21196DE4.tmp Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\211C17E1.tmp Infected: Trojan.Java.ClassLoader.h 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21F631AD.wmf Suspicious: Exploit.Win32.IMG-WMF 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\22711C1C.tmp Infected: Trojan-Dropper.Java.Beyond.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\22A23B34.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\233128BF.exe Infected: Packed.Win32.PolyCrypt.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24843CA6.dll Infected: Trojan-Proxy.Win32.Lager.aq 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\252B7E5A.tmp Infected: Trojan.Java.ClassLoader.k 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25E016B0.zip Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25E016B0.zip Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25E016B0.zip Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25E016B0.zip Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A30401F.dll Infected: Trojan-Proxy.Win32.Lager.aq 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A331937.exe Infected: Packed.Win32.PolyCrypt.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A4D39FF.dll Infected: Trojan-Proxy.Win32.Lager.aq 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2D1E3698.tmp Infected: Trojan.Java.ClassLoader.aj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2D216095.tmp Infected: Trojan.Java.ClassLoader.z 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2D240A91.tmp Infected: Trojan.Java.ClassLoader.h 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2E0A6D5F.tmp Infected: Trojan.Java.ClassLoader.z 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2E337732.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2ED76D00.zip Infected: Trojan-Downloader.Java.OpenStream.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F21096A.exe Infected: Packed.Win32.PolyCrypt.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F243366.exe Infected: Trojan-Downloader.Win32.Swizzor.fg 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31654D9B.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\32327CAE.tmp Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\326055C8.exe Infected: Trojan-Downloader.Win32.Turown.i 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\32860F63.tmp Infected: Trojan.Java.ClassLoader.ak 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\33C4705C.tmp Infected: Trojan.Java.ClassLoader.ak 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\34D127E6.exe Infected: Trojan-Downloader.Win32.Swizzor.fg 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\35171F87.exe Infected: Packed.Win32.PolyCrypt.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\355E7C9F.tmp Infected: Trojan.Java.Femad 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36294B3D.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37C76D88.htm Infected: Trojan-Downloader.VBS.Psyme.ap 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38E3241F.tmp Infected: Net-Worm.Win32.Mytob.bf 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A2E68B7.exe Infected: Trojan-Downloader.Win32.Swizzor.fg 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A935016.exe Infected: Packed.Win32.PolyCrypt.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A967A12.exe Infected: Packed.Win32.PolyCrypt.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A9A240F.exe Infected: Packed.Win32.PolyCrypt.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A9D4E0B.exe Infected: Packed.Win32.PolyCrypt.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3AA07807.exe Infected: Packed.Win32.PolyCrypt.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3AA32204.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3AA74C00.exe Infected: Packed.Win32.PolyCrypt.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3AAA75FD.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3AAD1FF9.exe Infected: Packed.Win32.PolyCrypt.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3AB049F6.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3AB473F2.exe Infected: Trojan-Downloader.Win32.Swizzor.fg 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3AB71DEE.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3ABA47EB.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3ABE71E7.exe Infected: Packed.Win32.PolyCrypt.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3AC11BE4.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3AC445E0.exe Infected: Packed.Win32.PolyCrypt.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3BDD5783.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3CD03498.cla Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3CD03498.htm Infected: Exploit.VBS.Phel.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3CD03498.zip Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3CD03498.zip Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3CD03498.zip Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3CD03498.zip Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3CD45E95.cla Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3CD70891.cla Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3CD70891.htm Infected: Exploit.VBS.Phel.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3CFE0066.htm Infected: Exploit.VBS.Phel.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3D3C1E22.htm Infected: Exploit.VBS.Phel.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3D5D41FE.htm Infected: Exploit.VBS.Phel.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3D810FD6.htm Infected: Exploit.VBS.Phel.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3D940BC1.htm Infected: Exploit.VBS.Phel.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3DB85999.htm Infected: Exploit.VBS.Phel.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E771410.tmp Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3FA67192.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\413F1418.exe Infected: Packed.Win32.PolyCrypt.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41A06603.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41BA073C.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\436A0E5B.cla Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\436A0E5B.zip Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\436A0E5B.zip Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\436A0E5B.zip Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\436A0E5B.zip Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\43E763D3.dll Infected: Trojan-Proxy.Win32.Lager.aq 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44534D3E.tmp Infected: Trojan.Java.ClassLoader.ak 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44940760.exe Infected: Packed.Win32.Tibs 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\451369CB.exe Infected: Packed.Win32.PolyCrypt.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45E0214D.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\46C6438E.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4ABC2B72.tmp Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4B1D440D.exe Infected: Trojan-Downloader.Win32.VB.cw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BC42384.tmp Infected: Trojan-Dropper.Java.Beyond.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4C5D7FDB.exe Infected: Packed.Win32.Tibs 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4D7C2862.exe Infected: Packed.Win32.Tibs 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4D7E3418.htm Infected: Exploit.HTML.Mht 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4D8F0606.htm Infected: Exploit.HTML.Mht 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DB67DDB.htm Infected: Exploit.HTML.Mht 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4F5E5008.htm Infected: Exploit.HTML.Mht 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4FF566C8.tmp Infected: Trojan.Java.ClassLoader.z 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\530A6632.tmp Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57ED1815.tmp Infected: Trojan.Java.ClassLoader.z 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59407540.exe Infected: Packed.Win32.PolyCrypt.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59D815C4.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59DB3FC1.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59DE69BD.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59E113B9.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59E113B9.vxd Infected: not-a-virus:AdWare.Win32.BargainBuddy.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59E53DB6.dll Infected: not-a-virus:AdWare.Win32.BargainBuddy.n 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59E53DB6.srg Infected: not-a-virus:AdWare.Win32.BargainBuddy.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59E867B2.dll Infected: not-a-virus:AdWare.Win32.BargainBuddy.n 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59E867B2.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B3829FF.exe Infected: not-a-virus:AdWare.Win32.Lop.ag 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C7E6029.tmp Infected: Trojan.Java.Femad 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5CB10D4F.exe Infected: Trojan-Downloader.Win32.Small.dsr 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5CDA5D34.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.n 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5DC10911.dll Infected: not-a-virus:AdWare.Win32.BargainBuddy.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5DC4330D.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.h 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5DC75D0A.exe Infected: not-a-virus:AdWare.Win32.NavExcel 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F2607F7.tmp Infected: Trojan.Java.ClassLoader.ak 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60D02EED.exe Infected: Packed.Win32.PolyCrypt.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\619703A5.htm Infected: Exploit.HTML.Mht 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61B15388.zip Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61B15388.zip Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61B15388.zip Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61B15388.zip Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61D52161.htm Infected: Exploit.HTML.Mht 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61D75621.exe Infected: Trojan-Downloader.Win32.Small.atl 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61DB56AE.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b 2
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61DB56AE.cab Infected: not-a-virus:AdWare.Win32.NavExcel 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61E12AA7.tmp Infected: not-a-virus:AdWare.Win32.BargainBuddy.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\646B3B37.exe Infected: Packed.Win32.PolyCrypt.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\67CC6E44.tmp Infected: Trojan.Java.ClassLoader.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\686B1933.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\69385E8E.tmp Infected: Trojan.Java.ClassLoader.h 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\697E7D4E.tmp Infected: Email-Worm.Win32.Warezov.fh 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\69B9710E.tmp Infected: Email-Worm.Win32.Warezov.fh 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F1152E5.exe Infected: Packed.Win32.PolyCrypt.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\710B4755.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\72072767.tmp Infected: Trojan-Downloader.Win32.CWS.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\72C96CFC.tmp Infected: Trojan.Java.ClassLoader.z 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\73FB5532.dll Infected: not-a-virus:AdWare.Win32.BargainBuddy.l 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74693F2F.tmp Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\76157984.exe Infected: Trojan-Downloader.Win32.Agent.ac 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\774918DC.exe Infected: Packed.Win32.Tibs 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\788163BD.htm Infected: Exploit.HTML.Mht 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\79FA42B0.tmp Infected: Trojan.Java.ClassLoader.ak 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A692F49.cla Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A6C5945.cla Infected: Trojan.Java.ClassLoader.Dummy.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A6C5945.htm Infected: Trojan.JS.Seeker 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A9905E5.exe Infected: Packed.Win32.PolyCrypt.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7AA57CF4.dll Infected: not-a-virus:AdWare.Win32.NavExcel.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7AD51B61.dll Infected: Trojan-Proxy.Win32.Lager.aq 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7BF1293C.exe Infected: not-a-virus:AdWare.Win32.Lop.bb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D5176DC.exe Infected: Packed.Win32.PolyCrypt.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D6C49E6.tmp Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E8A6F3F.tmp Infected: Exploit.Java.ByteVerify 1

The selected area was scanned.

#6 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 30 November 2008 - 02:44 PM

Hi,

First, start Norton Antivirus and delete everything in the virus vault.

Then, open Notepad.
Copy this in the Notepad-file:

@ECHO OFF
IF EXIST log.txt DEL log.txt
ECHO Deleting files>>log.txt
FOR %%g in (
"C:\Documents and Settings\1\.housecall6.6\Quarantine\loaderadv479.jar-22d4df3e-3e2a4e86.zip.bac_a02860"
"C:\Documents and Settings\1\Desktop\SmitfraudFix.exe"
"C:\Documents and Settings\1\Desktop\Unused Desktop Shortcuts\freeripmp3.exe"
"C:\Documents and Settings\1\Local Settings\Temporary Internet Files\Content.IE5\7QWZV11Q\BinariesAVE[1].cab"
"C:\Documents and Settings\1\Local Settings\Temporary Internet Files\Content.IE5\FTAP46O6\BinariesSC[1].cab") DO (
IF EXIST %%g (
ATTRIB -r -s -h %%g
DEL %%g
IF EXIST %%g (
ECHO %%g not deleted>>log.txt
) ELSE (
ECHO %%g deleted>>log.txt)
) ELSE (
ECHO %%g not found>>log.txt))
START NOTEPAD.EXE log.txt

Go to File - Save as...
Fill in the next values:
Location: Desktop
File name: del.bat
File type: All files (*.*).
Now, click Save.
Doubleclick del.bat.
Post the contents of the logfile that opens in your next reply.


Do you still have any problems? :thumbsup:

#7 Fuzzyslippers

Fuzzyslippers
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 30 November 2008 - 03:23 PM

"C:\Documents and Settings\1\.housecall6.6\Quarantine\loaderadv479.jar-22d4df3e-3e2a4e86.zip.bac_a02860" deleted
"C:\Documents and Settings\1\Desktop\SmitfraudFix.exe" deleted
"C:\Documents and Settings\1\Desktop\Unused Desktop Shortcuts\freeripmp3.exe" deleted
"C:\Documents and Settings\1\Local Settings\Temporary Internet Files\Content.IE5\7QWZV11Q\BinariesAVE[1].cab" deleted
"C:\Documents and Settings\1\Local Settings\Temporary Internet Files\Content.IE5\FTAP46O6\BinariesSC[1].cab" deleted


That appears to have taken care of the rest of the problems.

I appreciate this so much.

#8 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 30 November 2008 - 03:25 PM

Hi,

You can delete del.bat.
Do you still have problems? :thumbsup:

#9 Fuzzyslippers

Fuzzyslippers
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 30 November 2008 - 03:32 PM

No.

I'm finally virus/spyware free.

Thanks again.

#10 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 30 November 2008 - 03:46 PM

Hi,

Everything looks clean again. :thumbsup:
Do this:

1. Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
2. Go to the Windows update site and download and install all available updates, so your computer is prtected against malware.

3. Read this page To prevent yourself against re-infection.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users